diff --git a/README.md b/README.md
index 7f9db32..553a57f 100755
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
# Malwoverview
-[
](https://github.com/alexandreborges/malwoverview/releases/tag/v6.1.0) [
](https://github.com/alexandreborges/malwoverview/releases) [
](https://github.com/alexandreborges/malwoverview/releases) [
](https://github.com/alexandreborges/malwoverview/blob/master/LICENSE)
+[](https://github.com/alexandreborges/malwoverview/releases/tag/v6.1.1) [](https://github.com/alexandreborges/malwoverview/releases) [](https://github.com/alexandreborges/malwoverview/releases) [](https://github.com/alexandreborges/malwoverview/blob/master/LICENSE)
[
](https://github.com/alexandreborges/malwoverview/stargazers)
[
](https://twitter.com/ale_sp_brazil)
[
](https://pypistats.org/packages/malwoverview)
@@ -55,6 +55,8 @@
+
+
Copyright (C) 2018-2025 Alexandre Borges (https://exploitreversing.com)
@@ -71,7 +73,7 @@
See GNU Public License on .
-## Current Version: 6.1.0
+## Current Version: 6.1.1
Important note: Malwoverview does NOT submit samples to any endpoint by default,
so it respects possible Non-Disclosure Agreements (NDAs). There're specific options
@@ -87,17 +89,17 @@ from several endpoints. In few words, it works as a client to main existing sand
This tool aims to :
-1. Determine similar executable malware samples (PE/PE+) according to the import table (imphash) and group
- them by different colors (pay attention to the second column from output). Thus, colors matter!
-2. Show hash information on Virus Total, Hybrid Analysis, Malshare, Polyswarm, URLhaus, Alien Vault,
- Malpedia and ThreatCrowd engines.
-3. Determining whether the malware samples contain overlay and, if you want, extract it.
-4. Check suspect files on Virus Total, Hybrid Analysis and Polyswarm.
-5. Check URLs on Virus Total, Malshare, Polyswarm, URLhaus engines and Alien Vault.
-6. Download malware samples from Hybrid Analysis, Malshare, URLHaus, Polyswarm and Malpedia engines.
-7. Submit malware samples to VirusTotal, Hybrid Analysis and Polyswarm.
-8. List last suspected URLs from URLHaus.
-9. List last payloads from URLHaus.
+01. Determine similar executable malware samples (PE/PE+) according to the import table (imphash) and group
+ them by different colors (pay attention to the second column from output). Thus, colors matter!
+02. Show hash information on Virus Total, Hybrid Analysis, Malshare, Polyswarm, URLhaus, Alien Vault,
+ Malpedia and ThreatCrowd engines.
+03. Determining whether the malware samples contain overlay and, if you want, extract it.
+04. Check suspect files on Virus Total, Hybrid Analysis and Polyswarm.
+05. Check URLs on Virus Total, Malshare, Polyswarm, URLhaus engines and Alien Vault.
+06. Download malware samples from Hybrid Analysis, Malshare, URLHaus, Polyswarm and Malpedia engines.
+07. Submit malware samples to VirusTotal, Hybrid Analysis and Polyswarm.
+08. List last suspected URLs from URLHaus.
+09. List last payloads from URLHaus.
10. Search for specific payloads on the Malshare.
11. Search for similar payloads (PE32/PE32+) on Polyswarm engine.
12. Classify all files in a directory searching information on Virus Total and Hybrid Analysis.
@@ -128,9 +130,9 @@ This tool aims to :
## CONTRIBUTORS
- Alexandre Borges (project owner)
- Artur Marzano (https://github.com/Macmod)
- Corey Forman (https://github.com/digitalsleuth)
+ Alexandre Borges (https://github.com/alexandreborges) | project owner and main developer
+ Artur Marzano (https://github.com/Macmod) | co-main developer
+ Corey Forman (https://github.com/digitalsleuth) | responsible for REMnux integration
Christian Clauss (https://github.com/cclauss)
## HOW TO CONTRIBUTE TO THIS PROJECT
@@ -174,22 +176,30 @@ AFTER having installed Malwoverview:
* python-magic is NOT installed. (pip show python-magic)
* python-magic-bin IS installed. (pip show python-magic-bin)
-
-To use Malwoverview you should insert VirusTotal, Hybrid Analysis, URLHaus, Malshare, Polyswarm,
-Alien Vault, Malpedia and Triage into the .malwapi.conf configuration file
-(the default one at the home directory (/home/[username] or /root) -- if the file doesn't exist,
-so you should create it) or you could create a custom configuration file and indicate it by
+
+#### Note: It is recommended to save the .malwapi.conf before any update!
+
+
+## REQUIRED APIs
+
+Malwoverview does not require to insert all APIs anymore. Therefore, professionals can
+us it without having registered such APIs. Obviously, to use certain options is necessary to
+add respective API into .malwapi.conf file, whose format is shown below.
+
+To use all options of Malwoverview you must insert respective API of the following services:
+VirusTotal, Hybrid Analysis, URLHaus, Malshare, Polyswarm, Alien Vault, Malpedia, Triage,
+InQuest, Virus Exchange and APInfo into the .malwapi.conf configuration file, which must be present
+(or created) in the home directory (/home/[username] or /root on Linux, and C:\Users\[username]
+on Windows. Alternatively, users could create a custom configuration file and indicate it by
using the -c option.
-Nonetheless, starting on version 4.4.2, it isn't longer necessary to insert all APIs into
-.malwapi.conf file before using Malwoverview. Therefore, users can only insert few APIs
-and use the respective options to these APIs.
+To highlight: if the .malwapi.conf file does not exist in your home directory, so you must
+create it!
* A special note about the Alien Vault: it is necessary to subscribe to pulses on Alien Vault
website before using -n 1 option.
-The .malwapi.conf configuration file (from the the home directory -- /home/[username] or /root)
-has the following format:
+The .malwapi.conf configuration file has the following format:
[VIRUSTOTAL]
VTAPI =
@@ -243,6 +253,7 @@ The APIs can be requested on the respective service websites:
13. IPInfo: https://ipinfo.io/
14. BGPView: ihttps://bgpview.docs.apiary.io/
+
----------------------------------------------------
A special note about API requests to the MALPEDIA:
----------------------------------------------------
@@ -254,7 +265,6 @@ you provided further information about you (LinkedIn account, Twitter and so on)
because it would make simpler to proof your identity, professional profile and
legitimacy, so making quicker the approval of your request.
------------------------------------------------------
----------------------------------------------------
Additional explanation about Triage:
@@ -265,7 +275,6 @@ use the "-x 1 -X \:\" to search for the correct ID of the ar
so use this ID information with the remaining Triage options (-x [2-7]) for getting
further threat hunting information from Triage endpoint.
------------------------------------------------------
----------------------------------------------------
Note about background color of the terminal:
@@ -278,8 +287,6 @@ light background.
-----------------------------------------------------
-On Linux and MacOS systems, create the .malwapi.conf file within
-/home/\[username\] directory (Linux home user directory -- /home/[username] or /root).
To check the installation, execute:
@@ -291,11 +298,12 @@ Further information is available on:
(Github) https://github.com/alexandreborges/malwoverview
If you want to perform the manual installation (it is not usually necessary), so few steps
-should be executed:
+should be executed, as shown in the next sub-section.
+
## MANUAL INSTALLATION (REMnux and Ubuntu)
-1. Python version 3.8 or later (Only Python 3.x !!! It does NOT work using Python 2.7)
+1. Python version 3.11 or later (Only Python 3.x !!! It does NOT work using Python 2.7)
$ apt-get install python3.11 (for example)
@@ -779,6 +787,13 @@ Malwoverview is a first response tool for threat hunting written by Alexandre Bo
## HISTORY
+Version 6.1.1:
+
+ This version:
+
+ * Modifies the code to not require to registers all APIs at the first usage.
+ * Add a new section in the README (this file) about required APIs.
+
Version 6.1.0:
This version:
diff --git a/malwoverview/malwoverview.py b/malwoverview/malwoverview.py
index 0a24ea0..49c4990 100755
--- a/malwoverview/malwoverview.py
+++ b/malwoverview/malwoverview.py
@@ -21,7 +21,7 @@
# Christian Clauss (https://github.com/cclauss)
# Artur Marzano (https://github.com/Macmod)
-# Malwoverview.py: version 6.1.0
+# Malwoverview.py: version 6.1.1
import os
import argparse
@@ -56,7 +56,7 @@
__author__ = "Alexandre Borges"
__copyright__ = "Copyright 2018-2025, Alexandre Borges"
__license__ = "GNU General Public License v3.0"
-__version__ = "6.1.0"
+__version__ = "6.1.1"
__email__ = "reverseexploit at proton.me"
def finish_hook(signum, frame):
@@ -115,17 +115,24 @@ def main():
config_file = configparser.ConfigParser()
config_file.read(args.config)
config_dict = config_file
- VTAPI = config_dict.get('VIRUSTOTAL', 'VTAPI')
- HAAPI = config_dict.get('HYBRID-ANALYSIS', 'HAAPI')
- MALSHAREAPI = config_dict.get('MALSHARE', 'MALSHAREAPI')
- HAUSSUBMITAPI = config_dict.get('HAUSSUBMIT', 'HAUSSUBMITAPI')
- POLYAPI = config_dict.get('POLYSWARM', 'POLYAPI')
- ALIENAPI = config_dict.get('ALIENVAULT', 'ALIENAPI')
- MALPEDIAAPI = config_dict.get('MALPEDIA', 'MALPEDIAAPI')
- TRIAGEAPI = config_dict.get('TRIAGE', 'TRIAGEAPI')
- INQUESTAPI = config_dict.get('INQUEST', 'INQUESTAPI')
- VXAPI = config_dict.get('VIRUSEXCHANGE', 'VXAPI')
- IPINFOAPI = config_dict.get('IPINFO', 'IPINFOAPI')
+
+ def getoption(section, name):
+ if config_dict.has_option(section,name):
+ return config_dict.get(section,name)
+ else:
+ return ''
+
+ VTAPI = getoption('VIRUSTOTAL', 'VTAPI')
+ HAAPI = getoption('HYBRID-ANALYSIS', 'HAAPI')
+ MALSHAREAPI = getoption('MALSHARE', 'MALSHAREAPI')
+ HAUSSUBMITAPI = getoption('HAUSSUBMIT', 'HAUSSUBMITAPI')
+ POLYAPI = getoption('POLYSWARM', 'POLYAPI')
+ ALIENAPI = getoption('ALIENVAULT', 'ALIENAPI')
+ MALPEDIAAPI = getoption('MALPEDIA', 'MALPEDIAAPI')
+ TRIAGEAPI = getoption('TRIAGE', 'TRIAGEAPI')
+ INQUESTAPI = getoption('INQUEST', 'INQUESTAPI')
+ VXAPI = getoption('VIRUSEXCHANGE', 'VXAPI')
+ IPINFOAPI = getoption('IPINFO', 'IPINFOAPI')
optval = range(2)
optval1 = range(3)
@@ -194,7 +201,10 @@ def main():
args.backg not in optval,
args.malsharelist not in optval8,
args.virustotaloption not in optval9,
- args.vtpubpremium not in optval
+ args.vtpubpremium not in optval,
+ args.vxoption not in optval1,
+ args.ipoption not in optval4,
+ args.androidoption not in optval5
]
MIN_OPTIONS = [
diff --git a/malwoverview/modules/ipinfo.py b/malwoverview/modules/ipinfo.py
index 8f5ffeb..35d604d 100644
--- a/malwoverview/modules/ipinfo.py
+++ b/malwoverview/modules/ipinfo.py
@@ -1,16 +1,19 @@
import malwoverview.modules.configvars as cv
-from malwoverview.utils.colors import mycolors
+from malwoverview.utils.colors import mycolors, printc
import requests
class IPInfoExtractor:
def __init__(self, IPINFOAPI):
self.IPINFOAPI = IPINFOAPI
+ """
+ IPInfo API can be used anonymously up to 1000 requests per day
def requestIPINFOAPI(self):
- if self.IPINFOAPI == '':
- print(mycolors.foreground.red + "\nTo use IPInfo.io services, you must create the .malwapi.conf file under your user home directory (on Linux is $HOME\\.malwapi.conf and on Windows is in C:\\Users\\[username]\\.malwapi.conf) and insert the IPInfo API key according to the format shown on the Github website." + mycolors.reset + "\n")
- exit(1)
-
+ if self.IPINFOAPI == '':
+ print(mycolors.foreground.red + "\nTo use IPInfo.io services, you must create the .malwapi.conf file under your user home directory (on Linux is $HOME\\.malwapi.conf and on Windows is in C:\\Users\\[username]\\.malwapi.conf) and insert the IPInfo API key according to the format shown on the Github website." + mycolors.reset + "\n")
+ exit(1)
+ """
+
def _raw_ip_info(self, ip_address):
url = f"https://ipinfo.io/{ip_address}?token={self.IPINFOAPI}"
@@ -21,7 +24,7 @@ def _raw_ip_info(self, ip_address):
return {'error': e}
def get_ip_details(self, ip_address):
- self.requestIPINFOAPI()
+# self.requestIPINFOAPI()
data = self._raw_ip_info(ip_address)
diff --git a/malwoverview/modules/multipleip.py b/malwoverview/modules/multipleip.py
index c43e40c..f6d7786 100644
--- a/malwoverview/modules/multipleip.py
+++ b/malwoverview/modules/multipleip.py
@@ -1,4 +1,4 @@
-from malwoverview.utils.colors import mycolors, printr
+from malwoverview.utils.colors import mycolors, printr, printc
import malwoverview.modules.configvars as cv
class MultipleIPExtractor:
@@ -6,6 +6,10 @@ def __init__(self, extractors):
self.extractors = extractors
def get_multiple_ip_details(self, ip_address):
+ if ip_address is None:
+ printc("A valid IP address is required.", mycolors.foreground.error(cv.bkg))
+ return
+
for extractor in self.extractors:
extractor_obj = self.extractors[extractor]
if extractor == "IPInfo":
diff --git a/pictures/picture_49.jpg b/pictures/picture_49.jpg
new file mode 100755
index 0000000..c60f5ef
Binary files /dev/null and b/pictures/picture_49.jpg differ
diff --git a/pictures/picture_50.jpg b/pictures/picture_50.jpg
new file mode 100755
index 0000000..0f4fe9a
Binary files /dev/null and b/pictures/picture_50.jpg differ
diff --git a/setup.py b/setup.py
index 09a0796..f6c57dc 100644
--- a/setup.py
+++ b/setup.py
@@ -11,7 +11,7 @@
setup(
name="malwoverview",
- version="6.1.0",
+ version="6.1.1",
author="Alexandre Borges",
author_email="reverseexploit@proton.me",
license="GNU GPL v3.0",