Six Python tools useful for identify and analyse malware

Python is a very used scripting language in the field of computer forensics and malware analysis.

Today, we look at some of the tools developed in this scripting language that are useful in the analysis of malicious programs.

pyew

A command line tool to analyse malware, developed by Joxean Koret.

It does have support for hexadecimal viewing and disassembly PE and ELF file formats , follows direct call/jmp instructions in the interactive command line, displays function names and string data references.

It also supports plugins to add more features.

joxeankoret/pyew

pyew — Official repository for Pyew.github.com

Exefilter

Open-source tool and python framework to filter file formats in e-mails, web pages or files.

Detects many common file formats and can remove active content.

[**ExeFilter — an open-source tool and framework to filter files and active content Decalage**

ExeFilter is an open-source tool and framework to improve protection against malicious active content in files. It has…www.decalage.info](http://www.decalage.info/exefilter)

jsunpack-n

A generic JavaScript unpacker: emulates browser functionality to detect exploits that target browser and browser plug-in vulnerabilities.

urule99/jsunpack-n

Automatically exported from code.google.com/p/jsunpack-ngithub.com

yara-python

A library that allows using YARA in Python programs.

It covers all YARA’s features, from compiling, saving and loading rules to scanning files, strings and processes.

[VirusTotal/yara-python

yara-python — The Python interface for YARAgithub.com](https://github.com/VirusTotal/yara-python)

phoneyc

A ‘pure python’ honeyclient implementation that allows to give insights into malicious web sites, including the exploits on the page and their consequences.

honeynet/phoneyc

Contribute to phoneyc development by creating an account on GitHub.github.com

pyClamd

A python interface to Clamd (ClamAV antivirus daemon) useful to add virus detection capabilities to python software.

The software is currently developed and maintained by Alexandre Norman.

pyClamd : Clamav with python

pyClamd : using Clamav with pythonxael.org

References

[Violent Python: A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security…

Scopri Violent Python: A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers di TJ O…www.amazon.it](https://www.amazon.it/Violent-Python-Cookbook-Penetration-Engineers/dp/1597499579/ref=as_li_ss_tl?_encoding=UTF8&psc=1&refRID=VW44J98HG5MCCCGAKNB2&linkCode=ll1&tag=t0601-21&linkId=3f44809871682fb5c03c88ae7352e602)