MalwareDB
Inspired by VXCage, MalwareDB is a malware database which does all the book-keeping regarding malware/goodware samples: hashes, origination, similarity, file types, and more. It's intention is to help malware/cybersecurity researchers, forensic investigators, and others who have a need to handle malware, or other files of potentially unknown origin. This is very much a work in progress and alpha-quality project at present.
Key Features:
- Store malware samples
- Categorize malware
- Fetch malware
- Search based on file similarity (requires the Postgres plugins mentioned below)
- Plugin architecture for added functionality, with a PDF plugin provided as an example.
Requirements:
- Postgres database server
- Go
- Optional:
- SDHash
- Postgres plugins enabling searches by file similarity:
Status
At present, this is a minimum viable product as not all features are currently implemented. Future updates will likely change the database schema, API, etc. But it's suitable for testing.
Future
- Planned features:
- Web interface as a separate application
- GUI applications
- API libraries in C, C++, Python, Java
- Plugins for analytics
- Potential features:
- Swift framework & GUI for macOS.
- File storage backends for HDFS, S3, others.