badfiles
A malicious file detection engine written with Python and Yara.
- Free software: Apache-2.0
- Documentation: https://jeffallan.github.io/badfiles/
Introduction
At some point most applications need to accept files from a third party. Since we do not have absolute control over these files they can present a serious threat vector.
The aim of this project is to provide a flexible and expandable solution to triage these files so they can be handled accordingly.
Features
Currently, this project focuses on detecting the following:
Generally Suspicious Files:
CSV Files
Office Documents
Zip Files
Tar Files
Additional Features
Please file an issue or a pull request especially if you have found or created malicious files that bypass these detection mechanisms. Please see the contributing guidelines for more details.
Getting Started
Usage
Credits
This package was created with This Cookiecutter template.
This project uses zip-bomb to create the nested and flat zip bombs for unit testing and detection rules.
This project uses a custom Yara rule from Reversing Labs to detect obfuscated CSV injection payloads.