Hello. I’m reviewing your code and i really like the idea. The score based using strings is good (maybe it scans for functions and API name (maybe i’m misunderstanding). I’m having some ideas for your project:
- You should name your modules using snake syntax. Python is using pep8 and well it is easier to read (not neccessary. Just reader friendly)
- Use file format as modules instead of platform. I mean instead of linAnalysis for Linux, you can name
ELF for ELF executable files
- In hash section, you should try
import hash and support section hashing.
- Think about analysis scripting languages.
- If you define database as a module of python, you can use the trick
import <module> and do
module.__path__ instead of hardcoded
I also suggest you to join
detect-it-easy project at
https://github.com/horsicq/DIE-engine. There are some features are already in this project and your other features like hash scan, score based scan will be useful. You can also join ClamAV discord server and work with the dev team. They are very cool and friendly and i’m sure score-based detection will be really cool.
For package it to Parrot OS, i’ll be honest i don’t really want to add it for now. Please don’t get me wrong, i really love the features of the project but:
- It is better for project to have a
setup.py which is easier to package everything.
- As the
5 above, it is easier to work and maintain the database
- As i suggested, Parrot now is having
detect-it-easy on repository so i prefer a framework that does things instead of multiple tools.
Parrot Team is having and idea to create single tool that can detect common malwares in system, replace
rkhunter which mostly check file exists instead of actual check malware signatures so I think we can work with each other in future using your idea.