Inhale: Malware Analysis and Classification Tool

CyberPunk Vulnerability Analysis
Inhale: Malware Analysis and Classification Tool

Static analysis of malware can now be easily automated and scaled with Inhale. This tool allows the user to automatically separate malware into different categories depending on their characteristics and see the different properties of the malware being analyzed.

Inhale: Malware Inhaler

Inhale allows the user to rapidly find, classify and store information of a large number of malware files. The user can setup a custom database of malware and add to it easily while also giving them different classifications depending on their properties. Malware can easily be downloaded from internet directories and be included in the database. Inhale extracts a large information from the malware resulting in more than 30 unique properties such as binary format, target OS and the language of the source code.

Features:

  • Collect malware from diverse sources
  • Analyze malware and extract more than 30 unique properties
  • Easy to set up and use on a range of systems from research servers to Raspberry Pi
  • Currently the beta version is available
Intesresting in building your own Raspberry Pi GUI? Check this useful article for details and steps.

Future Features:

– Re-doing the bot plugin for Discord / Matrix
– Additional binary analysis features – pulling import/export tables, hashing of specific structures in the header, logging all strings etc.
– Checking if the file is the database before adding. This feature was removed previously due to specific issues with older versions of ES.
– Configuration options for requests such as: user agent, timeout, proxy etc.
– Dockerization of this entire project.

Supported Platforms:

  • Linux

Requirements:

  • Python 3+
  • ElasticSearch
  • Radare2
  • Yara
  • binwalk

Install Prerequisites

Basic steps on installing the prerequisites. You are probably going to encounter some issue during installations, so make sure you check official website for each tool for further details and steps.

Install ElasticSearch (Debian)

$ wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add - 
$ sudo apt-get install apt-transport-https 
$ echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-7.x.list 
$ sudo apt-get update && sudo apt-get install elasticsearch 
$ sudo service elasticsearch start

Install radare2

$ git clone https://github.com/radare/radare2 
$ cd radare2 
$ sys/install.sh

binwalk basic installation

$ git clone https://github.com/ReFirmLabs/binwalk
$ cd binwalk
$ sudo python3 setup.py install

Installing Yara

$ sudo apt-get install automake libtool make gcc $ wget https://github.com/VirusTotal/yara/archive/v3.10.0.tar.gz $ tar xvzf v3.10.0.tar.gz $ cd yara-3.10.0/ $ ./bootstrap.sh $ ./configure $ make $ sudo make install

Inhale Install

After installing the prerequisites tools/software, clone the GitHub repo:

$ git clone https://github.com/netspooky/inhale.git

Navigate to the working directory and install the requirements:

$ cd inhale
$ python3 -m pip install -r requirements.txt

Inhale Usage

Enter the following command: 

$ python3 inhale.py

Available options:

-f infile
-d directory
-u url
-r recursive url
-t TAGS        Additional Tags
-b             Turn off binwalk signatures with this flag
-y YARARULES   Custom Yara Rules
-o OUTDIR      Store scraped files in specific output dir (default:./files//)
-i             Just print info, don't add files to database

Click on the “documentation” button below for more information on usage examples.

Documentation Box
Download Box
linuxPythonStatic AnalysisVulnerabilities