A toolset to help identify malware in Python projects.
Project description
A toolset to identify malware in Python projects.
Overview
The badsnakes project is a CPython library and command line utility which plugs the gap in malware analysis for Python-based malware by employing code and syntax analysis, searching for various patterns and techniques used by threat actors.
After a Python module is analysed, a report can be generated showing the module's 'classification' as OK, SUSPECT or DANGEROUS. If run in verbose mode, each offending statement is displayed to the terminal, along with the reason for the classification. Additionally, all SUSPECT and DANGEROUS statements can be written to a log file for further inspection and analysis.
Note: This tool will flag false-positives, as we feel it's better to fail-safe.
Many lower-level libraries use similar techniques to threat actors by leveraging the inner-workings of the Python language beyond PEP-oriented or production-style code. As such, this is an advisory system designed to highlight statements which may be considered suspect, and worth investigating further. This is not designed to be a GO / NO-GO system.
The Toolset
The current toolset enables malware inspection from the following input sources, either as a library, to be imported and wrapped by your own project(s), or as a command line utility.
- Directory search
- Single or multiple Python modules
- Single or multiple Python wheels
For descriptive usage, please refer to the Using the Library or From the Command Line sections.
Installation
Likely, the easiest way to install badsnakes is using pip after activating your virtual environment::
pip install badsnakes
This will install both the library and the command line utility.
Additional (older) releases can be found either at PyPI in GitHub Releases.
Using the Library
The documentation suite contains detailed explanation and example usage for each of the library's importable modules. For detailed documentation, usage examples and links the source code itself, please refer to the Library API Documentation section of the documentation.
From the Command Line
In addition to being an importable library, badsnakes is also a command line utility, capable of analysing, reporting and logging the following input types:
- Directories
- Single or multiple Python modules
- Single or multiple Python wheels
To call up the help menu, simply type:
$ badsnakes --help
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file badsnakes-0.2.0.tar.gz.
File metadata
- Download URL: badsnakes-0.2.0.tar.gz
- Upload date:
- Size: 8.5 MB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.0.1 CPython/3.12.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
96262b90de180dee760e7bdbe2e8b32c29a6ed7a2d3fbdb92838adfe4ad476e2
|
|
| MD5 |
c57d63916851fd46c15780015eec4846
|
|
| BLAKE2b-256 |
b6813604efc28b07c0e67118194b565ae471b305f5204d0f1914db5e41def68c
|
File details
Details for the file badsnakes-0.2.0-py3-none-any.whl.
File metadata
- Download URL: badsnakes-0.2.0-py3-none-any.whl
- Upload date:
- Size: 54.6 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.0.1 CPython/3.12.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
365918925b172d5185a5805ec205001af547105a23a3095825424ccaf62f71d9
|
|
| MD5 |
ea2fef0e2563fcd76dea34d85536554d
|
|
| BLAKE2b-256 |
3557c3e2a3010c02f0afff8dec314e4ba3a4e932f812d0f8388ebaaef850afd5
|
