Skip to main content

A tool used to benchmark antivirus solutions against real-world malware samples.

Project description

Malbench

Malbench is a command-line tool for testing and evaluating the effectiveness of malware detection tools (such as antivirus solutions). It does this by running a set of malware samples, and checking if the malware is flagged by the detection tool we are evaluating. Malbench is built to be modular and configurable, so it can be customized to meet the specific needs of different users and environments. Malbench Terminal Demo

About

Disclaimer

⚠ WARNING: Malbench is a tool for testing antivirus software against real-world malware samples. While it does not contain any malware on its own, it is designed to run malware samples provided by the user. Use Malbench only in secure and isolated environments that you are authorized in doing so. Do not use Malbench on a computer or network that contains sensitive information or data that you are not willing to lose and/or become compromised. By using Malbench, you acknowledge the risks and assume full responsibility for any damages that may result.

ℹ️ NOTE: As stated above: Malbench does not come with any malicious code installed. It is the user's responsibility to provide their own samples for testing purposes. This is to ensure that Malbench is used responsibly and ethically, and that users have control over the types of malware being tested.

Why Use Malbench

Malware detection tools are an essential component of any computer security strategy, but they are not foolproof. New techniques and methods are constantly being developed to evade detection. It is important to regularly test and evaluate the effectiveness of detection tools to ensure that we are keeping up with these evolving threats.

With all the different features and algorithms of modern antivirus solutions, it can be hard to find practical and objective results on what-all they defend against. Malbench can be leveraged to bulk-test known malware samples against antivirus solutions to deliver real and practical results. This is done by automatically launching multiple malware payloads on a system and seeing what samples are detected and which ones were evaded. With Malbench, users can customize their testing to meet their specific needs, selecting the malware samples they want to run, and the duration of a test.

How Antivirus is Benchmarked

Malbench launches each malware sample selected by the user and monitors its execution. If the sample completes without error, it is flagged as UNDETECTED. If the sample is terminated with an error code, it is flagged as DETECTED, indicating that it was killed by the antivirus solution. If the sample is still running after a designated time (defaults to 2 seconds), Malbench forcibly kills the program and flags it as UNDETECTED, as the antivirus solution did not detect it in time.

After each sample is run, Malbench displays the detection rate. The detection rate is a percentage representing the amount of samples the antivirus successfully defended against.

$$ \text{Detection rate} = \frac{\text{Number of samples flagged as detected}}{\text{Total number of samples}} \times 100% $$

Installation

To install Malbench for general use, follow these simple steps:

  1. Ensure that the following is installed on your system: Python 3.8.1+, and PIP (included with most Python installations).
  2. Install Malbench via pip by running the following command:
    pip install malbench
    
  3. Confirm that Malbench has been installed:
    malbench --version
    

If you are interested in installing Malbench for development, take a look at the CONTRIBUTING.md file.

Usage

To use Malbench, simply run the following command inside your virtual environment:

python -m malbench /path/to/malware

Replace /path/to/malware with your path argument. The path argument should be the path to the malware samples you want to test. This can be either a single file or a folder containing multiple files. Only executable files will be ran by Malbench.

By default, Malbench will show a banner when it starts, and will prompt you to confirm that you understand the risks involved before running the malware samples. You can disable the banner using the --no-banner flag, and disable the confirmation prompt using the --no-warning flag (as seen in the demo).

Malware samples are run one by one, and Malbench will wait for each sample to be stopped by the detection software or reach the specified 2 second timeout before moving on to the next sample. This timeout can be changed with the --timeout flag. If a sample completes successfully, Malbench will print a red message with a [-] prefix, indicating it wasn't stopped by the detection software. If a sample has to be forcibly terminated by the detection software, Malbench will print a green message with a [+] prefix, indicating is was successfully detected and stopped.

A full list of arguments to use with Malbench are below. This can be displayed with --help.

usage: malbench [-h] [-v] [-t TIMEOUT] [-nB] [-nW] [-d] path

positional arguments:
  path                  file or folder path of malware executables

options:
  -h, --help            show this help message and exit
  -v, --version         shows malbench version number and exits
  -t TIMEOUT, --timeout TIMEOUT
                        malware TTL before being marked as failure (2 default)
  -nC, --no-color       disables colored output
  -nB, --no-banner      hides the banner logo
  -nW, --no-warning     bypasses user confirmation before running
  -d, --dev             enables stack tracing

Contributing

Contributions to Malbench are welcomed! If you'd like to contribute, please read our CONTRIBUTING.md to get started.

License

This project is licensed under the GNU General Public License. See the LICENSE.md file for details.

Credits

Malbench was created by Gavin Youker.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

malbench-0.4.0.tar.gz (24.7 kB view details)

Uploaded Source

Built Distribution

malbench-0.4.0-py3-none-any.whl (27.2 kB view details)

Uploaded Python 3

File details

Details for the file malbench-0.4.0.tar.gz.

File metadata

  • Download URL: malbench-0.4.0.tar.gz
  • Upload date:
  • Size: 24.7 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: poetry/1.4.1 CPython/3.11.2 Windows/10

File hashes

Hashes for malbench-0.4.0.tar.gz
Algorithm Hash digest
SHA256 bd26d887a9e4cf15fa5b2a3222850bf6674c3e72898a4bf7722a3b676c722a4d
MD5 d233e3ceb0954dc064f1329f12eb6063
BLAKE2b-256 367208dd232e8e4c7b766b48cc46242cd84434447fc306bb8a64c797b77af2b4

See more details on using hashes here.

File details

Details for the file malbench-0.4.0-py3-none-any.whl.

File metadata

  • Download URL: malbench-0.4.0-py3-none-any.whl
  • Upload date:
  • Size: 27.2 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: poetry/1.4.1 CPython/3.11.2 Windows/10

File hashes

Hashes for malbench-0.4.0-py3-none-any.whl
Algorithm Hash digest
SHA256 80b25139d4741ef28ad386f38f9fc291510383f288c85b821dd9036765cfcefc
MD5 3b15494623dedaf851bcbc9608091be2
BLAKE2b-256 cb7ff00b7005b85922672241259cc4ff713d5c38624191a90cdc319c7c5e2131

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page