Skip to main content

Multi-quarantine extractor

Project description

maldump

Maldump makes it easy to extract quarantined files of multiple AVs from a live system or a mounted disk image.

Features

Supports extraction from the following AV products

  • Avast Antivirus
  • Avira Antivirus
  • Eset NOD32
  • FortiClient
  • G Data
  • Kaspersky for Windows Server
  • Malwarebytes
  • Microsoft Defender
  • McAfee
  • AVG

Installation

Using pip (Recommended)

$ pip install maldump

Or alternatively using git and Virtual Environment

$ git clone https://github.com/NUKIB/maldump
$ cd maldump

Create new environment and activate it

$ python3 -m venv venv
$ . venv/bin/activate

Install dependencies

(env) $ pip install -r requirements.txt

Run it as a module

(env) $ python3 -m maldump

Usage

usage: maldump [-h] [-l] [-q] [-m] [-a] [-v] root_dir

Multi-quarantine extractor

positional arguments:
  root_dir       root directory where OS is installed (example C:\)

optional arguments:
  -h, --help     show this help message and exit
  -l, --list     list quarantined file(s) to stdout (default action)
  -q, --quar     dump quarantined file(s) to archive 'quarantine.tar'
  -m, --meta     dump metadata to CSV file 'quarantine.csv'
  -a, --all      equivalent of running both -q and -m
  -v, --version  show program's version number and exit
  -d, --dest     destination for exported files

Examples

On Windows

List quarantine files located on disk C

$ maldump C:\

Dump quarantine files from disk C into archive quarantine.tar

$ maldump C:\ --quar

Export quarantine metadata from disk C into quarantine.csv

$ maldump C:\ --meta

Export both files and metadata from a mounted disk F

$ maldump F:\ --all

On Linux

List quarantine files from a windows partition mounted on /mnt/win

$ maldump /mnt/win

Disclaimer

Keep in mind, all timestamps are in UTC except for "Kaspersky for Windows Server" which stores timestamps in a local timezone.

For optimal results, admin privileges are required when running on Windows system. Linux does not require admin rights.

Contributing

To contribute to this project, please follow the CONTRIBUTING.

License

This software is licensed under GNU General Public License version 3.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

maldump-0.5.0.tar.gz (127.8 kB view details)

Uploaded Source

Built Distribution

maldump-0.5.0-py3-none-any.whl (159.9 kB view details)

Uploaded Python 3

File details

Details for the file maldump-0.5.0.tar.gz.

File metadata

  • Download URL: maldump-0.5.0.tar.gz
  • Upload date:
  • Size: 127.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/5.1.1 CPython/3.9.20

File hashes

Hashes for maldump-0.5.0.tar.gz
Algorithm Hash digest
SHA256 aba1d216c8a02a8eedd9a2f38ee20ae07702f5e93cf6e4a467ff60f3b94454e1
MD5 c1e11924da81239fa31bc4493048a450
BLAKE2b-256 c336b09cf0bfb75d9d1823df28bcaaf1e3cc217aa6e3a6826e2624c4f03f4025

See more details on using hashes here.

File details

Details for the file maldump-0.5.0-py3-none-any.whl.

File metadata

  • Download URL: maldump-0.5.0-py3-none-any.whl
  • Upload date:
  • Size: 159.9 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/5.1.1 CPython/3.9.20

File hashes

Hashes for maldump-0.5.0-py3-none-any.whl
Algorithm Hash digest
SHA256 5c7ed44d408fe6a454dbca3bc47795d09cdf0601035fd8fa0dc6004e730c5d6e
MD5 d697aab8005a614a0649fd07169f448f
BLAKE2b-256 27222d94b48d2ed4948f3324232b5a60dca3fdefaf91dd049e4de82b0e75e8f5

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page