Light

hartl3y94 / qu1cksc0pe Goto Github PK

View Code? Open in Web Editor NEW

This project forked from cyb3rmx/qu1cksc0pe

0.0 0.0 0.0 60.11 MB

All-in-One malware analysis tool.

License: Apache License 2.0

Python 18.99% YARA 72.82% JavaScript 8.19%

qu1cksc0pe's Introduction

Qu1cksc0pe

This tool allows you to statically analyze Windows, Linux, OSX executables and APK files.

You can get:

What DLL files are used.
Functions and APIs.
Sections and segments.
URLs, IP addresses and emails.
Android permissions.
File extensions and their names.
And so on...

Qu1cksc0pe aims to get even more information about suspicious files and helps user realize what that file is capable of.

Usage

python3 qu1cksc0pe.py --file suspicious_file --analyze

Screenshot

Updates

09/10/2021

Added AndroidRuntime module. Now you can analyze android applications dynamically!!

Available On

Note

You can also use Qu1cksc0pe from Windows Subsystem Linux in Windows 10.

Setup

Necessary python modules:

puremagic => Analyzing target OS and magic numbers.
androguard => Analyzing APK files.
apkid => Check for Obfuscators, Anti-Disassembly, Anti-VM and Anti-Debug.
prettytable => Pretty outputs.
tqdm => Progressbar animation.
colorama => Colored outputs.
oletools => Analyzing VBA Macros.
pefile => Gathering all information from PE files.
quark-engine => Extracting IP addresses and URLs from APK files.
pyaxmlparser => Gathering informations from target APK files.
yara-python => Android library scanning with Yara rules.
prompt_toolkit => Interactive shell.
frida => Performing dynamic analysis against android applications.

Installation of python modules: pip3 install -r requirements.txt
Gathering other dependencies:

VirusTotal API Key: https://virustotal.com
Binutils: sudo apt-get install binutils
ExifTool: sudo apt-get install exiftool
Strings: sudo apt-get install strings

Alert

You must specify jadx binary path in Systems/Android/libScanner.conf

[Rule_PATH]
rulepath = /Systems/Android/YaraRules/

[Decompiler]
decompiler = JADX_BINARY_PATH <-- You must specify this.

Installation

You can install Qu1cksc0pe easily on your system. Just execute the following commands.
Command 0: sudo pip3 install -r requirements.txt
Command 1: sudo python3 qu1cksc0pe.py --install

Scan arguments

Normal analysis

Usage: python3 qu1cksc0pe.py --file suspicious_file --analyze

Multiple analysis

Usage: python3 qu1cksc0pe.py --multiple FILE1 FILE2 ...

Hash scan

Usage: python3 qu1cksc0pe.py --file suspicious_file --hashscan

Folder scan

Supported Arguments:

--hashscan
--packer

Usage: python3 qu1cksc0pe.py --folder FOLDER --hashscan

VirusTotal

Report Contents:

Threat Categories
Detections
CrowdSourced IDS Reports

Usage for --vtFile: python3 qu1cksc0pe.py --file suspicious_file --vtFile

Document scan

Usage: python3 qu1cksc0pe.py --file suspicious_document --docs

Programming language detection

Usage: python3 qu1cksc0pe.py --file suspicious_executable --lang

Interactive shell

Usage: python3 qu1cksc0pe.py --console

Domain

Usage: python3 qu1cksc0pe.py --file suspicious_file --domain

Informations about categories

Registry

This category contains functions and strings about:

Creating or destroying registry keys.
Changing registry keys and logs.

File

This category contains functions and strings about:

Creating/modifying/infecting/deleting files.
Getting information about file contents and filesystems.

Networking/Web

This category contains functions and strings about:

Communicating with malicious hosts.
Downloading malicious files.
Sending informations about infected machine and its user.

Process

This category contains functions and strings about:

Creating/infecting/terminating processes.
Manipulating processes.

Dll/Resource Handling

This category contains functions and strings about:

Handling DLL files and another malware's resource files.
Infecting and manipulating DLL files.

Evasion/Bypassing

This category contains functions and strings about:

Manipulating Windows security policies and bypassing restrictions.
Detecting debuggers and doing evasive tricks.

System/Persistence

This category contains functions and strings about:

Executing system commands.
Manipulating system files and system options to get persistence in target systems.

COMObject

This category contains functions and strings about:

Microsoft's Component Object Model system.

Cryptography

This category contains functions and strings about:

Encrypting and decrypting files.
Creating and destroying hashes.

Information Gathering

This category contains functions and strings about:

Gathering informations from target hosts like process states, network devices etc.

Keyboard/Keylogging

This category contains functions and strings about:

Tracking infected machine's keyboard.
Gathering information about targets keyboard.
Managing input methods etc.

Memory Management

This category contains functions and strings about:

Manipulating and using target machines memory.

Thanks to

For most of FRIDA scripts: https://github.com/Ch0pin/

qu1cksc0pe's People

Contributors

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.