Skip to content
/ BinBot Public
forked from Mili-NT/BinBot

A scraper written in python to scrape the public pastebin archive and filter with customizable and extensible YARA rules

License

Notifications You must be signed in to change notification settings

scodx/BinBot

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

BinBot

BinBot is a script designed to aggregate data from multiple *bin sources, and flexibly classify and sort that data using YARA rules.

YARA Rules:

By utilizing YARA pattern matching, BinBot is capable of:

  • Detecting common indicators of malware
  • Applying sets of regular expressions to documents
  • Blacklisting documents that are not of interest
  • Searching for keywords or phrases in documents

To add YARA rules, simply place the .yar or .yara file in yara_rules/general_rules to be ran on text files or yara_rules/binary_rules to be ran on executable files.

Make sure to customize your blacklist.yar and keywords.yar file.

Currently Supported Services:

Usage:

python3 BinBot.py <path to configuration file>

If no path is passed, binbot will run a manual setup.

Credits:

  • Binary rules found here and credited individually in the rule files.
  • KindredSec's pastebin video was an inspiration for the base64 rules
  • r/learnpython, as always

Planned Features and TODO:

  • Tweak implementation of binary rules to ensure customizability
  • Fix bug with single URL documents (ix.io only?) causing bs4 decoding error
  • Add fallbacks/error messages for documents returning NoneType

About

A scraper written in python to scrape the public pastebin archive and filter with customizable and extensible YARA rules

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Python 73.7%
  • YARA 24.2%
  • Shell 2.1%