Shivammyadav/Malware-Analysis-Sandbox

# 🦠 Malware Analysis Sandbox A modular, open-source malware analysis sandbox built in Python. Perform **static**, **dynamic**, and **network** analysis on suspicious files — and generate detailed HTML/JSON reports. ## 📸 Features | Category | Capabilities | |---|---| | **Static Analysis** | PE header parsing, entropy calculation, string extraction, YARA scanning, hash computation (MD5/SHA1/SHA256) | | **Dynamic Analysis** | Process monitoring, file system change detection, registry monitoring (Windows) | | **Network Analysis** | DNS query capture, HTTP/S traffic logging, IP reputation lookup | | **Reporting** | JSON + HTML reports with timeline, IOCs, severity scoring | | **CLI Interface** | Simple command-line tool with rich output | | **Docker Support** | Pre-built isolated container environment | ## 🗂️ Project Structure malware-analysis-sandbox/ ├── sandbox/ │ ├── core/ # Orchestration engine │ ├── static/ # Static analysis modules │ ├── dynamic/ # Dynamic analysis modules │ ├── network/ # Network capture & analysis │ └── reports/ # Report generation & templates ├── cli/ # Command-line interface ├── config/ # Configuration files ├── tests/ # Unit & integration tests ├── scripts/ # Helper & setup scripts ├── docs/ # Documentation ├── Dockerfile ├── docker-compose.yml └── requirements.txt ## 🚀 Quick Start ### Option 1: Docker (Recommended) git clone https://github.com/Shivammyadav/malware-analysis-sandbox.git cd malware-analysis-sandbox docker-compose up --build docker exec -it malware-sandbox python -m cli.main analyze /samples/suspicious.exe ### Option 2: Local (Python 3.9+) git clone https://github.com/Shivammyadav/malware-analysis-sandbox.git cd malware-analysis-sandbox python -m venv venv source venv/bin/activate pip install -r requirements.txt python scripts/download_yara_rules.py python -m cli.main analyze /path/to/sample.exe ## 🔧 Usage # Full analysis python -m cli.main analyze malware.exe # Static analysis only python -m cli.main analyze malware.exe --mode static # With custom timeout python -m cli.main analyze malware.exe --timeout 120 # Save report python -m cli.main analyze malware.exe --output ./reports/ # JSON output python -m cli.main analyze malware.exe --format json # Hash lookup python -m cli.main hash malware.exe # YARA scan python -m cli.main yara malware.exe --rules ./config/rules/ ## ⚙️ Configuration Edit `config/config.yaml`: analysis: timeout: 60 max_file_size: 50MB sandbox_mode: full yara: rules_path: ./config/rules/ community_rules: true network: capture_interface: eth0 dns_log: true http_log: true reporting: format: html output_dir: ./reports/ ## 🧪 Running Tests pytest tests/ -v pytest tests/ --cov=sandbox --cov-report=html ## 📄 License MIT License — see [LICENSE](LICENSE) for details.