Description
HG is an abbreviation to Hazardous Garbage, is a tool to download samples of malwares from many sources. HG by itself does not store the malware, it takes a second tool like VxCage or Cuckoo Sandbox project, then it only performs the download and executes the process to sends for a repository.
Features
- New sources can be added by creating a module in directory "feeds"
- New processors can be added by creating a module in directory "processors".
Malwares Sources:
Processors:
- Is integrated with VxCage.
- Is integrated with Cuckoo Sandbox.
Requirements
Python 2.7 is required to run HG. To install the project dependencies do this:
pip install -r requirements.txt
If you are using Debian/Ubuntu maybe you will need install some packages first:
apt-get install libxml2-dev libxslt1-dev python2.7-dev
Configuration
HG only analyzes the malwares sources and downloads the samples, so to store the samples, HG use the VxCage, then first is needed to install it.
Configure HG using the hg.conf in conf directory, it is simple see below:
[vxcage]
enabled = yes
connection = http://localhost:8080/
Now HG can send samples to Cuckoo Sandbox, in hg.conf you can configure this integration, just set the address for your cuckoo installation, remember, to do this you need to run the Cuckoo API, not the web interface, see configuration example bellow:
[cuckoo]
enable = yes
connection = http://localhost:8090/
Authors and Contributors
And the thanks go to:
Contact
feel free to contact me at @neriberto