Skip to content

mantrapatil03/malware-hash-scanner

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
malware_hashes.txt
malware_hashes.txt
 
 
scanner.sh
scanner.sh
 
 

Repository files navigation

🛡️ Malware Hash Scanner (Shell / Bash)

A lightweight, SOC-ready malware detection tool using hash-based identification
Built with pure Bash for Linux & macOS environments.

📌 Overview

Malware Hash Scanner is a command-line cybersecurity tool designed for SOC analysts, incident responders, and security learners.
It identifies known malware by generating SHA256 hashes of files and comparing them against a threat intelligence hash database.

This tool is ideal for:

  • Quick malware triage
  • Threat hunting
  • First-level SOC automation
  • Incident response validation

🚀 Features

✅ Scan single files or entire directories
✅ Generate secure SHA256 hashes
✅ Match against a known malware hash database
✅ Clear SOC-style alerting output
✅ Lightweight & fast (pure Bash, no APIs)
✅ Works on Linux & macOS
✅ Easy to extend with threat intelligence feeds

🧠 How It Works

1️⃣ Accepts a file or directory as input
2️⃣ Generates SHA256 hash for each file
3️⃣ Compares the hash with malware_hashes.txt
4️⃣ Flags files as:

  • [OK] CLEAN
  • [ALERT] MALWARE DETECTED

📁 Repository Structure

malware-hash-scanner/
│
├── scanner.sh              # Main scanning script
├── malware_hashes.txt      # Known malware hash database
├── README.md               # Documentation
└── samples/                # Test files (optional)

🧪 Malware Hash Database

File: malware_hashes.txt

📌 You can populate hashes from:

  • VirusTotal
  • Abuse.ch
  • MISP
  • Open-source threat intelligence reports

⚙️ Installation

1️⃣ Clone the Repository

git clone https://github.com/mantrapatil03/malware-hash-scanner.git
cd malware-hash-scanner

2️⃣ Make Script Executable

chmod +x scanner.sh

▶️ Usage

Scan a Single File
./scanner.sh suspicious.exe

Scan an Entire Directory
./scanner.sh /home/user/downloads

🧠 SOC Use Cases

🔹 Quick malware validation during incident response
🔹 Hash-based detection in compromised systems
🔹 First-level SOC analyst automation
🔹 Threat hunting on endpoints
🔹 Training tool for cybersecurity learners

🔮 Future Enhancements

✅ Support for MD5 / SHA1 / SHA256
📊 JSON / CSV output for SIEM ingestion
🌐 VirusTotal API integration
📁 Logging & report generation
⏱️ Scheduled scans using cron

⚠️ Disclaimer

This tool is intended strictly for educational and defensive cybersecurity purposes. Do not scan systems or files you do not own or have explicit permission to analyze.

👨‍💻 Author

Mantra Patil

✉️ techmantrapatil@gmail.com

💫 Thanks for Visiting! 💫

Made with ❤️ & Bash by Mantra Patil

🌟 If you found this project helpful, please give it a star! 🌟
Your support motivates further open-source work and new features.

About

Lightweight Bash-based malware hash scanner for SOC analysts to detect known malware using SHA256 hash comparison.

Topics

macos bash incident-response cybersecurity infosec shell-script threat-hunting linux-security malware-detection blue-team soc-tools hash-based-detection

Resources

Readme

License

MIT license
Activity

Stars

3 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 1

v1.0.0 Latest
Dec 17, 2025

Packages

 
 
 

Contributors

Languages