github.com/captainGeech42/findmal

A tool to find/download malware samples from various public repositories

Open this visualization on its own page →

Contributors

1

Lines of Code

82

From

2020-04-01

To

2020-09-02

About captainGeech42/findmal

Findmal is a command-line tool written in Go that searches for and downloads malware samples from publicly accessible repositories. It provides a unified interface to query multiple malware databases including VirusTotal, Hybrid Analysis, MalwareBazaar, and URLhaus, allowing security researchers to locate samples by MD5, SHA1, or SHA256 hash without having to visit each service individually.

The tool accepts file hashes as input and searches across enabled sources, returning matching results and optionally downloading samples in password-protected zip archives. It supports different API key requirements for each source, with some services requiring authentication while others like URLhaus are freely accessible. The project is configured through a JSON file where users can input their API credentials for each platform they want to use, and the tool intelligently skips sources that aren't configured or don't support a particular hash type.

Findmal is designed for security professionals and malware researchers who need to bulk-search or automate sample collection from multiple repositories. While currently supporting four major malware databases, the roadmap indicates potential future support for VirusShare, with some platforms like any.run and CAPE Sandbox remaining unsupported due to API limitations or access restrictions.

Share this video