rex/mcd

mirror of https://gitlab.com/malicious-commit-detector/mcd synced 2026-01-15 12:31:37 +00:00

No description

Find a file

Arnaud Moura 46ebb49878 fix: bad operator in .nimble		2023-03-03 20:42:28 +00:00
icons	docs: add icon	2021-11-02 21:40:23 +01:00
src	fix: update colorizeEcho to 1.2	2023-03-03 20:38:54 +00:00
tests	test: fix cmake all	2021-11-02 21:40:22 +01:00
.gitignore	chore: update .gitignore for vscode	2021-05-07 21:41:54 +02:00
.gitlab-ci.yml	ci: add cmake in PATH for Windows	2021-11-02 21:40:23 +01:00
LICENSE.md	chore: change links	2022-01-22 17:21:23 +01:00
mcd.nimble	fix: bad operator in .nimble	2023-03-03 20:42:28 +00:00
nim.cfg	Initial commit	2021-04-24 23:27:10 +02:00
README.md	chore: change links	2022-01-22 17:21:23 +01:00

README.md

Malicious Commit Detector

Application to detect which commit generates malicious code detection by antivirus software.

MCD use the Virus Total web API to detect malicious code in files. You need a API key that you can get with a free Virus Total account. A pro account is prefered if you have lot of files to check because the free version limit the number of request.

Installation

From Nim pakage manager Nimble

nimble install mcd

Executables

Windows and Linux executable

Contributions are welcome.

Analyze your project commits

First you must create a file to explain how build the project that you will test.

The file is a TOML format et must contains this keys:

project_dir : path of the project source code. Absolute path or relative to this file.
build_dir : folder where the commands must be run. Relative path to project_dir.
build_command : a list of succesive commands to run to build your project. Relative path to project_dir.
file_path : a list of all files to analyse. Relative path to project_dir.

See example file tests\MaliciousTest\mcd-config.toml.

To analyze the project's master branch, run the following command:

.\mcd.exe detectCommit -a=XXXXXXXXXX -c=c:\Users\A\mcd\tests\mcd-config.toml -b=master
Configuration file: c:\Users\A\mcd\tests\mcd-config.toml
🔍 Commit "70740ce"
🔨 Build
⏳ Wait analyze 25 sec ...
  analyze not completed, wait 25 sec ...
  analyze not completed, wait 25 sec ...
  analyze not completed, wait 25 sec ...
❌ malicious.exe
🔍 Commit "c92584b"
🔨 Build
⏳ Wait analyze 25 sec ...
  analyze not completed, wait 25 sec ...
  analyze not completed, wait 25 sec ...
  analyze not completed, wait 25 sec ...
✔️ malicious.exe
Commit "c92584b" is the last commit without generated malicous files

detectCommit help:

Usage:
  detectCommit [required&optional-params]
Detect first commit with malicious code
Options:
  -h, --help                             print this cligen-erated help
  --help-syntax                          advanced: prepend,plurals,..
  -a=, --apikey=       string  REQUIRED  API key of your VirusTotal account
  -c=, --config=       string  REQUIRED  config file to build binaries for each commit
  -s=, --startCommit=  string  ""        start commit
  -l=, --lastCommit=   string  ""        latest commit
  -b=, --branch=       string  ""        the branch where run detection
  -w=, --wait=         int     25        waiting time of the analysis in seconds
  -t=, --threshold=    int     2         detection threshold for false positive

Analyze one file

To analyze one file, use analyze command.

.\mcd.exe analyze -a=XXXXXXXXXX .\clean.exe
⏳ Wait analyze 25 sec ...
✔️ clean.exe

.\mcd.exe analyze -a=XXXXXXXXXX .\malware.exe
⏳ Wait analyze 25 sec ...
  analyze not completed, wait 25 sec ...
❌ malware.exe

Analyze help:

Usage:
  analyze [required&optional-params] [paths: string...]
Check several files
Options:
  -h, --help                           print this cligen-erated help
  --help-syntax                        advanced: prepend,plurals,..
  -a=, --apikey=     string  REQUIRED  API key of your VirusTotal account
  -w=, --wait=       int     25        waiting time of the analysis in seconds
  -t=, --threshold=  int     2         detection threshold for false positive