Skip to content
/ malware-hash-scanner Public

Lightweight Bash-based malware hash scanner for SOC analysts to detect known malware using SHA256 hash comparison.

License

MIT license
3 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

mantrapatil03/malware-hash-scanner

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

ย 

History

4 Commits
LICENSE
LICENSE
ย 
ย 
README.md
README.md
ย 
ย 
malware_hashes.txt
malware_hashes.txt
ย 
ย 
scanner.sh
scanner.sh
ย 
ย 

Repository files navigation

๐Ÿ›ก๏ธ Malware Hash Scanner (Shell / Bash)

A lightweight, SOC-ready malware detection tool using hash-based identification
Built with pure Bash for Linux & macOS environments.

๐Ÿ“Œ Overview

Malware Hash Scanner is a command-line cybersecurity tool designed for SOC analysts, incident responders, and security learners.
It identifies known malware by generating SHA256 hashes of files and comparing them against a threat intelligence hash database.

This tool is ideal for:

  • Quick malware triage
  • Threat hunting
  • First-level SOC automation
  • Incident response validation

๐Ÿš€ Features

โœ… Scan single files or entire directories
โœ… Generate secure SHA256 hashes
โœ… Match against a known malware hash database
โœ… Clear SOC-style alerting output
โœ… Lightweight & fast (pure Bash, no APIs)
โœ… Works on Linux & macOS
โœ… Easy to extend with threat intelligence feeds

๐Ÿง  How It Works

1๏ธโƒฃ Accepts a file or directory as input
2๏ธโƒฃ Generates SHA256 hash for each file
3๏ธโƒฃ Compares the hash with malware_hashes.txt
4๏ธโƒฃ Flags files as:

  • [OK] CLEAN
  • [ALERT] MALWARE DETECTED

๐Ÿ“ Repository Structure

malware-hash-scanner/
โ”‚
โ”œโ”€โ”€ scanner.sh              # Main scanning script
โ”œโ”€โ”€ malware_hashes.txt      # Known malware hash database
โ”œโ”€โ”€ README.md               # Documentation
โ””โ”€โ”€ samples/                # Test files (optional)

๐Ÿงช Malware Hash Database

File: malware_hashes.txt

๐Ÿ“Œ You can populate hashes from:

  • VirusTotal
  • Abuse.ch
  • MISP
  • Open-source threat intelligence reports

โš™๏ธ Installation

1๏ธโƒฃ Clone the Repository

git clone https://github.com/mantrapatil03/malware-hash-scanner.git
cd malware-hash-scanner

2๏ธโƒฃ Make Script Executable

chmod +x scanner.sh

โ–ถ๏ธ Usage

Scan a Single File
./scanner.sh suspicious.exe

Scan an Entire Directory
./scanner.sh /home/user/downloads

๐Ÿง  SOC Use Cases

๐Ÿ”น Quick malware validation during incident response
๐Ÿ”น Hash-based detection in compromised systems
๐Ÿ”น First-level SOC analyst automation
๐Ÿ”น Threat hunting on endpoints
๐Ÿ”น Training tool for cybersecurity learners

๐Ÿ”ฎ Future Enhancements

โœ… Support for MD5 / SHA1 / SHA256
๐Ÿ“Š JSON / CSV output for SIEM ingestion
๐ŸŒ VirusTotal API integration
๐Ÿ“ Logging & report generation
โฑ๏ธ Scheduled scans using cron

โš ๏ธ Disclaimer

This tool is intended strictly for educational and defensive cybersecurity purposes. Do not scan systems or files you do not own or have explicit permission to analyze.

๐Ÿ‘จโ€๐Ÿ’ป Author

Mantra Patil

โœ‰๏ธ techmantrapatil@gmail.com

๐Ÿ’ซ Thanks for Visiting! ๐Ÿ’ซ

Made with โค๏ธ & Bash by Mantra Patil

๐ŸŒŸ If you found this project helpful, please give it a star! ๐ŸŒŸ
Your support motivates further open-source work and new features.

About

Lightweight Bash-based malware hash scanner for SOC analysts to detect known malware using SHA256 hash comparison.

Topics

macos bash incident-response cybersecurity infosec shell-script threat-hunting linux-security malware-detection blue-team soc-tools hash-based-detection

Resources

Readme

License

MIT license
Activity

Stars

3 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 1

v1.0.0 Latest
Dec 17, 2025

Packages

No packages published

Languages