Mowr is a virustotal-like web application aiming at halping to detect malicious web files.

This application uses PostgreSQL, if you do not already have it, please download and install it. Create a database like below. Please note that the strfuzzymatch module from postgresql is required so you will need to add it.

createdb mowr
psql -d mowr -c "CREATE EXTENSION fuzzystrmatch;"

Also it uses PMF. You can either clone it into the mowr folder or you can install it on your system. Some python extensions require dev library to be build, so you will have to install it as well.

git clone https://github.com/nbs-system/mowr
cd mowr

If you did not install PMF on your system via a package, you can clone it into mowr folder.

git clone https://github.com/nbs-system/php-malware-finder

Now you need to add some required packages.

## The packages below are required to build some requirements
apt install gcc
apt install python-dev
apt install libffi-dev
apt install libfuzzy-dev
apt install postgresql-server-dev-9.4
apt install postgresql-contrib-9.4

pip install --user -r requirements.txt
python mowr-server.py

To configure the server, edit config.cfg to set the sql server port and host, the administrator login and password, and mowr-server.py to edit the port the server runs on.

The project required a database to store each sample analysis. At first we used NoSQL with MongoDB which was in a first place interesting, because we didn't need any relation between file analyzes. But then the project requirements changed, and that's why the MOWR switched to PostgreSQL. PostgreSQL is one of the most commonly used DBMS which is known for its powerfulness.

The files are stored in a folder with their sha256 as name. Doing so makes it quite easy to manage them. To prevent their execution, the files are set to chmod(400).

As said above, MySQL didn't appear to be an interesting choice. Python was chosen over PHP mostly because the later is slow, ugly, and sucks hard.

The administration interface is using Gentelella which is a nice template to quickly make a pretty admin interface with cool statistics

You can add another analyser quite easily since they are loaded dynamically. Just create a new file (using lowercase) inside the mowr/lib/analyzers/ directory and put at least this inside:

import os
import time

from mowr.models.analysis import Analysis

class MynewAnalyser(Analysis):
    types = ['PHP', 'ASP'] # This analyser can handle those types of file
    path = ""

    @classmethod
    def load(cls, app):
        """ Returns True if the plugin has everything it needs """
        if os.access('/the/path/to/here/', os.R_OK):
            cls.path = '/the/path/to/here'
            return True
        elif os.access(os.path.join(app.config.get('BASE_DIR'), 'myplugin'), os.R_OK):
            cls.path = os.path.join(app.config.get('BASE_DIR'), 'myplugin')
            return True
        # Can't access anything :(
        return False

    def __init__(self, analysis_type, filename):
        self.type = analysis_type
        self.soft = 'MyNew'
        self.filename = filename
        self.analyse()

    def analyse(self):
        start = time.time()
        # Do your analysis here as you want to do it ...
        content = """Result here"""
        self.analysis_time = time.time() - start
        self.result = content
        return True

Be careful, the name of your class must be the same as your filename. Now, enable your new analyser in the configuration:

ENABLED_ANALYZERS = ['PmfAnalyser', 'MynewAnalyser']

Again, the name here must be the same as the name of your class. That's it, mowr will load it for any new analyzes.

GNU GENERAL PUBLIC LICENSE Version 3, 29 June 2007