Skip to content
This repository has been archived by the owner on Apr 24, 2020. It is now read-only.
/ konig Public archive

Graph-theoretical investigation of a corpus of malware obtained from the web

License

Notifications You must be signed in to change notification settings

krmaxwell/konig

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

31 Commits
 
 
 
 
 
 
 
 

Repository files navigation

konig

Graph-theoretical investigation of a corpus of malware obtained from the web using mwcrawler. Named for Dénes Kőnig, who wrote the first textbook on graph theory.

Usage

python konig.py [OPTIONS]

OPTION LIST:

-d    Directory of files to be hashed. Defaults to current directory if not specified.
-t    Threshold of similarity before files are considered linked, on 0-100 scale. Defaults to 80 if not specified.
-o    Output file for fuzzy hashes once calculated. Stored in JSON format.
-i    Input file for previously-calculated fuzzy hashes. Must be in JSON format (e.g. created with -o above). Note that any files listed here will NOT be rehashed, even if they have changed.
-f    Investigation file. Konig will calculate the graph, then present the connected component graph containing this file (everything related to it, directly or indirectly).
-e    Export file. Save your graph as GraphML for use in other tools.
-n    Do not plot (interactively). GraphML export is not affected by this switch.

Note that once the graph displays, you can click on the Zoom-to-rectangle button to select an area for closer examination. See the matplotlib docs for more information. Alternately, you can import the GraphML file into Gephi or similar.

Requirements

Copyright 2013, Kyle Maxwell. Licensed under GPL v3. See LICENSE for more details.

About

Graph-theoretical investigation of a corpus of malware obtained from the web

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages