Skip to content

Latest commit

 

History

History
154 lines (97 loc) · 5.05 KB

README.md

File metadata and controls

154 lines (97 loc) · 5.05 KB

Important Note

This project is only inactively maintained. This means that I merge pull request for bug fixes and simple features that are easily integrated but new features will be delayed.
The aim is to

  • stabilize the current release
  • minimize any performance issues

I'm focusing on a CLI based version that will be a sohpisticated scanner, dropping (Real time protection)RTP support, this will be more streamlined and provide a faster experience. [Details for CLI project to be added soon!]

Meanwhile check out Xylent below 👇🏻

Xylent

A powerful antivirus built using Electron framework and python

Added Features

  • Real Time System Watch
  • Database based quering(md5 and sha256)
  • Yara based pattern matching analysis
  • Executable file signature and integrity analysis
  • Quarantine Handler
  • Startup Items Management
  • Configurable Quick Settings
  • Basic Scans -> Quick

Xylent Interface

Xylent Antivirus Dashboard



Warranty and License

Xylent - A powerful antivirus built using Electron framework and python
Copyright (C) 2023-present Rutuj Runwal

This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program.  If not, see {http://www.gnu.org/licenses/}.

Home: https://github.com/Rutuj-Runwal/Xylent

Features Demonstration

Real Time Protection Demo:

  • Xylent is capable of detecting and removing Malware
  • Blocks drive by downloads
  • Prevents malware replication
  • Blocks malware on file opening,renaming as well as copying
Xylent.Antivirus.Realtime.Protection.Demo.mp4

Quarantine Management Demo:

  • Objects detected are placed into a secure quarantine folder
  • Xylent's UI provides a simple interface to restore or safely remove the files
Xylent.Antivirus.Quaratine.Management.mp4

Archive Auto Repair

  • Automatically repair's archive containing malicious files
  • Repairs infected files and keeps important data in the archive safe
Xylent.Antivirus.Archive.Auto.Repair.mp4

Startup monitor Demo:

  • Xylent monitors startup items for potential malware
  • Currently uses baseline unusual characters and patterns in processname of startup IOC's
  • Enable/Disable startup items directly via Xylent's UI
Xylent.StartupMonitor_Demo.mp4

Expected Features/Coming Soon

  • Fuzzy Hashing based detection
  • Intelligent/Smart cleaning
    • Cache cleaner -> temp,prefetch, Browser cache...
    • Automatically apply recommended OS settings
  • File Insights: VirusTotal based quering,
  • Web Insights: whois lookup for inbound/outbound urls, virustotal / McAfee siteadvisor
  • Basic Scans --> Full,Custom,Memory based scans

Ambitious/Nice-To-Haves' Features

  • Vulnerability Scanner [CVE lookup]
  • MITRE ATT&CK report for threats
  • In process interruption of malware execution
  • [LINUX] ClamAV integration
  • File entropy and ML based Heuristic
  • AI based malicious pattern detection
  • IDS/IPS & HIPS

Tech Stack:

  • Python
    • Flask
    • yara
  • ElectronJS
  • ReactJS
  • Webpack/babel

npm i

npm run watch

python engine.py

npm start

Architecture

  • Flask backend: run using python engine.py
  • Electron based frontend built on ReactJS
    • npm install to install dependencies
    • npm run watch to compile using webpack
    • Finally npm start to run the app

Target Environment

  • Currently in development with main focus towards Windows [both 32-bit and 64x] systems
  • Requires Administrator privilages for certain features
  • Extending capabilites towards Linux at a later stage

Acknowledgements and References

  • Use signature base by Florian Roth under Detection Rules license for additional detection capabitiies. Place the yare rules in /backend/signature-base/yara/
  • Custom simple "Dummy" yara rules - ruleA & ruleB to detect test malware( of type .docx and .pdf) designed specifically for Xylent Antivirus