Metadata-Version: 2.4
Name: nusantarascan
Version: 0.2.0
Summary: Advanced Binary Analysis Tool
Home-page: https://github.com/Lutfifakee-Project/NusantaraScan
Author: Lutfifakee
Author-email: lutfifakeeproject@proton.me
License: GPL-3.0-or-later
Project-URL: Source, https://github.com/Lutfifakee-Project/NusantaraScan
Keywords: malware analysis reverse engineering security
Classifier: Programming Language :: Python :: 3
Classifier: License :: OSI Approved :: GNU General Public License v3 (GPLv3)
Classifier: Operating System :: OS Independent
Requires-Python: >=3.8
Description-Content-Type: text/markdown
Requires-Dist: pefile>=2023.2.7
Requires-Dist: pyelftools>=0.29
Requires-Dist: capstone>=5.0.1
Requires-Dist: yara-python>=4.5.0
Requires-Dist: colorama>=0.4.6
Requires-Dist: rich>=13.7.0
Requires-Dist: python-magic>=0.4.27
Requires-Dist: requests>=2.28.0
Dynamic: author
Dynamic: author-email
Dynamic: classifier
Dynamic: description
Dynamic: description-content-type
Dynamic: home-page
Dynamic: keywords
Dynamic: license
Dynamic: project-url
Dynamic: requires-dist
Dynamic: requires-python
Dynamic: summary

# NusantaraScan

> *"An open-source binary analysis tool for modern security workflows."*

[![Python](https://img.shields.io/badge/Python-3.8+-blue.svg)](https://python.org)
[![License](https://img.shields.io/badge/License-GPLv3-red.svg)](LICENSE)
[![Platform](https://img.shields.io/badge/Platform-Linux%20%7C%20Windows%20%7C%20macOS-lightgrey)]()

---

## Tentang Proyek

**NusantaraScan** adalah tool open-source untuk analisis binary, mencakup malware analysis, deteksi RAT (Remote Access Trojan), dan reverse engineering.

Dirancang agar:
- Powerful untuk analis profesional
- Tetap simpel untuk pemula

---

## Fitur v0.2.0

- Static Analysis (PE, ELF, Mach-O)
- RAT Detection (DarkComet, NanoCore, NjRAT, Gh0st, dll)
- String Extraction (URL, IP, API calls)
- Entropy Analysis
- Section Analysis
- YARA Integration
- Disassembly (x86/x64/ARM/ARM64)
- Multi-format Export (JSON, HTML)
- Packer Detection (UPX, ASPack, MPRESS)
- Entropy Visualization
- Multi-File Scanning
- VirusTotal Integration

---

## Instalasi

```bash
git clone https://github.com/Lutfifakee-Project/NusantaraScan.git
cd NusantaraScan
pip install -r requirements.txt
python main.py --help
```

## Install dari PyPI
```bash
pip install nusantarascan
```

---

## Deteksi RAT (Remote Access Trojan)

```bash
python main.py file_curiga.exe --yara nusantarascan/signatures/yara_rules/rat_rules
python main.py file_curiga.exe --deep --yara nusantarascan/signatures/yara_rules/rat_rules
```

## Contoh Penggunaan

```bash
# Analisis dasar
python main.py notepad.exe

# Deteksi packer
python main.py malware.exe --packer

# Visualisasi entropy graph
python main.py malware.exe --graph

# Full disassembly
python main.py malware.exe --full-disasm

# Scan semua file dalam folder
python main.py ./malware_samples/ --recursive

# Cek ke VirusTotal (perlu API key)
python main.py malware.exe --vt --vt-api-key YOUR_API_KEY

# Kombinasi semua fitur
python main.py malware.exe --deep --packer --graph --vt

# Export ke HTML/JSON
python main.py file.exe --output report.html --format html
```
---

## 📊 Contoh Output

```text
    _   _                       _                  ____
   | \ | |_   _ ___  __ _ _ __ | |_ __ _ _ __ __ _/ ___|  ___ __ _ _ __
   |  \| | | | / __|/ _` | '_ \| __/ _` | '__/ _` \___ \ / __/ _` | '_ \
   | |\  | |_| \__ \ (_| | | | | || (_| | | | (_| |___) | (_| (_| | | | |
   |_| \_|\__,_|___/\__,_|_| |_|\__\__,_|_|  \__,_|____/ \___\__,_|_| |_| 0.2.0
                https://github.com/Lutfifakee-Project/

[+] Target   : malware_simulator.exe
[+] Size     : 8,456,064 bytes (8.06 MB)
[+] MD5      : 1a2b3c4d5e6f7g8h9i0j
[+] Entropy  : 6.8521

[*] Section Analysis:
┏━━━━━━━━┳━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━┳━━━━━━━━━━┳━━━━━━━━━┓
┃ Name   ┃ Virtual Address ┃ Virtual Size ┃ Raw Size ┃ Entropy ┃
┡━━━━━━━━╇━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━╇━━━━━━━━━━╇━━━━━━━━━┩
│ .text  │ 0x1000          │ 0x2448f      │ 0x24600  │ 6.2747  │
│ .rdata │ 0x26000         │ 0x9288       │ 0x9400   │ 5.9296  │
└────────┴─────────────────┴──────────────┴──────────┴─────────┘

[+] Imported Functions:
    KERNEL32.dll
      └─ CreateRemoteThread     ← Indikasi RAT!
      └─ VirtualAllocEx
      └─ WriteProcessMemory
      └─ RegSetValueExW

[+] String Analysis:
    [!] String mencurigakan ditemukan:
      • DarkComet                ← Indikasi RAT DarkComet!
      • CreateRemoteThread
      • VirtualAllocEx

[!] YARA Scan:
    [!] 2 YARA rule(s) matched:
      • DarkComet_RAT            ← RAT Terdeteksi!
      • Suspicious_RAT_APIs

[+] Scan completed!v
```

---

## 📦 Requirements

- Python 3.8 atau lebih baru

Install dependencies:

```bash
pip install -r requirements.txt
```

Dependencies:
- `pefile` — Analisis file PE Windows
- `pyelftools` — Analisis file ELF Linux
- `capstone` — Disassembly engine
- `yara-python` — YARA integration
- `rich` — CLI output formatting
- `requests ` — VirusTotal API

---

## 📁 Struktur Proyek

```text
NusantaraScan/
├── main.py                  # Entry point utama
├── requirements.txt        # Dependencies
├── setup.py                # Installer
├── README.md               # Dokumentasi
└── nusantarascan/
    ├── cli.py              # CLI handler
    ├── analyzers/          # Binary analyzers (PE, ELF, Mach-O)
    ├── visualizers/        # Entropy graph visualization
    ├── integrations/       # VirusTotal API
    ├── scanners/           # Multi-file scanner
    ├── utils/              # Utilities (hash, entropy)
    ├── signatures/         # YARA scanner & rules
    │   └── yara_rules/
    │       └── rat_rules/  # YARA rules untuk deteksi RAT
    └── formatters/         # JSON/HTML export
```

---

## Menggunakan Koleksi Rules Komunitas (Yara-Rules)
Untuk meningkatkan kemampuan deteksi secara signifikan, Anda dapat mengintegrasikan koleksi rules dari repositori Yara-Rules/rules. Repositori ini berisi ribuan signature YARA untuk mendeteksi berbagai ancaman, termasuk malware, exploit kit, dokumen berbahaya, dan teknik anti-debug.

### Langkah-langkah Mengintegrasikan:
Clone repositori ke dalam direktori signatures tool ini:
git clone https://github.com/Yara-Rules/rules.git nusantarascan/signatures/yara_rules/community

Struktur Direktori: Setelah berhasil, Anda akan memiliki struktur seperti ini:
nusantarascan/signatures/yara_rules/
├── rat_rules/          # Rules khusus RAT Anda
└── community/          # Rules dari Yara-Rules
    ├── malware/        # Rules untuk deteksi malware umum
    ├── packers/        # Rules untuk deteksi packer (UPX, dll)
    ├── maldocs/        # Rules untuk dokumen berbahaya
    └── ...

### Gunakan Rules Komunitas: Anda bisa langsung memindai file dengan semua rules komunitas atau kategori spesifik.

# Memindai dengan semua rules dari repositori komunitas
python main.py file_curiga.exe --yara nusantarascan/signatures/yara_rules/community

# Memindai dengan rules dari kategori 'malware' saja
python main.py file_curiga.exe --yara nusantarascan/signatures/yara_rules/community/malware

# Memindai dengan rules RAT Anda sendiri ditambah rules malware komunitas
python main.py file_curiga.exe --yara nusantarascan/signatures/yara_rules/rat_rules --yara nusantarascan/signatures/yara_rules/community/malware

## Lisensi

Proyek ini menggunakan lisensi **GNU General Public License v3.0**

---
