Skip to content

A powerful antivirus built using Electron framework python and Rust

License

Notifications You must be signed in to change notification settings

HydraDragonAntivirus/Xylent

 
 

Repository files navigation

Xylent

Added Features

  • Real Time System Watch
  • Database based quering(md5, sha1, sha256, ssdeep and tlsh)
  • Yara based pattern matching analysis
  • Executable file signature and integrity analysis
  • Quarantine Handler
  • Startup Items Management
  • Configurable Quick Settings
  • Basic Scans -> Quick

Xylent Interface

Xylent Antivirus Dashboard



Features Demonstration

Real Time Protection Demo:

  • Xylent is capable of detecting and removing Malware
  • Blocks drive by downloads
  • Prevents malware replication
  • Blocks malware on file opening,renaming as well as copying
  • Detects newly opened files
Xylent.Antivirus.Realtime.Protection.Demo.mp4

Quarantine Management Demo:

  • Objects detected are placed into a secure quarantine folder
  • Xylent's UI provides a simple interface to restore or safely remove the files
Xylent.Antivirus.Quaratine.Management.mp4

Archive Auto Repair

  • Automatically repair's archive containing malicious files
  • Repairs infected files and keeps important data in the archive safe
Xylent.Antivirus.Archive.Auto.Repair.mp4

Startup monitor Demo:

  • Xylent monitors startup items for potential malware
  • Currently uses baseline unusual characters and patterns in processname of startup IOC's
  • Enable/Disable startup items directly via Xylent's UI
Xylent.StartupMonitor_Demo.mp4

Expected Features/Coming Soon

  • Intelligent/Smart cleaning
    • Cache cleaner -> temp,prefetch, Browser cache...
    • Automatically apply recommended OS settings
  • File Insights: VirusTotal based quering,
  • Web Insights: whois lookup for inbound/outbound urls, virustotal / McAfee siteadvisor
  • Basic Scans --> Full,Custom,Memory based scans

Ambitious/Nice-To-Haves' Features

  • Vulnerability Scanner [CVE lookup]
  • MITRE ATT&CK report for threats
  • In process interruption of malware execution
  • [LINUX] ClamAV integration
  • File entropy and ML based Heuristic
  • AI based malicious pattern detection
  • IDS/IPS & HIPS

Tech Stack:

  • Python
    • Flask
    • yara
  • ElectronJS
  • ReactJS
  • Webpack/babel

npm i

npm run watch

python engine.py

npm start

Architecture

  • Flask backend: run using python engine.py
  • Electron based frontend built on ReactJS
    • npm install to install dependencies
    • npm run watch to compile using webpack
    • Finally npm start to run the app

Target Environment

  • Currently in development with main focus towards Windows x64 systems
  • Requires Administrator privilages for certain features
  • Extending capabilites towards Linux at a later stage

Acknowledgements and References

  • Use signature base by Florian Roth under Detection Rules license for additional detection capabitiies. Place the yare rules in /backend/signature-base/yara/
  • Custom simple "Dummy" yara rules - ruleA & ruleB to detect test malware( of type .docx and .pdf) designed specifically for Xylent Antivirus

Credits

About

A powerful antivirus built using Electron framework python and Rust

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • JavaScript 44.9%
  • Python 43.4%
  • HTML 9.0%
  • Rust 2.6%
  • Makefile 0.1%