PyScan is a Python-based security scanning tool that uses YARA rules to detect malware or suspicious files. It supports scanning individual files, entire directories, the Downloads folder, and performs a “Persistence Remover” scan for malicious registry entries, startup folders, scheduled tasks, Windows services, and WMI subscriptions.
Developed by pydev and chatgpt
- Features
- Requirements
- Installation
- Usage
- Exclusions
- Optional: Building a Single Executable
- Contributing
- License
- Credits
-
YARA Integration
Load and compile YARA rules to detect suspicious signatures in files. -
Multiple Scan Modes
- Single File: Prompt for a file and scan it immediately.
- Directory Scan: Recursively scan a user-selected directory.
- Downloads Folder: Quickly scan the user’s default Downloads folder.
- Persistence Remover: Search for malicious persistence mechanisms in registry run keys, startup folders, scheduled tasks, Windows services, and WMI subscriptions (Windows-only).
-
Exclusions
- Exclude single files (via the detection pop-up) or entire folders (via an “Exclude Folder” button).
- Manage (remove) these exclusions dynamically during runtime.
-
Logging & Alerts
- Timestamped logging in a text area and an external log file (
pyscan_scan_results.logby default). - Pop-up alerts when a match is found, allowing you to Quarantine, Delete, Exclude, or Ignore the detection.
- Timestamped logging in a text area and an external log file (
-
Scheduling (Optional)
- Uses APScheduler to automate scans at set intervals, if desired (in-memory only).
-
Clean UI
- Built with PyQt5.
- Group boxes and a simple style sheet provide a professional layout.
- “About” button displaying “Developed by...”
-
Python 3.7+
-
Dependencies:
pip install PyQt5 yara-python APScheduler
pip install rarfile
pip install wmi
Usage Run PyScan:
python PyScan.py
Exclude Folder – Skips all files in that folder (and subfolders).
Manage Exclusions – Opens a dialog listing all currently excluded paths, letting you remove them if needed.
Note: Exclusions are in-memory only by default. Once you exit PyScan, they reset unless you modify the code to save them.