Mastodawn

avallach Jun 11, 2025

#mlget has been updated - your 1 stop shop for finding malware across different services!

Grab an updated copy at https://github.com/xorhex/mlget/releases/tag/v3.4.2

Happy to add additional services if folks know of more!

Some services I no longer have access to for testing - see the Alt text for more info.

avallach Jan 31, 2024

Added support to #mlget for downloading from VX-Underground's VirusExchange.

Number of sources supported is now 18! ⭐ Full list shown here: https://blog.xorhex.com/mlget/

Get the latest at: https://github.com/xorhex/mlget/releases/tag/v3.4.1

#malware

Mlget README

Custom Tools, Reverse Engineering, and Threat Research

avallach Oct 16, 2023

Updated #mlget (cli tool for downloading #malware from a variety of sources).

Added:
- Download ability from #AssemblyLine instances
- Find the correct file from #Triage when the file downloaded from Triage contains multiple files in the archive (and one of them should be the file being sought after)
- Fixed issue with #MalwareBazaar. MalwareBazaar needs to have the trailing slash on their API URL or it will do a redirect and mlget doesn't like it. The fix can either be done by adding the trailing slash to the .mlget.yml file or let the code adjust the call for you.

Grab the latest copy here: https://github.com/xorhex/mlget/releases/tag/v3.2.1_1

Release Added AssemblyLine + Triage Feature + Some Bug Fixes · xorhex/mlget

Features added: Ability to download from Assemblyline When downloading from Triage, sometimes the hash is contained inside a sandbox artifact. Mlget will now extract the artifact's contents and s...

GitHub

avallach Dec 21, 2022

#mlget has been updated. Grab the latest copy from: https://github.com/xorhex/mlget/releases

Features Added:
- Downloaded file is hashed and compared against the hash requested. Hopefully this will help detect when APIs change.
- #URLScanIO source added! Making this the 16th source queried!!

Bug Fixes:
- #Malpedia works again

Breaking Changes:
- If using #JoeSandbox, delete and recreate the config entries as the URL was updated to be inline with how the rest of the URLs are formatted (/v2 was moved from the code to the config)

Other Changes:
- Fix minor typos and remove #AnyRun reference from the help menu as that option is not available yet.

#malware

Releases · xorhex/mlget

A golang CLI tool to download malware from a variety of sources. - xorhex/mlget

GitHub

avallach Dec 20, 2022

Some additions, improvements, and fixes coming to #mlget soon.

https://github.com/xorhex/mlget

Mlget is a #malware downloader, allowing you to download from the following services:

#capesandbox
#filescanio
#hybridanalysis
#inquests
#joesandbox
#malpedia
#malshare / @malshare
#malwarebazaar
#mwdb
#objectivesee
#polyswarm
#triage
#unpacme
#urlscanio <-- NEW ADDITION COMING
#vt /#virustotal
#vxshare / @VXShare

It can also download and automatically upload to an MWDB instance of your choice.

GitHub - xorhex/mlget: A golang CLI tool to download malware from a variety of sources.

A golang CLI tool to download malware from a variety of sources. - GitHub - xorhex/mlget: A golang CLI tool to download malware from a variety of sources.

GitHub