████████╗ ██████╗ ██╗   ██╗ ██████╗ █████╗ ███╗   ██╗███████╗████████╗██████╗ ██╗██╗  ██╗███████╗
╚══██╔══╝██╔═══██╗██║   ██║██╔════╝██╔══██╗████╗  ██║██╔════╝╚══██╔══╝██╔══██╗██║██║ ██╔╝██╔════╝
   ██║   ██║   ██║██║   ██║██║     ███████║██╔██╗ ██║███████╗   ██║   ██████╔╝██║█████╔╝ █████╗  
   ██║   ██║   ██║██║   ██║██║     ██╔══██║██║╚██╗██║╚════██║   ██║   ██╔══██╗██║██╔═██╗ ██╔══╝  
   ██║   ╚██████╔╝╚██████╔╝╚██████╗██║  ██║██║ ╚████║███████║   ██║   ██║  ██║██║██║  ██╗███████╗
   ╚═╝    ╚═════╝  ╚═════╝  ╚═════╝╚═╝  ╚═╝╚═╝  ╚═══╝╚══════╝   ╚═╝   ╚═╝  ╚═╝╚═╝╚═╝  ╚═╝╚══════╝     

A Command line tool for launching attacks against Machine Learning Malware detectors. Based on SecML Malware, it provides most of the state of the art attacks directly in your shell.

Install

conda create -n toucanstrike python=3.8
conda activate toucanstrike
pip install -r requirements.txt

Usage

First, set a target (it must be the name of a classifier inside the plugin folder). We already provide these code wrappers:

• malconv for the MalConv classifier (along with its weights)
• gbdt_ember for EMBER GBDT classifier
• dnn_lin and dnn_relu for the DNN-Lin and DNN-ReLu networks

Then, set the data to use: data your_malware_folder

It is time for the attack. You can type whitebox --help or blackbox --help for the list of strategies. An example might be: whitebox --type partial_dos

Finally, you can launch your test!

target malconv
data your_malware_folder
whitebox --type partial_dos
run

Plugins

Want to add a target? Just add a folder inside the plugin folder! There are already some provided targets, and it is easy to learn how to make one!

Help wanted!

If you want to include more functionalities, just open a pull request!