HackingLZ

HackingLZ / maps_scanner

Public

MAPS cloud scanner and response parser for Microsoft Defender research.

malware-analysis maps protocol-analysis python security-research
74
3
100% credibility
Found Feb 20, 2026 at 50 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
Python
AI Summary

A research tool that connects to Microsoft's Windows Defender cloud service to check file reputations, URL safety, and perform local file analysis.

How It Works

1
🔍 Discover the safety checker

You find a helpful tool online that lets you ask Microsoft's safety cloud if files or links are dangerous, perfect for curious security explorers.

2
📥 Get it ready

Download the tool and prepare it with a simple setup so it's all set to use on your computer.

3
🗂️ Choose what to check

Pick a file, web link, or its unique fingerprint to see if it's safe.

4
☁️ Send for cloud check

The tool quietly talks to the safety cloud and brings back a quick answer on whether it's clean, risky, or unknown.

5
📊 View your results

See clear results like 'safe', 'malware detected', or details on threats, with options for deeper local peeks.

6
🔬 Explore more checks

Try scanning batches, testing connections, or building custom queries to learn even more about safety signals.

🛡️ Master file safety

Now you confidently spot dangers in files and links using pro-level cloud insights, all for safe research.

Sign up to see the full architecture

5 more

Sign Up Free

Star Growth

See how this repo grew from 50 to 74 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is maps_scanner?

This Python tool lets you directly query Microsoft Defender's MAPS cloud service—the backend powering real-time file reputation, URL checks, and dynamic signatures. Submit files, hashes, or URLs for cloud verdicts (clean, malware, PUA), test connectivity with heartbeats, or run local PE analysis without network calls. It also builds, decodes, and replays Bond protocol payloads, turning opaque cloud interactions into actionable research.

Why is it gaining traction?

It reverse-engineers the exact Bond CompactBinaryV1 wire format Defender uses, enabling hash lookups and scans that match client behavior without installing AV software. The CLI shines with commands like `scan file.exe`, `url example.com`, `decode payload.bin`, and even API fuzzing for undocumented endpoints—far beyond basic maps cloud api wrappers or google maps scanner github toys. Low barrier: pip-install requests (pefile optional), instant results in human or JSON format.

Who should use this?

Security researchers probing Defender cloudblock levels or BAFS decisions; malware analysts batch-checking hashes via `scan-batch`; reverse engineers dissecting MAPS responses or fuzzing maps api scanner python endpoints. Ideal for Defender bypass testing, protocol studies, or integrating into maps cloud protection pipelines—not casual barcode scanner maps hobbyists.

Verdict

Grab it for niche Defender research—solid CLI, docs with live test results, but 22 stars and 1.0% credibility signal early maturity; expect tweaks for production. Strong start over fragmented maps cloud console alternatives.

(198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.