Skip to content
Easy-to-use live forensics toolbox for Linux endpoints
Branch: master
Clone or download
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
static Auto upload files to VirusTotal if no existing report found Mar 20, 2018
templates
LICENSE Initial commit Nov 26, 2017
README.md changed 'start_server.sh' to 'deploy.sh' Apr 1, 2018
config.py Fix log paths for CentOS Apr 1, 2018
deploy.sh changed 'start_server.sh' to 'deploy.sh' Apr 1, 2018
image.gif added gif Nov 27, 2017
linux_explorer.py create tmp folders for core dump / strings Apr 1, 2018
requirements.txt chore(dependencies): bump flask to 0.12.4 Oct 31, 2018
tools.py Auto install external tools in private directory Mar 27, 2018
update_signatures.sh added automatic update of yara signatures every startup Mar 11, 2018

README.md

Linux Expl0rer

Easy-to-use live forensics toolbox for Linux endpoints written in Python & Flask.

Alt Text

Capabilities

ps

  • View full process list
  • Inspect process memory map & fetch memory strings easly
  • Dump process memory in one click
  • Automaticly search hash in public services

users

  • users list

find

  • Search for suspicious files by name/regex

netstat

  • Whois

logs

  • syslog
  • auth.log(user authentication log)
  • ufw.log(firewall log)
  • bash history

anti-rootkit

  • chkrootkit

yara

  • Scan a file or directory using YARA signatures by @Neo23x0
  • Scan a running process memory address space
  • Upload your own YARA signature

Requirements

  • Python 2.7

Installation

wget https://github.com/intezer/linux-explorer/archive/master.zip -O master.zip
unzip master.zip
cd linux-explorer-master
./deploy.sh

Usage

  1. Start your browser
firefox http://127.0.0.1:8080

Setup VT/OTX api keys(optional)

nano config.py

Edit following lines:

VT_APIKEY = '<key>'
OTX_APIKEY = '<key>'
MALSHARE_APIKEY = '<key>'

Notes

Misc

You can’t perform that action at this time.