Skip to content
Easy-to-use live forensics toolbox for Linux endpoints
HTML Python Shell CSS JavaScript
Branch: master
Clone or download
Latest commit 9ffc8cd Aug 14, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
static Added support for uploading files to Intezer Analyze on demand Aug 4, 2019
templates
LICENSE Initial commit Nov 26, 2017
README.md Update README.md Aug 14, 2019
config.py Added support for uploading files to Intezer Analyze on demand Aug 4, 2019
deploy.sh minor installation and requirements fixes Aug 14, 2019
image.gif added gif Nov 27, 2017
linux_explorer.py Added support for uploading files to Intezer Analyze on demand Aug 4, 2019
requirements.txt minor installation and requirements fixes Aug 14, 2019
tools.py Auto install external tools in private directory Mar 27, 2018
update_signatures.sh added automatic update of yara signatures every startup Mar 11, 2018

README.md

Linux Expl0rer

Easy-to-use live forensics toolbox for Linux endpoints written in Python & Flask.

Alt Text

Capabilities

ps

users

  • users list

find

  • Search for suspicious files by name/regex

netstat

  • Whois

logs

  • syslog
  • auth.log(user authentication log)
  • ufw.log(firewall log)
  • bash history

anti-rootkit

  • chkrootkit

yara

  • Scan a file or directory using YARA signatures by @Neo23x0
  • Scan a running process memory address space
  • Upload your own YARA signature

Requirements

  • Python 3.6

Installation

wget https://github.com/intezer/linux-explorer/archive/master.zip -O master.zip
unzip master.zip
cd linux-explorer-master
./deploy.sh

Usage

  1. Start your browser
firefox http://127.0.0.1:8080

Configure API keys (optional)

nano config.py

Edit following lines:

INTEZER_APIKEY = '<key>'
VT_APIKEY = '<key>'
OTX_APIKEY = '<key>'
MALSHARE_APIKEY = '<key>'

Notes

Misc

You can’t perform that action at this time.