Skip to content
This repository has been archived by the owner on Dec 12, 2021. It is now read-only.

maliceio/malice

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
5 branches 28 tags
Code

Latest commit

@blacktop
blacktop fixes
423f132 Dec 11, 2021
fixes
423f132

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
.docker
 
 
.github
 
 
.release
 
 
api
 
 
cmd
 
 
commands
 
 
config
 
 
contrib/completion/zsh
 
 
data
 
 
docs
 
 
malice
 
 
plugins
 
 
utils
 
 
vendor
 
 
web
 
 
.gitignore
 
 
.goreleaser.yml
 
 
.travis.yml
 
 
Brewfile
 
 
CHANGELOG.md
 
 
CONTRIBUTING.md
 
 
Gopkg.lock
 
 
Gopkg.toml
 
 
LICENSE
 
 
Makefile
 
 
README.md
 
 
Vagrantfile
 
 
apiary.apib
 
 
circle.yml
 
 
docker-compose.yml
 
 
main.go
 
 
malice Try It Out Requirements Hardware Software Getting Started (OSX) Install Scan some malware Start Malice's Web UI Getting Started (Docker in Docker) Install/Update all Plugins Scan a file Documentation Known Issues ⚠️ If you are having issues with malice connecting/writting to elasticsearch please see the following: See here for more details on Known Issues/FAQs ⚠️ Issues CHANGELOG License

README.md

malice logo

malice

Circle CI License Release bh-arsenal Gitter

Malice's mission is to be a free open source version of VirusTotal that anyone can use at any scale from an independent researcher to a fortune 500 company.

Try It Out

DEMO: demo.malice.io

  • username: malice
  • password: ecilam

Requirements

Hardware

  • ~16GB disk space
  • ~4GB RAM

Software

Getting Started (OSX)

Install

$ brew install maliceio/tap/malice
Usage: malice [OPTIONS] COMMAND [arg...]

Open Source Malware Analysis Framework

Version: 0.3.11

Author:
  blacktop - <https://github.com/blacktop>

Options:
  --debug, -D      Enable debug mode [$MALICE_DEBUG]
  --help, -h       show help
  --version, -v    print the version

Commands:
  scan        Scan a file
  watch        Watch a folder
  lookup    Look up a file hash
  elk        Start an ELK docker container
  plugin    List, Install or Remove Plugins
  help        Shows a list of commands or help for one command

Run 'malice COMMAND --help' for more information on a command.

Scan some malware

$ malice scan evil.malware

NOTE: On the first run malice will download all of it's default plugins which can take a while to complete.

Malice will output the results as a markdown table that can be piped or copied into a results.md that will look great on Github see here

Start Malice's Web UI

$ malice elk

You can open the Kibana UI and look at the scan results here: http://localhost (assuming you are using Docker for Mac)

kibana-setup

  • Type in malice as the Index name or pattern and click Create.

  • Now click on the Malice Tab and behold!!!

kibana-plugin

Getting Started (Docker in Docker)

CircleCI Docker Stars Docker Pulls Docker Image

Install/Update all Plugins

docker run --rm -v /var/run/docker.sock:/var/run/docker.sock malice/engine plugin update --all

Scan a file

docker run --rm -v /var/run/docker.sock:/var/run/docker.sock \
                -v `pwd`:/malice/samples \
                --network="host" \
                -e MALICE_VT_API=$MALICE_VT_API \
                malice/engine scan SAMPLE

Documentation

Known Issues ⚠️

If you are having issues with malice connecting/writting to elasticsearch please see the following:

I have noticed when running the new 5.0+ version of malice/elasticsearch on a linux host you need to increase the memory map areas with the following command

sudo sysctl -w vm.max_map_count=262144

Elasticsearch requires a LOT of RAM to run smoothly. You can lower it to 2GB by running the following (before running a scan):

$ docker run -d \
         -p 9200:9200 \
         --name malice-elastic \
         -e ES_JAVA_OPTS="-Xms2g -Xmx2g" \
         malice/elasticsearch

See here for more details on Known Issues/FAQs ⚠️

Issues

Find a bug? Want more features? Find something missing in the documentation? Let me know! Please don't hesitate to file an issue

CHANGELOG

See CHANGELOG.md

License

Apache License (Version 2.0)
Copyright (c) 2013 - 2018 blacktop

About

VirusTotal Wanna Be - Now with 100% more Hipster

Topics

docker golang elasticsearch cloud malware dfir cybersecurity infosec antivirus malware-analysis malware-research virustotal malice

Resources

Readme

License

Apache-2.0 license

Stars

1.4k stars

Watchers

93 watching

Forks

248 forks

Releases 28

v0.3.28 Latest
Dec 2, 2018
+ 27 releases

Packages

No packages published

Contributors 3

Languages