malice

command module
v0.3.8 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 30, 2017 License: Apache-2.0 Imports: 11 Imported by: 0

README

malice logo

malice

Release License Build Status GoDoc codecov Gitter

Malice's mission is to be a free open source version of VirusTotal that anyone can use at any scale from an independent researcher to a fortune 500 company.

Setup Docker (OSX)

Install Docker for Mac

-Or-

Install with homebrew.

$ brew install caskroom/cask/brew-cask
$ brew cask install virtualbox
$ brew install docker
$ brew install docker-machine
$ docker-machine create --driver virtualbox --engine-storage-driver overlay malice
$ eval $(docker-machine env malice)
Getting Started (OSX)
Install
$ brew install maliceio/tap/malice

Usage: malice [OPTIONS] COMMAND [arg...]

Open Source Malware Analysis Framework

Version: 0.3.0-beta

Author:
  blacktop - <https://github.com/blacktop>

Options:
  --debug, -D  	Enable debug mode [$MALICE_DEBUG]
  --help, -h   	show help
  --version, -v	print the version

Commands:
  scan		Scan a file
  watch		Watch a folder
  lookup	Look up a file hash
  elk		Start an ELK docker container
  plugin	List, Install or Remove Plugins
  help		Shows a list of commands or help for one command

Run 'malice COMMAND --help' for more information on a command.
Scan some malware
$ malice scan evil.malware

NOTE: On the first run malice will download all of it's default plugins which can take a while to complete.

Malice will output the results as a markdown table that can be piped or copied into a results.md that will look great on Github see here

Start Malice's Web UI
$ malice elk

You can open the Kibana UI and look at the scan results here: http://localhost (assuming you are using Docker for Mac)

kibana-setup

  • Type in malice as the Index name or pattern and click Create.

  • Now click on the Discover Tab and behold!!!

kibana-scan

Getting Started (Docker in Docker)

CircleCI Docker Stars Docker Pulls Docker Image

Install/Update all Plugins
docker run --rm -v /var/run/docker.sock:/var/run/docker.sock malice/engine plugin update --all
Scan a file
docker run --rm -v /var/run/docker.sock:/var/run/docker.sock \
                -v `pwd`:/malice/samples \
                -e MALICE_VT_API=$MALICE_VT_API \
                malice/engine scan SAMPLE

Documentation

Known Issues ⚠

I have noticed when running the new 5.0 version of blacktop/elastic-stack on a linux host you need to increase the memory map areas with the following command

sudo sysctl -w vm.max_map_count=262144
Issues

Find a bug? Want more features? Find something missing in the documentation? Let me know! Please don't hesitate to file an issue

CHANGELOG

See CHANGELOG.md

License

Apache License (Version 2.0)
Copyright (c) 2013 - 2017 blacktop Joshua Maine

Documentation

The Go Gopher

There is no documentation for this package.

Source Files

View all Source files

Directories

Path Synopsis
api
errors
server
server/router
types
database
database/elasticsearch
database/rethinkdb
docker
docker/client
docker/client/container
docker/client/image
docker/client/network
docker/client/volume
drivers
errors
logger
maldirs
malutils
persist
ui
clitable
Package clitable implements methods for pretty command line table output.
 Package clitable implements methods for pretty command line table output.
tomlupdate

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.