/PeekabooAV

Peekaboo Extended Email Attachment Behavior Observation Owl

Primary LanguagePythonGNU General Public License v3.0GPL-3.0

PeekabooAV

Peekaboo Extended Email Attachment Behavior Observation Owl

  • PeekabooAV is an Anti Virus software
  • It gets email attachments from AMaViSd, checks them, uses Cuckoo for behavioral checks, and evaluates and rates fully automatic
  • PeekabooAV is written in Python, multi-threaded, scalable, has a very powerful ruleset, and is easy to extend and personalize
  • It is able to detect: malware by its behavior, exploitation of zero days, and targeted attacks

For news and announcements follow us on twitter @peekabooAV.

Getting Started

Prerequisites

Installation

Clone the repository

git clone https://github.com/scVENUS/PeekabooAV.git

Install dependencies

pip install -r requirements.txt

Compile chown2me

cd bin/
make chown2me
sudo setcap cap_chown+ep chown2me

Install PeekabooAV

python setup.py install

Configuration

Take a look at peekaboo.conf.sample and ruleset.conf.sample.

Running the tests

Runs the unit tests

python test.py 

Usage

Now, you can run PeekabooAV with

peekaboo -c /path/to/your/peekaboo.conf

Note: If you have your PeekabooAV configuration file named peekaboo.conf and put it in the base directory of the repository you can omit the -c option.
Also, for detailed command line options run

peekaboo --help

Usage without Installation

You can now run PeekabooAV without installing it using the peekaboo_debug.py script.

python peekaboo_debug.py -c /path/to/your/peekaboo.conf

Note: peekaboo_debug.py provides the same command line options like peekaboo. They can be displayed by running

python peekaboo_debug.py --help

Contributing

Please read CONTRIBUTING.md for details on our code of conduct, and the process for submitting pull requests to us.

Versioning

We use SemVer for versioning. For the versions available, see the tags on this repository.

Authors

  • Felix Bauer - Security Analyst and Project Leader - @Jack28
  • Sebastian Deiss - Technical Lead - @SebastianDeiss

License

This project is licensed under the GPL 3 license - see the LICENSE.txt file for details.