/malice

VirusTotal Wanna Be - Now with 100% more Hipster

Primary LanguageGoApache License 2.0Apache-2.0

malice logo

malice

CircleCI License GoDoc Gitter Chat

Malice's mission is to be a free open source version of VirusTotal that anyone can use at any scale from an independent researcher to a fortune 500 company.

Setup Docker (OSX)

Install Docker for Mac

-Or-

Install with homebrew.

$ brew install caskroom/cask/brew-cask
$ brew cask install virtualbox
$ brew install docker
$ brew install docker-machine
$ docker-machine create --driver virtualbox --engine-storage-driver overlay malice
$ eval $(docker-machine env malice)

Getting Started (OSX)

Install

$ brew install https://raw.githubusercontent.com/maliceio/malice/master/contrib/homebrew/Formula/malice.rb
Usage: malice [OPTIONS] COMMAND [arg...]

Open Source Malware Analysis Framework

Version: 0.1.0-alpha, build HEAD

Author:
  blacktop - <https://github.com/blacktop>

Options:
  --debug, -D  	Enable debug mode [$MALICE_DEBUG]
  --help, -h   	show help
  --version, -v	print the version

Commands:
  scan		Scan a file
  watch		Watch a folder
  lookup	Look up a file hash
  elk		Start an ELK docker container
  web		Start, Stop Web services
  plugin	List, Install or Remove Plugins
  help		Shows a list of commands or help for one command

Run 'malice COMMAND --help' for more information on a command.

Scan some malware

$ malice scan evil.malware

NOTE: On the first run malice will download all of it's default plugins which can take a while to complete.

Malice will output the results as a markdown table that can be piped or copied into a results.md that will look great on Github see here

Once the scan completes you can open the Kibana UI and look at the scan results here: http://localhost (assuming you are using Docker for Mac)

  • You will be prompted for a user/pass which defaults to:

    • user: admin
    • password: admin

kibana-setup

  • Type in malice as the Index name or pattern and click Create.

  • Now click on the Discover Tab and behold!!!

kibana-scan

Getting Started (Docker in Docker)

Docker Stars Docker Pulls ![Docker Image](https://img.shields.io/badge/docker image-37.04 MB-blue.svg)

Install/Update all Plugins

docker run --rm -v /var/run/docker.sock:/var/run/docker.sock malice/engine plugin update --all

Scan a file

docker run --rm -v /var/run/docker.sock:/var/run/docker.sock \
                -v `pwd`:/malice/samples \
                -e MALICE_VT_API=$MALICE_VT_API \
                malice/engine scan SAMPLE

Use malice/engine like a host binary

Add the following to your bash or zsh profile

$ alias malice='docker run --rm -v /var/run/docker.sock:/var/run/docker.sock \
                -v `pwd`:/malice/samples \
                -e MALICE_VT_API=$MALICE_VT_API \
                malice/engine $@'

Documentation

CHANGELOG

See CHANGELOG.md

License

Apache License (Version 2.0)
Copyright (c) 2013 - 2016 blacktop Joshua Maine