Malice Zip/Compressed File Plugins
This repository contains a Dockerfile of the malice plugin malice/zip.
- Install Docker.
- Download trusted build from public DockerHub:
docker pull malice/zip
docker run --rm -v /path/to/rules:/rules:ro malice/zip FILE
$ docker run -v /path/to/malware:/malware:ro -v /path/to/rules:/rules:ro malice/zip FILE
Usage: zip [OPTIONS] COMMAND [arg...]
Malice Zip Plugin
Version: v0.1.0, BuildTime: 20160214
Author:
blacktop - <https://github.com/blacktop>
Options:
--verbose, -V verbose output
--rethinkdb value rethinkdb address for Malice to store results [$MALICE_RETHINKDB]
--post, -p POST results to Malice webhook [$MALICE_ENDPOINT]
--proxy, -x proxy settings for Malice webhook endpoint [$MALICE_PROXY]
--table, -t output as Markdown table
--rules value zip rules directory (default: "/rules")
--help, -h show help
--version, -v print the version
Commands:
help Shows a list of commands or help for one command
Run 'zip COMMAND --help' for more information on a command.
This will output to stdout and POST to malice results API webhook endpoint.
{ "zip": { } }
To write results to ElasticSearch
$ docker volume create --name malice
$ docker run -d --name elastic \
-p 9200:9200 \
-v malice:/usr/share/elasticsearch/data \
blacktop/elasticsearch
$ docker run --rm --link elastic malice/zip FILE
$ docker run -v `pwd`:/malware:ro \
-e MALICE_ENDPOINT="https://malice.io:31337/scan/file" \
malice/zip --post evil.zip
Find a bug? Want more features? Find something missing in the documentation? Let me know! Please don't hesitate to file an issue
See CHANGELOG.md
See all contributors on GitHub.
Please update the CHANGELOG.md and submit a Pull Request on GitHub.
MIT Copyright (c) 2016-2017 blacktop