Malice Office/OLE/RTF Plugin
This repository contains a Dockerfile of the malice plugin malice/office.
- Install Docker.
- Download trusted build from public DockerHub:
docker pull malice/office
$ docker run --rm -v /path/to/file:/malware:ro malice/office FILE
Usage: office [OPTIONS] COMMAND [arg...]
Malice Office Plugin
Version: v0.1.0, BuildTime: 20160627
Author:
blacktop - <https://github.com/blacktop>
Options:
--verbose, -V verbose output
--rethinkdb value rethinkdb address for Malice to store results [$MALICE_RETHINKDB]
--post, -p POST results to Malice webhook [$MALICE_ENDPOINT]
--proxy, -x proxy settings for Malice webhook endpoint [$MALICE_PROXY]
--table, -t output as Markdown table
--help, -h show help
--version, -v print the version
Commands:
help Shows a list of commands or help for one command
Run 'office COMMAND --help' for more information on a command.This will output to stdout and POST to malice results API webhook endpoint.
{
"office":
}- To write results to ElasticSearch
- To create a Office scan micro-service
- To post results to a webhook
Find a bug? Want more features? Find something missing in the documentation? Let me know! Please don't hesitate to file an issue and I'll get right on it.
See CHANGELOG.md
See all contributors on GitHub.
Please update the CHANGELOG.md
Heavily (if not entirely) influenced by the viper Office module and by CSE's alsvc_oletools
- add timeout protection
MIT Copyright (c) 2016 blacktop