malice

Malice's mission is to be a free open source version of VirusTotal that anyone can use at any scale from an independent researcher to a fortune 500 company.

Setup Docker

To Run on OSX - Install Docker for Mac

Or install with homebrew.

$ brew install caskroom/cask/brew-cask
$ brew cask install virtualbox
$ brew install docker
$ brew install docker-machine
$ docker-machine create --driver virtualbox --engine-storage-driver overlay malice
$ eval $(docker-machine env malice)

Getting Started

Install

$ brew install https://raw.githubusercontent.com/maliceio/malice/master/contrib/homebrew/Formula/malice.rb

Usage: malice [OPTIONS] COMMAND [arg...]

Open Source Malware Analysis Framework

Version: 0.1.0-alpha, build HEAD

Author:
  blacktop - <https://github.com/blacktop>

Options:
  --debug, -D  	Enable debug mode [$MALICE_DEBUG]
  --help, -h   	show help
  --version, -v	print the version

Commands:
  scan		Scan a file
  watch		Watch a folder
  lookup	Look up a file hash
  elk		Start an ELK docker container
  web		Start, Stop Web services
  plugin	List, Install or Remove Plugins
  help		Shows a list of commands or help for one command

Run 'malice COMMAND --help' for more information on a command.

Usage (Docker in Docker)

![Docker Image](https://img.shields.io/badge/docker image-29.56 MB-blue.svg)

Install/Update all Plugins

docker run --rm -v /var/run/docker.sock:/var/run/docker.sock malice/engine plugin update --all

Scan a file

docker run --rm -v /var/run/docker.sock:/var/run/docker.sock \
                -v `pwd`:/malice/samples \
                -e MALICE_VT_API=$MALICE_VT_API \
                malice/engine scan SAMPLE

Documentation

Install

$ go get github.com/maliceio/malice

Malice will have binary releases for all platforms soon.

To install on Linux:

Ubuntu

Plugins

Plugins List (and growing)

Examples

Example Output

Tips and Tricks

If you have have zsh installed you can install the zsh-completions:

$ cd $GOPATH/src/github.com/maliceio/malice/contrib/completion/zsh
$ ./install.sh

Issues

Find a bug? Want more features? Find something missing in the documentation? Let me know! Please don't hesitate to file an issue and I'll get right on it.

MVP

Minimum Viable Product

To be able to scan malware on OSX via cli and have the results either sent to stdout as Markdown tables or store results in ELK with an arbitrary amount of registered Malice plugins.

TODO

Figure out how to do Windows AV ? 😖

CHANGELOG

See CHANGELOG.md

Contributing

See all contributors on GitHub.

Please update the CHANGELOG.md and submit a Pull Request on GitHub.

Name		Name	Last commit message	Last commit date
Latest commit History 292 Commits
.docker		.docker
.github		.github
Godeps		Godeps
api		api
commands		commands
config		config
contrib		contrib
data		data
docs		docs
install		install
malice		malice
plugins		plugins
utils		utils
vendor		vendor
version		version
web		web
.gitignore		.gitignore
.travis.yml		.travis.yml
CHANGELOG.md		CHANGELOG.md
LICENSE		LICENSE
Makefile		Makefile
Makefile.old		Makefile.old
NOTES.md		NOTES.md
README.md		README.md
Vagrantfile		Vagrantfile
circle.yml		circle.yml
gulpfile.js		gulpfile.js
main.go		main.go
package.json		package.json

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

malice

Setup Docker

Getting Started

Install

Usage (Docker in Docker)

Documentation

Install

Plugins

Examples

Tips and Tricks

Issues

MVP

TODO

CHANGELOG

Contributing

License

About

Releases

Packages

Languages

License

pombredanne/malice-1

Folders and files

Latest commit

History

Repository files navigation

malice

Setup Docker

Getting Started

Install

Usage (Docker in Docker)

Documentation

Install

Plugins

Examples

Tips and Tricks

Issues

MVP

TODO

CHANGELOG

Contributing

License

About

Resources

License

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages