Skip to content

Latest commit

 

History

History
148 lines (98 loc) · 4.34 KB

README.md

File metadata and controls

148 lines (98 loc) · 4.34 KB

malice logo

malice

CircleCI License GoDoc Gitter Chat

Malice's mission is to be a free open source version of VirusTotal that anyone can use at any scale from an independent researcher to a fortune 500 company.

Setup Docker

To Run on OSX - Install Docker for Mac

Or install with homebrew.

$ brew install caskroom/cask/brew-cask
$ brew cask install virtualbox
$ brew install docker
$ brew install docker-machine
$ docker-machine create --driver virtualbox --engine-storage-driver overlay malice
$ eval $(docker-machine env malice)

Getting Started

Install

$ brew install https://raw.githubusercontent.com/maliceio/malice/master/contrib/homebrew/Formula/malice.rb
Usage: malice [OPTIONS] COMMAND [arg...]

Open Source Malware Analysis Framework

Version: 0.1.0-alpha, build HEAD

Author:
  blacktop - <https://github.com/blacktop>

Options:
  --debug, -D  	Enable debug mode [$MALICE_DEBUG]
  --help, -h   	show help
  --version, -v	print the version

Commands:
  scan		Scan a file
  watch		Watch a folder
  lookup	Look up a file hash
  elk		Start an ELK docker container
  web		Start, Stop Web services
  plugin	List, Install or Remove Plugins
  help		Shows a list of commands or help for one command

Run 'malice COMMAND --help' for more information on a command.

Usage (Docker in Docker)

Docker Stars Docker Pulls ![Docker Image](https://img.shields.io/badge/docker image-29.56 MB-blue.svg)

Install/Update all Plugins

docker run --rm -v /var/run/docker.sock:/var/run/docker.sock malice/engine plugin update --all

Scan a file

docker run --rm -v /var/run/docker.sock:/var/run/docker.sock \
                -v `pwd`:/malice/samples \
                -e MALICE_VT_API=$MALICE_VT_API \
                malice/engine scan SAMPLE

Documentation

Install

$ go get github.com/maliceio/malice

Malice will have binary releases for all platforms soon.

To install on Linux:

Plugins

Examples

Tips and Tricks

If you have have zsh installed you can install the zsh-completions:

$ cd $GOPATH/src/github.com/maliceio/malice/contrib/completion/zsh
$ ./install.sh

Issues

Find a bug? Want more features? Find something missing in the documentation? Let me know! Please don't hesitate to file an issue and I'll get right on it.

MVP

Minimum Viable Product

To be able to scan malware on OSX via cli and have the results either sent to stdout as Markdown tables or store results in ELK with an arbitrary amount of registered Malice plugins.

TODO

  • Figure out how to do Windows AV ? 😖

CHANGELOG

See CHANGELOG.md

Contributing

See all contributors on GitHub.

Please update the CHANGELOG.md and submit a Pull Request on GitHub.

License

Apache License (Version 2.0)
Copyright (c) 2013 - 2016 blacktop Joshua Maine