The Wayback Machine - http://web.archive.org/web/20200616145038/https://github.com/maliceio/malice
Skip to content

/ malice

VirusTotal Wanna Be - Now with 100% more Hipster
malice docker malware infosec virustotal elasticsearch golang antivirus cloud cybersecurity dfir malware-analysis malware-research
Go Makefile Dockerfile API Blueprint Shell Python Other
  1. Go 94.3%
  2. Makefile 2.0%
  3. Dockerfile 1.2%
  4. API Blueprint 1.1%
  5. Shell 0.9%
  6. Python 0.3%
  7. Other 0.2%
Branch: master
Find file
Clone or download

Clone with HTTPS

Use Git or checkout with SVN using the web URL.

Open in Desktop Download ZIP

Latest commit

@tkisason @blacktop
tkisason and blacktop Update README.md (#95) 
Typo in the command, needs -- in order to work
Latest commit 9d647ac Mar 18, 2019

Files

Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.docker add certs to docker image Sep 7, 2018
.github github is cool Oct 20, 2018
.release bump version Dec 2, 2018
api remove old api code Apr 22, 2017
cmd plop Apr 22, 2017
commands bug: elasticsearch support for local in docker and remote Sep 4, 2018
config bump version Dec 2, 2018
contrib/completion/zsh remove homebrew from here Apr 21, 2017
data a little reorg Aug 6, 2016
docs add new screen shot Jan 7, 2019
malice bug: elasticsearch support for local in docker and remote Sep 4, 2018
plugins add kaspersky av Nov 26, 2018
utils fix config issue Jun 30, 2017
vendor I got got by gotty, naughty gotty naughty Nov 24, 2018
web a little reorg Jan 3, 2016
.gitignore bump DB to 6.5.0 Nov 24, 2018
.goreleaser.yml no zsh completions from rpm for now 😢 Jul 27, 2018
.travis.yml fixes Aug 1, 2018
Brewfile updates Jul 28, 2018
CHANGELOG.md add totalhash plugin Dec 22, 2016
CONTRIBUTING.md cleanup README Oct 2, 2016
Gopkg.lock I got got by gotty, naughty gotty naughty Nov 24, 2018
Gopkg.toml I got got by gotty, naughty gotty naughty Nov 24, 2018
LICENSE update README Apr 16, 2017
Makefile bug: elasticsearch support for local in docker and remote Sep 4, 2018
README.md Update README.md (#95) Mar 18, 2019
Vagrantfile fix vagrantfile Nov 24, 2018
apiary.apib fix docs Oct 14, 2016
circle.yml fix config updater Apr 21, 2017
docker-compose.yml add pescan yall 🎉 Aug 20, 2018
main.go add codecov.io Apr 22, 2017

README.md

malice logo

malice

Circle CI License Release bh-arsenal Gitter

Malice's mission is to be a free open source version of VirusTotal that anyone can use at any scale from an independent researcher to a fortune 500 company.

Try It Out

DEMO: demo.malice.io

  • username: malice
  • password: ecilam

Requirements

Hardware

  • ~16GB disk space
  • ~4GB RAM

Software

Getting Started (OSX)

Install

$ brew install maliceio/tap/malice
Usage: malice [OPTIONS] COMMAND [arg...]

Open Source Malware Analysis Framework

Version: 0.3.11

Author:
  blacktop - <https://github.com/blacktop>

Options:
  --debug, -D      Enable debug mode [$MALICE_DEBUG]
  --help, -h       show help
  --version, -v    print the version

Commands:
  scan        Scan a file
  watch        Watch a folder
  lookup    Look up a file hash
  elk        Start an ELK docker container
  plugin    List, Install or Remove Plugins
  help        Shows a list of commands or help for one command

Run 'malice COMMAND --help' for more information on a command.

Scan some malware

$ malice scan evil.malware

NOTE: On the first run malice will download all of it's default plugins which can take a while to complete.

Malice will output the results as a markdown table that can be piped or copied into a results.md that will look great on Github see here

Start Malice's Web UI

$ malice elk

You can open the Kibana UI and look at the scan results here: http://localhost (assuming you are using Docker for Mac)

kibana-setup

  • Type in malice as the Index name or pattern and click Create.

  • Now click on the Malice Tab and behold!!!

kibana-plugin

Getting Started (Docker in Docker)

CircleCI Docker Stars Docker Pulls Docker Image

Install/Update all Plugins

docker run --rm -v /var/run/docker.sock:/var/run/docker.sock malice/engine plugin update --all

Scan a file

docker run --rm -v /var/run/docker.sock:/var/run/docker.sock \
                -v `pwd`:/malice/samples \
                --network="host" \
                -e MALICE_VT_API=$MALICE_VT_API \
                malice/engine scan SAMPLE

Documentation

Known Issues ⚠️

If you are having issues with malice connecting/writting to elasticsearch please see the following:

I have noticed when running the new 5.0+ version of malice/elasticsearch on a linux host you need to increase the memory map areas with the following command

sudo sysctl -w vm.max_map_count=262144

Elasticsearch requires a LOT of RAM to run smoothly. You can lower it to 2GB by running the following (before running a scan):

$ docker run -d \
         -p 9200:9200 \
         --name malice-elastic \
         -e ES_JAVA_OPTS="-Xms2g -Xmx2g" \
         malice/elasticsearch

See here for more details on Known Issues/FAQs ⚠️

Issues

Find a bug? Want more features? Find something missing in the documentation? Let me know! Please don't hesitate to file an issue

CHANGELOG

See CHANGELOG.md

License

Apache License (Version 2.0)
Copyright (c) 2013 - 2018 blacktop Joshua Maine

You can’t perform that action at this time.