Pentest Tools
Published on October 1st, 2016 📆 | 3861 Views ⚑
0Free Open Source Self Hosted VirusTotal: Malice
Malice’s mission is to be a free open source version of VirusTotal that anyone can use at any scale from an independent researcher to a fortune 500 company.’
Ubuntu Install:
Install Go
$ sudo add-apt-repository ppa:ubuntu-lxc/lxd-stable $ sudo apt-get update $ sudo apt-get install golang # You should add these two lines to you .bashrc file. $ export GOPATH=$HOME $ export PATH=$PATH:$GOPATH/bin
Install Docker
$ sudo apt-get update $ sudo apt-get install apt-transport-https ca-certificates $ sudo apt-key adv --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 58118E89F3A912897C070ADBF76221572C52609D $ echo "deb https://apt.dockerproject.org/repo ubuntu-trusty main" > sudo tee -a /etc/apt/sources.list.d/docker.list $ sudo apt-get update $ sudo apt-get install docker-engine $ sudo usermod -aG docker $USER # You might have to logout for change to take effect
Install Malice
$ sudo apt-get install libmagic-dev build-essential $ go get github.com/maliceio/malice
Download All Malice Plugins
$ malice plugin update --all
NOTE: pulling down all of the plugins can take a long time depending on your network speed.
Run Malice
$ export MALICE_VT_API=<YOUR API KEY> $ malice
NOTE: Malice has just created a
.malice
in your home directory. This is used to store theconfig/plugin
info as well as to store the samples that you scan.
Usage: malice [OPTIONS] COMMAND [arg...] Open Source Malware Analysis Framework Version: 0.1.0-alpha, build HEAD Author: blacktop - <https://github.com/blacktop> Options: --debug, -D Enable debug mode [$MALICE_DEBUG] --help, -h show help --version, -v print the version Commands: scan Scan a file lookup Look up a file hash elk Start an ELK docker container web Start, Stop Web services plugin List, Install or Remove Plugins help Shows a list of commands or help for one command Run 'malice COMMAND --help' for more information on a command.
[adsense size='1']
Plugin List
Name | Description | Enabled | Image | Category | Mime |
---|---|---|---|---|---|
nsrl | NSRL Database Hash Search | false | malice/nsrl | intel | hash |
virustotal | VirusTotal – files scan and hash lookup | true | malice/virustotal | intel | hash |
shadow-server | ShadowServer – hash lookup | true | malice/shadow-server | intel | hash |
team-cymru | TeamCymru – hash lookup | false | malice/team-cymru | intel | hash |
fileinfo | ssdeep/TRiD/exiftool | true | malice/fileinfo | metadata | * |
yara | YARA Scan | true | malice/yara | av | * |
avast | Avast AntiVirus | false | malice/avast | av | * |
avg | AVG AntiVirus | true | malice/avg | av | * |
bitdefender | Bitdefender AntiVirus | true | malice/bitdefender | av | * |
clamav | ClamAV | true | malice/clamav | av | * |
comodo | Comodo AntiVirus | true | malice/comodo | av | * |
fprot | F-PROT AntiVirus | true | malice/fprot | av | * |
f-secure | F-Secure AntiVirus | true | malice/f-secure | av | * |
sophos | Sophos AntiVirus | true | malice/sophos | av | * |
pe | PE – tool to triage portable executables | false | malice/pe | exe | application/x-dosexec |
floss | FireEye Labs Obfuscated String Solver | true | malice/floss | exe | application/x-dosexec |
office | Office – tool to triage OLE/RTF documents | false | malice/office | document | * |
PDF – tool to triage PDF documents | false | malice/pdf | document | application/pdf | |
javascript | Javascript – tool to triage JS scripts | false | malice/javascript | document | application/javascript |
zip | Zip – tool to unarchive archives | false | malice/zip | archive | archive |
https://github.com/maliceio/malice
Gloss