Malice's mission is to be a free open source version of VirusTotal that anyone can use at any scale from an independent researcher to a fortune 500 company.
$ brew install maliceio/tap/malice
Usage: malice [OPTIONS] COMMAND [arg...] Open Source Malware Analysis Framework Version: 0.3.11 Author: blacktop - <https://github.com/blacktop> Options: --debug, -D Enable debug mode [$MALICE_DEBUG] --help, -h show help --version, -v print the version Commands: scan Scan a file watch Watch a folder lookup Look up a file hash elk Start an ELK docker container plugin List, Install or Remove Plugins help Shows a list of commands or help for one command Run 'malice COMMAND --help' for more information on a command.
$ malice scan evil.malware
NOTE: On the first run malice will download all of it's default plugins which can take a while to complete.
Malice will output the results as a markdown table that can be piped or copied into a results.md that will look great on Github see here
$ malice elk
Type in malice as the
Index name or pattern and click Create.
Now click on the
Malice Tab and behold!!!
docker run --rm -v /var/run/docker.sock:/var/run/docker.sock malice/engine plugin update --all
docker run --rm -v /var/run/docker.sock:/var/run/docker.sock \ -v `pwd`:/malice/samples \ --network="host" \ -e MALICE_VT_API=$MALICE_VT_API \ malice/engine scan SAMPLE
elasticsearchplease see the following:
I have noticed when running the new 5.0+ version of malice/elasticsearch on a linux host you need to increase the memory map areas with the following command
sudo sysctl -w vm.max_map_count=262144
Elasticsearch requires a LOT of RAM to run smoothly. You can lower it to 2GB by running the following (before running a scan):
$ docker run -d \ -p 9200:9200 \ --name malice-elastic \ -e ES_JAVA_OPTS="-Xms2g -Xmx2g" \ malice/elasticsearch
Find a bug? Want more features? Find something missing in the documentation? Let me know! Please don't hesitate to file an issue
Apache License (Version 2.0)
Copyright (c) 2013 - 2018 blacktop Joshua Maine