freki: Malware analysis platform

freki

Freki is a free and open-source malware analysis platform.

Goals

1. Facilitate malware analysis and reverse engineering;
2. Provide an easy-to-use REST API for different projects;
3. Easy deployment (via Docker);
4. Allow the addition of new features by the community.

Current features

• Hash extraction.
• VirusTotal API queries.
• Static analysis of PE files (headers, sections, imports, capabilities, and strings).
• Pattern matching with Yara.
• Web interface and REST API.
• User management.
• Community comments.
• Download samples.

Technology

Freki currently uses the following technology to get everything running:

• Front-end

  • Bootstrap: for easy and responsive interface development

• Back-end

  • Python: main programming language
  • Flask: lightweight web application framework
  • SQLAlchemy: Python SQL toolkit
  • Gunicorn: Python WSGI HTTP Server
  • VirusTotal API: for querying the detection reports
  • Yara: for pattern matching
  • pefile: to parse information about PE files
  • capa: to identify capabilities in PE files

• Infrastructure

  • Docker: for easy deployment through containers
  • Nginx: a preferred web server
  • MariaDB: for storing information about samples

Install & Use

Copyright (C) 2020 crhenr