LiSa

Project providing automated Linux malware analysis on various CPU architectures.

Features

• QEMU emulation.
• Currently supporting x86_64, i386, arm, mips, aarch64.
• Small images built w/ buildroot.
• Radare2 based static analysis.
• Dynamic (behavioral) analysis using SystemTap kernel modules – captured syscalls, openfiles, process trees.
• Network statistics and analysis of DNS, HTTP, Telnet, and IRC communication.
• Endpoints analysis and blacklists configuration.
• Scaled with celery and RabbitMQ.
• REST API | frontend.
• Extensible through sub-analysis modules and custom images.

Install && Use

Copyright 2019 Daniel Uhříček