malice

Malice’s mission is to be a free open source version of VirusTotal that anyone can use at any scale from an independent researcher to a fortune 500 company.

Changelog

v0.3.27

892d011 add docs on elasticsearch issues
212a94b add Kaspersky av
42c90ff fix vagrantfile
c3934e7 update docs

v0.3.26

Installation

Please note you must have Go 1.7 or higher installed.

• OSX
• Linux
• Windows
• Docker

Use

Usage: malice [OPTIONS] COMMAND [arg...]



Open Source Malware Analysis Framework



Version: 0.3.11



Author:

  blacktop - <https://github.com/blacktop>



Options:

  --debug, -D      Enable debug mode [$MALICE_DEBUG]

  --help, -h       show help

  --version, -v    print the version



Commands:

  scan        Scan a file

  watch        Watch a folder

  lookup    Look up a file hash

  elk        Start an ELK docker container

  plugin    List, Install or Remove Plugins

  help        Shows a list of commands or help for one command



Run 'malice COMMAND --help' for more information on a command.

Scan some malware

$ malice scan evil.malware

NOTE: On the first run malice will download all of it’s default plugins which can take a while to complete.

Malice will output the results as a markdown table that can be piped or copied into results.md that will look great on Github see here

Start Malice’s Web UI

You can open the Kibana UI and look at the scan results here: http://localhost (assuming you are using Docker for Mac)

• Type in malice as the Index name or pattern and click Create.
• Now click on the Discover Tab and behold!!!

Tutorial

Source: https://github.com/maliceio/