MultiScanner is a file analysis framework that assists the user in evaluating a set of files by automatically running a suite of tools for the user and aggregating the output. Tools can be custom built Python scripts, web APIs, software running on another machine, etc. Tools are incorporated by creating modules that run in the MultiScanner framework.
Modules are designed to be quickly written and easily incorporated into the framework. Currently written and maintained modules are related to malware analytics, but the framework is not limited to that scope. For a list of modules, you can look in modules/. Descriptions and config options can be found on the Analysis Modules page.
It also supports a distributed workflow for sample storage, analysis, and report viewing. This functionality includes a web interface, a REST API, a distributed file system (GlusterFS), distributed report storage/searching (Elasticsearch), and distributed task management (Celery / RabbitMQ). Please see Architecture for more details.
An installer script is included in the project install.sh, which installs the prerequisites on most systems.
MultiScanner 2.0 includes a large refactor of the code base to better support Python packaging and imports.
Other changes include:
- migration to ElasticSearch 6 for distributed mode
- multiselect file download
- API /storage stability improvements (#74)
- add tags at upload (#122)
- add module for Endgame’s Ember benchmark model
- updates to docker image
- several bug fixes.
$ git clone https://github.com/mitre/multiscanner.git
$ cd multiscanner
$ sudo -HE ./install.sh
$ python multiscanner.py init
Copyright (c) 2015, The MITRE Corporation. All rights reserved.