malice

Malice's mission is to be a free open source version of VirusTotal that anyone can use at any scale from an independent researcher to a fortune 500 company.

Try It Out

DEMO: demo.malice.io

username: malice
password: ecilam

Requirements

Hardware

~16GB disk space
~4GB RAM

Software

Docker

Getting Started (OSX)

Install

$ brew install maliceio/tap/malice

Usage: malice [OPTIONS] COMMAND [arg...]

Open Source Malware Analysis Framework

Version: 0.3.11

Author:
  blacktop - <https://github.com/blacktop>

Options:
  --debug, -D      Enable debug mode [$MALICE_DEBUG]
  --help, -h       show help
  --version, -v    print the version

Commands:
  scan        Scan a file
  watch        Watch a folder
  lookup    Look up a file hash
  elk        Start an ELK docker container
  plugin    List, Install or Remove Plugins
  help        Shows a list of commands or help for one command

Run 'malice COMMAND --help' for more information on a command.

Scan some malware

$ malice scan evil.malware

NOTE: On the first run malice will download all of it's default plugins which can take a while to complete.

Malice will output the results as a markdown table that can be piped or copied into a results.md that will look great on Github see here

Start Malice's Web UI

$ malice elk

You can open the Kibana UI and look at the scan results here: http://localhost (assuming you are using Docker for Mac)

Type in malice as the Index name or pattern and click Create.
Now click on the Malice Tab and behold!!!

Getting Started (Docker in Docker)

Install/Update all Plugins

docker run --rm -v /var/run/docker.sock:/var/run/docker.sock malice/engine plugin update --all

Scan a file

docker run --rm -v /var/run/docker.sock:/var/run/docker.sock \
                -v `pwd`:/malice/samples \
                --network="host" \
                -e MALICE_VT_API=$MALICE_VT_API \
                malice/engine scan SAMPLE

Documentation

Known Issues ⚠️

If you are having issues with `malice` connecting/writting to `elasticsearch` please see the following:

I have noticed when running the new 5.0+ version of malice/elasticsearch on a linux host you need to increase the memory map areas with the following command

sudo sysctl -w vm.max_map_count=262144

Elasticsearch requires a LOT of RAM to run smoothly. You can lower it to 2GB by running the following (before running a scan):

$ docker run -d \
         -p 9200:9200 \
         --name malice-elastic \
         -e ES_JAVA_OPTS="-Xms2g -Xmx2g" \
         malice/elasticsearch

See here for more details on Known Issues/FAQs ⚠️

Issues

Find a bug? Want more features? Find something missing in the documentation? Let me know! Please don't hesitate to file an issue

CHANGELOG

See CHANGELOG.md

Name	Name	Last commit message	Last commit date
Latest commit blacktop Update copyright date Apr 3, 2023 c6aae51 · Apr 3, 2023 History 640 Commits
.docker	.docker	update copyright date	Apr 3, 2023
.github	.github	github is cool	Oct 20, 2018
.release	.release	bump version	Dec 2, 2018
api	api	remove old api code	Apr 22, 2017
cmd	cmd	plop	Apr 22, 2017
commands	commands	bug: elasticsearch support for local in docker and remote	Sep 4, 2018
config	config	Update config.toml	Apr 3, 2023
contrib/completion/zsh	contrib/completion/zsh	remove homebrew from here	Apr 21, 2017
data	data	a little reorg	Aug 6, 2016
docs	docs	add new screen shot	Jan 7, 2019
malice	malice	bug: elasticsearch support for local in docker and remote	Sep 4, 2018
plugins	plugins	Update copyright date	Apr 3, 2023
utils	utils	Update copyright date	Apr 3, 2023
vendor	vendor	I got got by gotty, naughty gotty naughty	Nov 24, 2018
web	web	a little reorg	Jan 3, 2016
.gitignore	.gitignore	bump DB to 6.5.0	Nov 24, 2018
.goreleaser.yml	.goreleaser.yml	no zsh completions from rpm for now 😢	Jul 27, 2018
.travis.yml	.travis.yml	fixes	Aug 1, 2018
Brewfile	Brewfile	updates	Jul 28, 2018
CHANGELOG.md	CHANGELOG.md	add totalhash plugin	Dec 22, 2016
CONTRIBUTING.md	CONTRIBUTING.md	cleanup README	Oct 2, 2016
Gopkg.lock	Gopkg.lock	I got got by gotty, naughty gotty naughty	Nov 24, 2018
Gopkg.toml	Gopkg.toml	I got got by gotty, naughty gotty naughty	Nov 24, 2018
LICENSE	LICENSE	Update copyright date	Apr 3, 2023
Makefile	Makefile	bug: elasticsearch support for local in docker and remote	Sep 4, 2018
README.md	README.md	fixes	Dec 11, 2021
Vagrantfile	Vagrantfile	fix vagrantfile	Nov 24, 2018
apiary.apib	apiary.apib	fix docs	Oct 14, 2016
circle.yml	circle.yml	fix config updater	Apr 21, 2017
docker-compose.yml	docker-compose.yml	add pescan yall 🎉	Aug 20, 2018
main.go	main.go	update copyright date	Apr 3, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

malice

Try It Out

Requirements

Hardware

Software

Getting Started (OSX)

Install

Scan some malware

Start Malice's Web UI

Getting Started (Docker in Docker)

Install/Update all Plugins

Scan a file

Documentation

Known Issues ⚠️

If you are having issues with `malice` connecting/writting to `elasticsearch` please see the following:

See here for more details on Known Issues/FAQs ⚠️

Issues

CHANGELOG

License

About

Releases 28

Packages

Contributors 3

Languages

License

maliceio/malice

Folders and files

Latest commit

History

Repository files navigation

malice

Try It Out

Requirements

Hardware

Software

Getting Started (OSX)

Install

Scan some malware

Start Malice's Web UI

Getting Started (Docker in Docker)

Install/Update all Plugins

Scan a file

Documentation

Known Issues ⚠️

If you are having issues with malice connecting/writting to elasticsearch please see the following:

See here for more details on Known Issues/FAQs ⚠️

Issues

CHANGELOG

License

About

Topics

Resources

License

Stars

Watchers

Forks

Releases 28

Packages 0

Contributors 3

Languages

If you are having issues with `malice` connecting/writting to `elasticsearch` please see the following:

Packages