Malice – VirusTotal Wanna Be (Now With 100% More Hipster)

Malice’s mission is to be a free open source version of VirusTotal that anyone can use at any scale from an independent researcher to a fortune 500 company.Try It OutDEMO: demo.malice.iousername: malicepassword: ecilamRequirementsHardware~16GB disk space~4GB RAMSoftwareDockerGetting Started (OSX)Install$ brew install maliceio/tap/maliceUsage: malice [OPTIONS] COMMAND [arg…]Open Source Malware Analysis FrameworkVersion: 0.3.11Author: blacktop – Options: –debug, -D Enable debug mode [$MALICE_DEBUG] –help, -h show help –version, -v print the versionCommands: scan Scan a file watch Watch a folder lookup Look up a file hash elk Start an ELK docker container plugin List, Install or Remove Plugins help Shows a list of commands or help for one commandRun ‘malice COMMAND –help’ for more information on a command.Scan some malware$ malice scan evil.malwareNOTE: On the first run malice will download all of it’s default plugins which can take a while to complete.Malice will output the results as a markdown table that can be piped or copied into a that will look great on Github see hereStart Malice’s Web UI$ malice elkYou can open the Kibana UI and look at the scan results here: http://localhost (assuming you are using Docker for Mac)Type in malice as the Index name or pattern and click Create. Now click on the Malice Tab and behold!!! Getting Started (Docker in Docker)Install/Update all Pluginsdocker run –rm -v /var/run/docker.sock:/var/run/docker.sock malice/engine plugin update –allScan a filedocker run –rm -v /var/run/docker.sock:/var/run/docker.sock \ -v `pwd`:/malice/samples \ -e MALICE_VT_API=$MALICE_VT_API \ malice/engine scan SAMPLEDocumentationDocumentationPluginsExamplesRoadmapContributingDownload Malice