Linux Expl0rer, an easy-to-use, live forensics toolbox designed for Linux endpoints. Built with Python and Flask, this toolkit facilitates comprehensive analysis and monitoring of system activities.

Despite no longer being maintained, Linux Expl0rer remains a valuable resource for those needing to inspect processes, search for suspicious files, and more, with built-in support for major public security services.

Capabilities

PS

Users

  • Users list

Find

  • Search for suspicious files by name/regex

Netstat

  • Whois

Logs

  • syslog
  • auth.log(user authentication log)
  • ufw.log(firewall log)
  • bash history

Anti-Rootkit

  • chkrootkit

Yara

  • Scan a file or directory using YARA signatures by @Neo23x0
  • Scan a running process memory address space
  • Upload your own YARA signature

Requirements

  • Python 3.6

Installation

wget https://github.com/intezer/linux-explorer/archive/master.zip -O master.zip
unzip master.zip
cd linux-explorer-master
./deploy.sh

Usage

  1. Start your browser
firefox http://127.0.0.1:8080

Configure API keys (optional)

nano config.py

Edit following lines:

INTEZER_APIKEY = '<key>'
VT_APIKEY = '<key>'
OTX_APIKEY = '<key>'
MALSHARE_APIKEY = '<key>'

Published by Tamil S

Tamil has a great interest in the fields of Cyber Security, OSINT, and CTF projects. Currently, he is deeply involved in researching and publishing various security tools with Kali Linux Tutorials, which is quite fascinating.

Leave a comment

Your email address will not be published. Required fields are marked *