Forensics

Linux Expl0rer – A Comprehensive Forensics Toolbox For Linux Endpoints

Linux Expl0rer, an easy-to-use, live forensics toolbox designed for Linux endpoints. Built with Python and Flask, this toolkit facilitates comprehensive analysis and monitoring of system activities.

Despite no longer being maintained, Linux Expl0rer remains a valuable resource for those needing to inspect processes, search for suspicious files, and more, with built-in support for major public security services.

Capabilities

PS

View full process list
Inspect process memory map & fetch memory strings easly
Dump process memory in one click
Automatically search hash in public services

Users

Users list

Find

Search for suspicious files by name/regex

Netstat

Whois

Logs

syslog
auth.log(user authentication log)
ufw.log(firewall log)
bash history

Anti-Rootkit

chkrootkit

Yara

Scan a file or directory using YARA signatures by @Neo23x0
Scan a running process memory address space
Upload your own YARA signature

Requirements

Python 3.6

Installation

wget https://github.com/intezer/linux-explorer/archive/master.zip -O master.zip
unzip master.zip
cd linux-explorer-master
./deploy.sh

Usage

Start your browser

firefox http://127.0.0.1:8080

Configure API keys (optional)

nano config.py

Edit following lines:

INTEZER_APIKEY = '<key>'
VT_APIKEY = '<key>'
OTX_APIKEY = '<key>'
MALSHARE_APIKEY = '<key>'

Varshini

Tamil has a great interest in the fields of Cyber Security, OSINT, and CTF projects. Currently, he is deeply involved in researching and publishing various security tools with Kali Linux Tutorials, which is quite fascinating.