Multiscanner : Modular File Scanning/Analysis Framework

MultiScanner is a file analysis framework that assists the user in evaluating a set of files by automatically running a suite of tools for the user and aggregating the output. Tools can be custom built Python scripts, web APIs, software running on another machine, etc. Tools are incorporated by creating modules that run in the framework.

Modules are designed to be quickly written and easily incorporated into the framework. Currently written and maintained modules are related to malware analytics, but the framework is not limited to that scope. For a list of modules you can look in modules/. Descriptions and config options can be found on the Analysis Modules page.

It also supports a distributed workflow for sample storage, analysis, and report viewing. This functionality includes a web interface, a REST API, a distributed file system (GlusterFS), distributed report storage / searching (Elasticsearch), and distributed task management (Celery / RabbitMQ). Please see Architecture for more details.

Usage

It can be used as a command-line interface, a Python API, or a distributed system with a web interface. See the documentation for more detailed information on installation and usage.

Also Read – Pown : A Security Testing An Exploitation Toolkit Built

Command-Line

Install Python (2.7 or 3.4+) if you haven’t already.

Then run the following (substituting the actual file you want to scan for <file>):

$ git clone https://github.com/mitre/multiscanner.git
$ cd multiscanner
$ sudo -HE ./install.sh
$ multiscanner init

This will generate a default configuration for you. Check config.ini to see what modules are enabled. See Configuration for more information.

Now you can scan a file (substituting the actual file you want to scan for <file>):

$ multiscanner <file>

You can run the following to get a list of all of MultiScanner’s command-line options:

$ multiscanner –help

Note: If you are not on a RedHat or Debian based Linux distribution, instead of running the install.sh script, install pip (if you haven’t already) and run the following:

$ pip install -r requirements.txt

Python API

import multiscanner
multiscanner.config_init(filepath)
output = multiscanner.multiscan(file_list)
results = multiscanner.parse_reports(output, python=True)

Web Interface

Install the latest versions of Docker and Docker Compose if you haven’t already.

$ git clone https://github.com/mitre/multiscanner.git
$ cd multiscanner
$ docker-compose up

You may have to wait a while until all the services are up and running, but then you can use the web interface by going to http://localhost:8000 in your web browser.

Note: this should not be used in production; it is simply an introduction to what a full installation would look like. See here for more details.

R K

Recent Posts

Shadow-rs : Harnessing Rust’s Power For Kernel-Level Security Research

shadow-rs is a Windows kernel rootkit written in Rust, demonstrating advanced techniques for kernel manipulation…

1 week ago

ExecutePeFromPngViaLNK – Advanced Execution Of Embedded PE Files via PNG And LNK

Extract and execute a PE embedded within a PNG file using an LNK file. The…

2 weeks ago

Red Team Certification – A Comprehensive Guide To Advancing In Cybersecurity Operations

Embark on the journey of becoming a certified Red Team professional with our definitive guide.…

2 weeks ago

CVE-2024-5836 / CVE-2024-6778 : Chromium Sandbox Escape via Extension Exploits

This repository contains proof of concept exploits for CVE-2024-5836 and CVE-2024-6778, which are vulnerabilities within…

3 weeks ago

Rust BOFs – Unlocking New Potentials In Cobalt Strike

This took me like 4 days (+2 days for an update), but I got it…

3 weeks ago

MaLDAPtive – Pioneering LDAP SearchFilter Parsing And Security Framework

MaLDAPtive is a framework for LDAP SearchFilter parsing, obfuscation, deobfuscation and detection. Its foundation is…

3 weeks ago