Linux Expl0rer - Easy-To-Use Live Forensics Toolbox For Linux Endpoints - Termux ID -->

    Social Items

/ / / / / / / / / Linux Expl0rer - Easy-To-Use Live Forensics Toolbox For Linux Endpoints

Easy-to-use live forensics toolbox for Linux endpoints written in Python & Flask.

Capabilities

ps
  • View full process list
  • Inspect process memory map & fetch memory strings easly
  • Dump process memory in one click
  • Automaticly search hash in public services

users
  • users list

find
  • Search for suspicious files by name/regex

netstat
  • Whois

logs
  • syslog
  • auth.log(user authentication log)
  • ufw.log(firewall log)
  • bash history

anti-rootkit
  • chkrootkit

yara
  • Scan a file or directory using YARA signatures by @Neo23x0
  • Scan a running process memory address space
  • Upload your own YARA signature

Requirements
  • Python 2.7
  • YARA
  • chkrootkit

Installation
  1. Clone repository
git clone https://github.com/intezer/linux_expl0rer
  1. Install required packages
pip install -r requirements.txt
  1. Setup VT/OTX api keys
nano config.py
Edit following lines:
VT_APIKEY = '<key>'
OTX_APIKEY = '<key>'
  1. Install YARA
sudo apt-get install yara
  1. Install chkrootkit
sudo apt-get install chkrootkit

Start Linux Expl0rer server
sudo python linux_explorer.py

Usage
  1. Start your browser
firefox http://127.0.0.1:8080
  1. do stuff

Notes


    Linux Expl0rer - Easy-To-Use Live Forensics Toolbox For Linux Endpoints


    Easy-to-use live forensics toolbox for Linux endpoints written in Python & Flask.

    Capabilities

    ps
    • View full process list
    • Inspect process memory map & fetch memory strings easly
    • Dump process memory in one click
    • Automaticly search hash in public services

    users
    • users list

    find
    • Search for suspicious files by name/regex

    netstat
    • Whois

    logs
    • syslog
    • auth.log(user authentication log)
    • ufw.log(firewall log)
    • bash history

    anti-rootkit
    • chkrootkit

    yara
    • Scan a file or directory using YARA signatures by @Neo23x0
    • Scan a running process memory address space
    • Upload your own YARA signature

    Requirements
    • Python 2.7
    • YARA
    • chkrootkit

    Installation
    1. Clone repository
    git clone https://github.com/intezer/linux_expl0rer
    1. Install required packages
    pip install -r requirements.txt
    1. Setup VT/OTX api keys
    nano config.py
    Edit following lines:
    VT_APIKEY = '<key>'
    OTX_APIKEY = '<key>'
    1. Install YARA
    sudo apt-get install yara
    1. Install chkrootkit
    sudo apt-get install chkrootkit

    Start Linux Expl0rer server
    sudo python linux_explorer.py

    Usage
    1. Start your browser
    firefox http://127.0.0.1:8080
    1. do stuff

    Notes


      Forensics Linux Linux Expl0rer Python Secure Toolbox VirusTotal Yara
      Subscribe to: Post Comments (Atom)