linux-explorer : Easy-to-use live forensics toolbox for Linux endpoints.

0x0ptimus / November 27, 2017 / Comments Off / Anti Malware/Virus - Malware Analysis, Digital Forensics

Linux Expl0rer is an python scripting for Easy-to-use live forensics toolbox for Linux endpoints.
Capabilities:
* ps
+ View full process list
+ Inspect process memory map & fetch memory strings easly
+ Dump process memory in one click
+ Automaticly search hash in public services
+++ VirusTotal
+++ AlienVault OTX

* users
+ users list

* find
+ Search for suspicious files by name/regex

* netstat
+ Whois

Linux Expl0rer

* logs
+ syslog
+ auth.log(user authentication log)
+ ufw.log(firewall log)
+ bash history

* anti-rootkit
+ chkrootkit

* yara
+ Scan a file or directory using YARA signatures by @Neo23x0
+ Scan a running process memory address space
+ Upload your own YARA signature

Requirements
– Python 2.7
– YARA
– chkrootkit

Usage:

sudo apt-get install yara chkrootkit -y
git clone git clone https://github.com/intezer/linux_expl0rer && cd linux_expl0rer

Setup VT/OTX api keys
nano config.py

sudo python linux_explorer.py
then oen browser at http://127.0.0.1:8080

sudo apt-get install yara chkrootkit -y

git clone git clone https://github.com/intezer/linux_expl0rer && cd linux_expl0rer

Setup VT/OTX api keys

nano config.py

sudo python linux_explorer.py

then oen browser at http://127.0.0.1:8080

Source: https://github.com/intezer

Tags: Anti Rootkit, dfir, dump, Forensics, linux, memory analysis

Archives

linux-explorer : Easy-to-use live forensics toolbox for Linux endpoints.