Malice
Tool and Usage
Project details
- Year of inception
- License
- Apache License 2.0
- Programming language
- Golang
- Latest release
- 0.3.28
- Latest release date
Project health
Links
 | GitHub project |
Why this tool?
Malice is a malware analysis that wants to provide a free and open source version of VirusTotal. The goal of Malice is to make it usable by both independent researchers up to fortune 500 companies.
Malice is useful for those that do malware analysis or deal with user-generated files that may contain malware. The framework allows scanning files and directories to see if they are infected.
How it works
Malice uses both a command line tool and a web interface. The CLI tool is used to perform a scan of a file or directory, optionally by automatically watching it for new files. Besides the scanning option, Malice can be used to perform a lookup of a known hash. This will provide a report with the relevant findings, like the detection by malware and anti-virus scan tools.
Malice is a modular framework and supports plugins. Each plugin can provide particular functionality to extend and customize. The plugins make it possible to retrieve data from VirusTotal, as one of the sources. Other functionality includes hash searches using the NSRL database, ShadowServer, and Team Cymru.
Usage and audience
Malice is commonly used for malware analysis, malware detection, malware research, or malware scanning. Target users for this tool are malware analysts, security professionals, and system administrators.
Features
- Command line interface
- Docker support
- Web interface
Example usage and output
Open Source Malware Analysis Framework
Version: 0.3.11
Author:
blacktop - <https://github.com/blacktop>
Options:
--debug, -D Enable debug mode [$MALICE_DEBUG]
--help, -h show help
--version, -v print the version
Commands:
scan Scan a file
watch Watch a folder
lookup Look up a file hash
elk Start an ELK docker container
plugin List, Install or Remove Plugins
help Shows a list of commands or help for one command
Run 'malice COMMAND --help' for more information on a command.
Tool review and remarks
The review and analysis of this project resulted in the following remarks for this security tool:
Strengths
- + More than 500 GitHub stars
- + The source code of this software is available
History and highlights
- Demo at Black Hat USA 2018 Arsenal
Installation
Supported operating systems
Malice is known to work on Linux and macOS.
Malice alternatives
Similar tools to Malice:
YARA
YARA is a security tool to identify and classify malware samples and often used by malware researchers. Learn how it works in this review.
MultiScanner
MultiScanner is a modular file scanning and analysis framework. It can be used to scan files and detect malware or other suspicious traces. With the help of the modules, it can be extended to provide more details about a file.
SSMA
There are never enough tools to analyze malware, right? SSMA might be one of those tools that to add to your malware analysis toolbox.
This tool page was updated at . Found an improvement? Help the community by submitting an update.
Related tool information
Categories
This tool is categorized as a Linux malware analysis tool, Linux malware detection tool, and malware identification tool.