LSE toolsLSE toolsMalice (371)Malice (371)

Tool and Usage

Project details

Year of inception
Apache License 2.0
Programming language
Latest release
Latest release date

Project health

This score is calculated by different factors, like project age, last release date, etc.

Why this tool?

Malice is a malware analysis that wants to provide a free and open source version of VirusTotal. The goal of Malice is to make it usable by both independent researchers up to fortune 500 companies.

Malice is useful for those that do malware analysis or deal with user-generated files that may contain malware. The framework allows scanning files and directories to see if they are infected.

How it works

Malice uses both a command line tool and a web interface. The CLI tool is used to perform a scan of a file or directory, optionally by automatically watching it for new files. Besides the scanning option, Malice can be used to perform a lookup of a known hash. This will provide a report with the relevant findings, like the detection by malware and anti-virus scan tools.

Malice is a modular framework and supports plugins. Each plugin can provide particular functionality to extend and customize. The plugins make it possible to retrieve data from VirusTotal, as one of the sources. Other functionality includes hash searches using the NSRL database, ShadowServer, and Team Cymru.

Usage and audience

Malice is commonly used for malware analysis, malware detection, malware research, or malware scanning. Target users for this tool are malware analysts, security professionals, and system administrators.


  • Command line interface
  • Docker support
  • Web interface

Example usage and output

Usage: malice [OPTIONS] COMMAND [arg...]

Open Source Malware Analysis Framework

Version: 0.3.11

blacktop - <>

--debug, -D Enable debug mode [$MALICE_DEBUG]
--help, -h show help
--version, -v print the version

scan Scan a file
watch Watch a folder
lookup Look up a file hash
elk Start an ELK docker container
plugin List, Install or Remove Plugins
help Shows a list of commands or help for one command

Run 'malice COMMAND --help' for more information on a command.

Tool review and remarks

The review and analysis of this project resulted in the following remarks for this security tool:


  • + More than 500 GitHub stars
  • + The source code of this software is available

History and highlights

  • Demo at Black Hat USA 2018 Arsenal


Supported operating systems

Malice is known to work on Linux and macOS.

Malice alternatives

Similar tools to Malice:



YARA is a security tool to identify and classify malware samples and often used by malware researchers. Learn how it works in this review.



MultiScanner is a modular file scanning and analysis framework. It can be used to scan files and detect malware or other suspicious traces. With the help of the modules, it can be extended to provide more details about a file.



There are never enough tools to analyze malware, right? SSMA might be one of those tools that to add to your malware analysis toolbox.

All Malice alternatives

This tool page was updated at . Found an improvement? Help the community by submitting an update.