Malice - VirusTotal Wanna Be (Now With 100% More Hipster)

Malice's mission is to be a free open source version of VirusTotal that anyone can use at any scale from an independent researcher to a fortune 500 company.

Try It Out
DEMO: demo.malice.io
  • username: malice
  • password: ecilam


  • ~16GB disk space
  • ~4GB RAM


Getting Started (OSX)

$ brew install maliceio/tap/malice
Usage: malice [OPTIONS] COMMAND [arg...]

Open Source Malware Analysis Framework

Version: 0.3.11

blacktop - <https://github.com/blacktop>

--debug, -D Enable debug mode [$MALICE_DEBUG]
--help, -h show help
--version, -v print the version

scan Scan a file
watch Watch a folder
lookup Look up a file hash
elk Start an ELK docker container
plugin List, Install or Remove Plugins
help Shows a list of commands or help for one command

Run 'malice COMMAND --help' for more information on a command.

Scan some malware
$ malice scan evil.malware
NOTE: On the first run malice will download all of it's default plugins which can take a while to complete.
Malice will output the results as a markdown table that can be piped or copied into a results.md that will look great on Github see here

Start Malice's Web UI
$ malice elk
You can open the Kibana UI and look at the scan results here: http://localhost (assuming you are using Docker for Mac)
  • Type in malice as the Index name or pattern and click Create.
  • Now click on the Malice Tab and behold!!!

Getting Started (Docker in Docker)

Install/Update all Plugins
docker run --rm -v /var/run/docker.sock:/var/run/docker.sock malice/engine plugin update --all

Scan a file
docker run --rm -v /var/run/docker.sock:/var/run/docker.sock \
-v `pwd`:/malice/samples \
malice/engine scan SAMPLE


Disqus Comments