{"id":13511143,"url":"https://github.com/LDO-CERT/orochi","last_synced_at":"2025-03-30T20:32:44.867Z","repository":{"id":37760006,"uuid":"264956942","full_name":"LDO-CERT/orochi","owner":"LDO-CERT","description":"The Volatility Collaborative GUI","archived":false,"fork":false,"pushed_at":"2025-03-28T11:43:47.000Z","size":76514,"stargazers_count":241,"open_issues_count":23,"forks_count":21,"subscribers_count":10,"default_branch":"master","last_synced_at":"2025-03-29T12:41:21.590Z","etag":null,"topics":["dask","hacktoberfest","memory-dump","orochi","volatility","volatility-framework","volatility-gui"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/LDO-CERT.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-05-18T14:01:45.000Z","updated_at":"2025-03-25T17:04:59.000Z","dependencies_parsed_at":"2023-10-15T19:52:41.456Z","dependency_job_id":"fde04103-c9e4-4eec-8c7d-8b96e6095b13","html_url":"https://github.com/LDO-CERT/orochi","commit_stats":null,"previous_names":[],"tags_count":9,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/LDO-CERT%2Forochi","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/LDO-CERT%2Forochi/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/LDO-CERT%2Forochi/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/LDO-CERT%2Forochi/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/LDO-CERT","download_url":"https://codeload.github.com/LDO-CERT/orochi/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246379366,"owners_count":20767694,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["dask","hacktoberfest","memory-dump","orochi","volatility","volatility-framework","volatility-gui"],"created_at":"2024-08-01T03:00:35.520Z","updated_at":"2025-03-30T20:32:44.846Z","avatar_url":"https://github.com/LDO-CERT.png","language":"JavaScript","readme":"# Orochi\n\n[![Black code style](https://img.shields.io/badge/code%20style-black-000000.svg)](http://shields.io/)\n[![GitHub license](https://img.shields.io/github/license/ldo-cert/orochi.svg)](https://github.com/LDO-CERT/orochi/blob/master/LICENSE)\n[![Built with Cookiecutter Django](https://img.shields.io/badge/built%20with-Cookiecutter%20Django-ff69b4.svg)](https://github.com/pydanny/cookiecutter-django/)\n[![docker-compose-actions-workflow](https://github.com/LDO-CERT/orochi/actions/workflows/push.yml/badge.svg)](https://github.com/LDO-CERT/orochi/actions/workflows/push.yml)\n[![CodeQL](https://github.com/LDO-CERT/orochi/actions/workflows/codeql-analysis.yml/badge.svg)](https://github.com/LDO-CERT/orochi/actions/workflows/codeql-analysis.yml)\n[![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/5014/badge)](https://bestpractices.coreinfrastructure.org/projects/5014)\n[![Join the chat at https://gitter.im/ldo-cert-orochi/community](https://badges.gitter.im/LDO-CERT/orochi.svg)](https://gitter.im/ldo-cert-orochi?utm_source=badge\u0026utm_medium=badge\u0026utm_campaign=pr-badge\u0026utm_content=badge)\n\n\n\nOrochi - The Volatility Collaborative GUI\n\n![Orochi](docs/images/orochi.png)\n\n## Table of Contents\n\n- [Orochi](#orochi)\n - [Table of Contents](#table-of-contents)\n - [About Orochi](#about-orochi)\n - [Fastest way to try Orochi](#fastest-way-to-try-orochi)\n - [Orochi architecture](#orochi-architecture)\n - [Getting started](#getting-started)\n - [Installation](#installation)\n - [Quick Start Guide](#quick-start-guide)\n - [User guide](#user-guide)\n - [Admin guide](#admin-guide)\n - [API guide](#api-guide)\n - [Deploy to Swarm](#deploy-to-swarm)\n - [Community](#community)\n - [Contributing](#contributing)\n - [Origin of name](#origin-of-name)\n\n## About Orochi\n\nOrochi is an open source framework for collaborative forensic memory dump analysis. Using Orochi you and your collaborators can easily organize your memory dumps and analyze them all at the same time.\n\n\n![Orochi-main](docs/animations/000_orochi_main.gif)\n\n## Fastest way to try Orochi\n\nFor people who prefer to install and try first and then read the guide:\n```\ngit clone https://github.com/LDO-CERT/orochi.git\ncd orochi\nsudo docker-compose pull\nsudo docker-compose up\n```\nBrowse http://127.0.0.1:8000 and access with admin//admin\n\n\n## Orochi architecture\n\n- uses [Volatility 3](https://github.com/volatilityfoundation/volatility3): the world’s most widely used framework for extracting digital artifacts from volatile memory (RAM) samples.\n- distributes loads among nodes using [Dask](https://github.com/dask/dask)\n- uses [Django](https://github.com/django/django) as frontend\n- uses [Postgresql](https://github.com/postgres/postgres) to save users, analysis metadata such status and errors.\n- uses [Mailpit](https://github.com/axllent/mailpit) to manage the users registration emails\n- uses [Redis](https://github.com/redis/redis) for cache and websocket for notifications\n- all framework is provided as [docker-compose](https://github.com/docker/) images\n\n## Getting started\n\n### Installation\n\nUsing Docker-compose you can start multiple dockers and link them together.\n\n\n- Start cloning the repo and enter in the folder:\n ```\n git clone https://github.com/LDO-CERT/orochi.git\n cd orochi\n ```\n\n In case you are running docker on Windows you can do `wsl -d docker-desktop sysctl -w vm.max_map_count=262144` from PowerShell.\n\n- You need to set some useful variables that docker-compose will use for [configure the environment](https://cookiecutter-django.readthedocs.io/en/latest/developing-locally-docker.html#configuring-the-environment)\n\n Here is a sample of `.env\\.local\\.postgres`:\n\n ```\n POSTGRES_HOST=postgres\n POSTGRES_PORT=5432\n POSTGRES_DB=orochi\n POSTGRES_USER=debug\n POSTGRES_PASSWORD=debug\n ```\n\n Here is a sample of `.env\\.local\\.django`:\n\n ```\n USE_DOCKER=yes\n IPYTHONDIR=/app/.ipython\n REDIS_URL=redis://redis:6379/0\n DASK_SCHEDULER_URL=tcp://scheduler:8786\n ```\n\n By default `ALLOWED_HOSTS` config permits access from everywhere. If needed you can change it from `.envs\\.local\\.django`\n\n- If needed you can increase or decrease Dask workers to be started. In order to do this you have to update the `docker-compose.yml` file changing the number of `replicas` in the deploy section of `worker` service.\n\n- You can pull images with command:\n ```\n docker-compose pull\n ```\n\n- Or build images with command:\n ```\n docker-compose build\n ```\n\n- Now it's time to fire up the images!\n ```\n docker-compose up\n ```\n\n\n- When finished - it takes a while - you can check the status of images:\n ```\n docker ps -a\n ```\n\n ````\nCONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES\nfdc1fa46c0d8 ghcr.io/ldo-cert/orochi_nginx:new \"/docker-entrypoint.…\" 21 hours ago Up 4 hours 0.0.0.0:80-\u003e80/tcp, :::80-\u003e80/tcp, 0.0.0.0:443-\u003e443/tcp, :::443-\u003e443/tcp orochi_nginx\ndb5b7f50ee5b ghcr.io/ldo-cert/orochi_worker:new \"tini -g -- /usr/bin…\" 21 hours ago Up 4 hours orochi-worker-1\n5f334d521d04 ghcr.io/ldo-cert/orochi_worker:new \"tini -g -- /usr/bin…\" 21 hours ago Up 4 hours orochi-worker-2\n3768f5fa73d3 ghcr.io/ldo-cert/orochi_django:new \"/entrypoint /start\" 21 hours ago Up 4 hours 8000/tcp orochi_django_wsgi\na3f79c5281cc ghcr.io/ldo-cert/orochi_django:new \"/entrypoint daphne …\" 21 hours ago Up 4 hours 9000/tcp orochi_django_asgi\n6bb5d6107029 ghcr.io/ldo-cert/orochi_worker:new \"tini -g -- /usr/bin…\" 21 hours ago Up 4 hours 0.0.0.0:8786-8787-\u003e8786-8787/tcp, :::8786-8787-\u003e8786-8787/tcp orochi_scheduler\n636c41f3fe9b postgres:16.3 \"docker-entrypoint.s…\" 22 hours ago Up 4 hours 0.0.0.0:5432-\u003e5432/tcp, :::5432-\u003e5432/tcp orochi_postgres\n6d8d337667ad redis:7.4.0 \"docker-entrypoint.s…\" 22 hours ago Up 4 hours 0.0.0.0:6379-\u003e6379/tcp, :::6379-\u003e6379/tcp orochi_redis\n596be665ef37 axllent/mailpit:latest \"/mailpit\" 22 hours ago Up 4 hours (healthy) 0.0.0.0:1025-\u003e1025/tcp, :::1025-\u003e1025/tcp, 0.0.0.0:8025-\u003e8025/tcp, :::8025-\u003e8025/tcp, 1110/tcp orochi_mailpit\n\n ```\n ````\n ![Orochi](docs/images/022_orochi_docker_schema.png)\n\n- Now some management commands in case you are upgrading:\n ```\n docker-compose run --rm django python manage.py makemigrations\n docker-compose run --rm django python manage.py migrate\n docker-compose run --rm django python manage.py collectstatic\n ```\n- Sync Volatility plugins (\\*) in order to make them available to users:\n ```\n docker-compose run --rm django python manage.py plugins_sync\n ```\n- Volatility Symbol Tables are available [here](https://github.com/volatilityfoundation/volatility3#symbol-tables) and can be sync using this command (\\*):\n ```\n docker-compose run --rm django python manage.py symbols_sync\n ```\n(\\*) It is also possible to run plugins_sync and symbols_sync directly from the admin page in case new plugins or new symbols are available.\n\n- To create a **normal user account**, just go to Sign Up (http://127.0.0.1:8000) and fill out the form. Once you submit it, you'll see a \"Verify Your E-mail Address\" page. Go to your console to see a simulated email verification message. Copy the link into your browser. Now the user's email should be verified and ready to go.\n In development, it is often nice to be able to see emails that are being sent from your application. For that reason local SMTP server [Mailpit](https://github.com/axllent/mailpit) with a web interface is available as docker container.\n Container mailpit will start automatically when you will run all docker containers.\n Please check `cookiecutter-django Docker documentation` for more details how to start all containers.\n With Mailpit running, to view messages that are sent by your application, open your browser and go to `http://127.0.0.1:8025`\n\n- Other details in [cookiecutter-django Docker documentation](http://cookiecutter-django.readthedocs.io/en/latest/deployment-with-docker.html)\n\n### Quick Start Guide\n\n- register your user\n- login with your user and password\n- upload a memory dump and choose a name, the OS and the color: in order to speed up the upload it accepts also zipped files.\n- When the upload is completed, all enabled Volatility plugins will be executed in parallel thanks to Dask. With Dask it is possible to distribute jobs among different servers.\n- You can configure which plugin you want run by default through admin page.\n- As the results come, they will be shown.\n- Is it possible to view the results of a plugin executed on multiple dumps, for example view simultaneously processes list output of 2 different machines.\n\nApplications links:\n\n- Orochi homepage: http://127.0.0.1:8000\n- Orochi admin: http://127.0.0.1:8000/admin\n- Mailpit: http://127.0.0.1:8025\n- Dask: http://127.0.0.1:8787\n\n### User guide\n\nPlease see [Users-Guide](docs/Users-Guide.md)\n\n### Admin guide\n\nPlease see [Admin-Guide](docs/Admin-Guide.md)\n\n### API guide\n\nPlease see [API-Guide](docs/API-Guide.md)\n\n### Deploy to Swarm\n\nPlease see [Deploy-to-Swarm](docs/Deploy-to-Swarm-Guide.md)\n\n## Community\n\nWe are available on [Gitter](https://gitter.im/ldo-cert-orochi/community) to help you and discuss about improvements.\n\n## Contributing\n\nIf you want to contribute to orochi, be sure to review the [contributing guidelines](CONTRIBUTING.md). This project adheres to orochi\n[code of conduct](CODE_OF_CONDUCT.md). By participating, you are expected to uphold this code.\n\n## Origin of name\n\n\"Its eyes are like akakagachi, it has one body with eight heads and eight tails. Moreover on its body grows moss, and also chamaecyparis and cryptomerias. Its length extends over eight valleys and eight hills, and if one look at its belly, it is all constantly bloody and inflamed.\"\n[Full story from wikipedia](https://en.wikipedia.org/wiki/Yamata_no_Orochi)\n\nLet's go cut tails and find your Kusanagi-no-Tsurugi!\n","funding_links":[],"categories":["Analysis Tools","IR Tools Collection","Memory Forensics","Volatility 3","Forensics","hacktoberfest"],"sub_categories":["Memory Analysis Tools","Other Resources","GUI","Volatility"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FLDO-CERT%2Forochi","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FLDO-CERT%2Forochi","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FLDO-CERT%2Forochi/lists"}