{"id":34854451,"url":"https://github.com/kam193/assemblyline-services","last_synced_at":"2026-04-12T16:17:06.033Z","repository":{"id":209535365,"uuid":"723637615","full_name":"kam193/assemblyline-services","owner":"kam193","description":"Custom services for AssemblyLine 4","archived":false,"fork":false,"pushed_at":"2026-01-31T23:53:48.000Z","size":6903,"stargazers_count":9,"open_issues_count":0,"forks_count":3,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-02-01T10:57:37.907Z","etag":null,"topics":["assemblyline"],"latest_commit_sha":null,"homepage":"","language":"HTML","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/kam193.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2023-11-26T10:01:54.000Z","updated_at":"2026-01-31T23:52:23.000Z","dependencies_parsed_at":"2024-01-01T20:23:35.536Z","dependency_job_id":"099f1602-d11f-4e04-a9dc-da71cf2cf883","html_url":"https://github.com/kam193/assemblyline-services","commit_stats":null,"previous_names":["kam193/assemblyline-services"],"tags_count":140,"template":false,"template_full_name":null,"purl":"pkg:github/kam193/assemblyline-services","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kam193%2Fassemblyline-services","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kam193%2Fassemblyline-services/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kam193%2Fassemblyline-services/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kam193%2Fassemblyline-services/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/kam193","download_url":"https://codeload.github.com/kam193/assemblyline-services/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kam193%2Fassemblyline-services/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29062486,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-03T23:14:54.203Z","status":"ssl_error","status_checked_at":"2026-02-03T23:14:50.873Z","response_time":96,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["assemblyline"],"created_at":"2025-12-25T19:58:57.414Z","updated_at":"2026-04-12T16:17:06.025Z","avatar_url":"https://github.com/kam193.png","language":"HTML","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Custom services for AssemblyLine 4\n\nA set of custom services extending the capabilities of [AssemblyLine 4](https://github.com/CybercentreCanada/assemblyline).\nThey are created as a hobby project, so please do not expect production quality. They should work with the latest\nversion of AssemblyLine 4.\n\n## Installation\n\nTo install a service, copy the content of the appropriate `service_manifest.yml` and paste it in your AssemblyLine\ninstance, in the *Administration* -\u003e *Services* -\u003e *Add a service* (green plus button) window. The service will be\ninstalled and ready to use, updates will be handles as any other service.\n\n## Services\n\n### [ASAR Extractor](./ASARExtractor/)\n\nSimple service extracting [ASAR archives](https://www.electronjs.org/docs/latest/tutorial/asar-archives)\nusing official [asar tool](https://www.npmjs.com/package/@electron/asar) from Electron. By default, node modules\nare omitted from the extracted files, but it can be configured using submission parameters.\n\n### [ASTGrep](./ASTGrep/)\n\nService using [AST-Grep](https://ast-grep.github.io/) to analyze the source code. Currently used only for\nobfuscation detection and deobfuscation. At the moment, only builtin rules are supported and the service is focused on Python code.\n\n### [ClamAV](./clamav-service/)\n\nThis service uses the ClamAV antivirus engine to scan files for viruses. It leverages the daemon mode to keep db\ndefinitions in memory and avoid reloading them for each scan. Support for Freshclam and directly downloading custom\ndatabases, both as AL-native update service. Both ClamAV and Freshclam can be fully configured.\n\n### [File Similarity](./file-similarity/)\n\nComparing TLSH hashes to find similar files. It supports external lists in CSV as well as files badlisted in the\nAssemblyLine system. Both are updated periodically, as native AL update services. Not recommended for use with large\nnumber of badlisted files, it's just a linear comparison.\n\n### [Hashlookup](./hashlookup/)\n\nIt performs hash lookups to identify well-known good and bad files. It be used to avoid analyzing well-known\nfiles. Responses are cached. Currently supported services:\n\n- [CIRCL Hashlookup](https://www.circl.lu/services/hashlookup/): identify well-known files and return trust\n  score. DNS queries are used to check for the hash, and then REST API to get more details. It could be an\n  online alternative to loading NIST NSRL database (and more) into Safelist service.\n- [Cymru Malware Hash Registr](https://www.team-cymru.com/mhr): identify well-known malware files. Only\n  DNS queries are used. This service does not offer extended details (e.g. no malware name).\n\n### [Kunai](./kunai/)\n\nThis is a simple service supporting analysis through [Kunai sandbox](https://kunai.rocks).\nThe current version is a Work-In-Progress with a very simple functionality and no\nheuristics generated. By default, the public sandbox under https://sandbox.kunai.rocks/\nis used - please note, all submissions there are public!\n\n### [Network Information](./network-information/)\n\nService to get information about IPs and domains. Currently supported:\n\n- IP data from MMDB files (you can configure your own, the default one is [GeoOpen](https://cra.circl.lu/opendata/geo-open/)),\n- WHOIS data for domains, including domains extracted from URIs. Results are cached.\n\nSupported heuristics:\n\n- newly created domains (based on WHOIS data).\n\n### [PCAP Extractor](./pcap-extractor/)\n\nThis service list TCP flows from a pcap file using Tshark. If supported by Tshark, it can also extract files.\nIt tries to set as much as possible tags, and respect safelisting to avoid unnecessary operations.\n\nSupported heuristics:\n\n- external HTTP/non-HTTP connections,\n- data exfiltration threshold (based on total data sent out).\n\n### [Pylingual](./pylingual/) (on hold)\n\nDecompiling PYC files using [PyLingual](https://github.com/syssec-utd/pylingual/tree/main) [GPLv3 license].\n\n### [PylingualOnline](./PylingualOnline/)\n\nDecompiling PYC files using [PyLingual.io](https://www.pylingual.io/) online service. Note: PyLingual.io\ncollects data for training purposes. By default, the service will send only TLP:CLEAR classified\ndata.\n\n### [Python Magic](./python-magic/)\n\nDesigned to help with analysis of Python artifacts. Currently supported:\n\n- unpacking PyInstaller executables (using [pyinstxtractor-ng](https://github.com/pyinstxtractor/pyinstxtractor-ng)) [GPLv3 license],\n- extracting declared dependencies and matching them against configurable lists of suspicious and malicious packages,\n- detecting overwriting popular packages paths.\n\n### [RemoteAV](./remoteav/)\n\nAllows simple scan using a remote antivirus. It requires a host with a running HTTP service exposing API (see attached `openapi.json` for definition) and can be helpful if you don't have ICAP-compatible antivirus,\nbut a one with command line available. Server implementation is not published yet.\n\n### [Semgrep](./semgrep/)\n\nService using [Semgrep](https://semgrep.dev) OSS to analyze code for malicious activity. Currently in the alpha stage.\nBy default configured to use rules from [GuardDog](https://github.com/DataDog/guarddog) project.\n\n### [Simple Downloader](./simple-downloader/)\n\nVery simple service to download URLs, without running a whole browser. User-agent can be configured.\n\nAdditional features:\n\n  - extract URLs from directory listings as URI files allowing to download automatically download them (see [README](./simple-downloader/README.md) for configuration).\n  - proxy support (standard `requests` HTTP\u0026HTTPS proxy configuration).\n\n### [TagScan](./tagscan/)\n\nService matching tags based on regular expressions (in the possibly performant way using\n[Vectorscan](https://github.com/VectorCamp/vectorscan)). Matched tags are respectively marked and\neasily visible in results. In addition, safelisted tags are excluded from matching.\n\nThis is similar to TagCheck service, but can match only one tag at the time. However, TagScan can\nhighlighting tags and respects the safelist.\n\n## License\n\nAlthough the code is licensed under the MIT license, the services may use third-party data or dependencies.\nPlease respect the applicable licenses.\n\nNoticeable third-party licenses:\n\n- [PyLingual](https://github.com/syssec-utd/pylingual/tree/main) [GPLv3 license],\n- [Pyinstextractor-ng](https://github.com/pyinstxtractor/pyinstxtractor-ng) [GPLv3 license],\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkam193%2Fassemblyline-services","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkam193%2Fassemblyline-services","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkam193%2Fassemblyline-services/lists"}