{"id":37184538,"url":"https://github.com/ldo-cert/orochi","last_synced_at":"2026-01-14T21:19:45.339Z","repository":{"id":37760006,"uuid":"264956942","full_name":"LDO-CERT/orochi","owner":"LDO-CERT","description":"The Volatility Collaborative GUI","archived":false,"fork":false,"pushed_at":"2026-01-12T13:13:15.000Z","size":77976,"stargazers_count":264,"open_issues_count":67,"forks_count":25,"subscribers_count":10,"default_branch":"master","last_synced_at":"2026-01-14T16:00:05.032Z","etag":null,"topics":["dask","hacktoberfest","memory-dump","orochi","volatility","volatility-framework","volatility-gui"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/LDO-CERT.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2020-05-18T14:01:45.000Z","updated_at":"2026-01-13T11:20:46.000Z","dependencies_parsed_at":"2023-10-15T19:52:41.456Z","dependency_job_id":"fde04103-c9e4-4eec-8c7d-8b96e6095b13","html_url":"https://github.com/LDO-CERT/orochi","commit_stats":null,"previous_names":[],"tags_count":11,"template":false,"template_full_name":null,"purl":"pkg:github/LDO-CERT/orochi","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/LDO-CERT%2Forochi","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/LDO-CERT%2Forochi/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/LDO-CERT%2Forochi/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/LDO-CERT%2Forochi/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/LDO-CERT","download_url":"https://codeload.github.com/LDO-CERT/orochi/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/LDO-CERT%2Forochi/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28434772,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-14T18:57:19.464Z","status":"ssl_error","status_checked_at":"2026-01-14T18:52:48.501Z","response_time":107,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["dask","hacktoberfest","memory-dump","orochi","volatility","volatility-framework","volatility-gui"],"created_at":"2026-01-14T21:19:44.425Z","updated_at":"2026-01-14T21:19:45.325Z","avatar_url":"https://github.com/LDO-CERT.png","language":"JavaScript","readme":"# Orochi\n\n[![Black code style](https://img.shields.io/badge/code%20style-black-000000.svg)](http://shields.io/)\n[![GitHub license](https://img.shields.io/github/license/ldo-cert/orochi.svg)](https://github.com/LDO-CERT/orochi/blob/master/LICENSE)\n[![Built with Cookiecutter Django](https://img.shields.io/badge/built%20with-Cookiecutter%20Django-ff69b4.svg)](https://github.com/pydanny/cookiecutter-django/)\n[![docker-compose-actions-workflow](https://github.com/LDO-CERT/orochi/actions/workflows/push.yml/badge.svg)](https://github.com/LDO-CERT/orochi/actions/workflows/push.yml)\n[![CodeQL](https://github.com/LDO-CERT/orochi/actions/workflows/codeql-analysis.yml/badge.svg)](https://github.com/LDO-CERT/orochi/actions/workflows/codeql-analysis.yml)\n[![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/5014/badge)](https://bestpractices.coreinfrastructure.org/projects/5014)\n[![Join the chat at https://gitter.im/ldo-cert-orochi/community](https://badges.gitter.im/LDO-CERT/orochi.svg)](https://gitter.im/ldo-cert-orochi?utm_source=badge\u0026utm_medium=badge\u0026utm_campaign=pr-badge\u0026utm_content=badge)\n\n---\n\n\u003e šŸ§  **Orochi** ā€” A modern, distributed web interface for collaborative memory forensics built on **Volatility 3**, **Django**, and **Dask**.\n\n![Orochi](docs/images/orochi.png)\n\n---\n\n## Table of Contents\n\n- [About Orochi](#about-orochi)\n- [Fastest Way to Try Orochi](#fastest-way-to-try-orochi)\n- [Architecture Overview](#architecture-overview)\n- [Getting Started](#getting-started)\n - [Installation](#installation)\n - [Quick Start Guide](#quick-start-guide)\n - [Video Guide](#video-guide)\n- [Documentation](#documentation)\n- [Community](#community)\n- [Contributing](#contributing)\n- [Origin of the Name](#origin-of-the-name)\n\n---\n\n## About Orochi\n\n**Orochi** is an open-source framework for collaborative forensic memory dump analysis. \nIt lets multiple analysts upload, analyze, and correlate memory dumps simultaneously via an intuitive web interface.\n\n![Orochi-main](docs/animations/000_orochi_main.gif)\n\n---\n\n## šŸš€ Fastest Way to Try Orochi \u003ca id=\"fastest-way-to-try-orochi\"\u003e\u003c/a\u003e\n\nIf you just want to get hands-on immediately:\n\n```bash\ngit clone https://github.com/LDO-CERT/orochi.git\ncd orochi\nsudo docker-compose up\n```\n\nThen open [https://localhost](https://localhost) and log in with: \n**Username:** `admin`ā€ƒ**Password:** `admin`\n\nAt first run, Orochi will need to download **Volatility plugins** and **symbol files**. \nYou can do this directly from the **Admin Page** or by running the management commands described below.\n\n---\n\n## āš™ļø Architecture Overview \u003ca id=\"architecture-overview\"\u003e\u003c/a\u003e\n\nOrochi combines the power of Volatility 3 with distributed task management and a modern web stack:\n\n- šŸ§© **[Volatility 3](https://github.com/volatilityfoundation/volatility3):** Memory forensics framework for extracting digital artifacts.\n- āš™ļø **[Dask](https://github.com/dask/dask):** Parallel computing library that distributes plugin execution across workers.\n- šŸ—„ļø **[PostgreSQL](https://www.postgresql.org/):** Database for user and analysis metadata.\n- āœ‰ļø **[Mailpit](https://github.com/axllent/mailpit):** Local SMTP service for user registration emails.\n- šŸ§± **[Django WSGI / ASGI](https://www.djangoproject.com/):** Core web backend, including real-time WebSocket updates.\n- šŸ” **[Redis](https://github.com/redis/redis):** Message broker and cache for asynchronous communications.\n- šŸŒ **[Nginx](https://github.com/nginx/nginx):** Reverse proxy providing HTTPS termination.\n- šŸ³ **[Docker Compose](https://docs.docker.com/compose/):** Orchestrates the entire Orochi stack for both x64 and arm64 platforms.\n\n```mermaid\nflowchart TB\n %% Orientation: Top -\u003e Bottom\n\n %% Frontend (visible label)\n subgraph FRONTEND[Frontend]\n direction TB\n client[\"Client (Browser)\"]\n nginx[\"Nginx (Reverse Proxy)\"]\n end\n\n %% Application Layer\n subgraph APP[Application Layer]\n direction TB\n wsgi[\"Django WSGI (REST / Pages)\"]\n asgi[\"Django ASGI (WebSockets / Realtime)\"]\n end\n\n %% Core Services\n subgraph CORE[Core Services]\n direction TB\n postgres[\"PostgreSQL (Primary Datastore)\"]\n redis[\"Redis (Cache \u0026 Channels)\"]\n mailpit[\"Mailpit (SMTP for Sign-up)\"]\n end\n\n %% Distributed Execution\n subgraph DASK[Distributed Execution]\n direction TB\n scheduler[\"Dask Scheduler\"]\n worker1[\"Dask Worker 01 (Volatility 3)\"]\n worker2[\"Dask Worker 02 (Volatility 3)\"]\n end\n\n storage[\"Uploads Storage (/media/uploads)\"]\n\n %% Ingress\n client --\u003e|HTTPS| nginx\n nginx --\u003e wsgi\n nginx --\u003e asgi\n\n %% Database access\n wsgi \u003c--\u003e|auth, metadata, results R/W| postgres\n asgi --\u003e|state / R/W| postgres\n\n %% Redis roles\n wsgi --\u003e|cache| redis\n asgi --\u003e|channels| redis\n\n %% Email (SMTP)\n wsgi --\u003e|SMTP| mailpit\n\n %% Task submission \u0026 execution\n wsgi --\u003e|submit tasks| scheduler\n scheduler --\u003e worker1\n scheduler --\u003e worker2\n\n %% Files\n wsgi \u003c--\u003e|upload/download| storage\n worker1 \u003c--\u003e|read/write| storage\n worker2 \u003c--\u003e|read/write| storage\n worker1 --\u003e|store analysis results| postgres\n worker2 --\u003e|store analysis results| postgres\n```\n\n---\n\n## šŸ§° Getting Started \u003ca id=\"getting-started\"\u003e\u003c/a\u003e\n\n### Installation\n\nOrochi supports **multi-architecture builds** for both `x64 (amd64)` and `arm64` systems (e.g., Apple Silicon).\n\n#### Clone the Repository\n\n```bash\ngit clone https://github.com/LDO-CERT/orochi.git\ncd orochi\n```\n\n#### Configure Environment Variables\n\nSet your environment configuration in `.envs/.local/.postgres`:\n\n```\nPOSTGRES_HOST=postgres\nPOSTGRES_PORT=5432\nPOSTGRES_DB=orochi\nPOSTGRES_USER=debug\nPOSTGRES_PASSWORD=debug\n```\n\nAnd `.envs/.local/.django`:\n\n```\nUSE_DOCKER=yes\nIPYTHONDIR=/app/.ipython\nREDIS_URL=redis://redis:6379/0\nDASK_SCHEDULER_URL=tcp://scheduler:8786\n```\n\n\u003e šŸ’” **Tip:** You can adjust the number of Dask workers in `docker-compose.yml` by editing the `replicas` value under the **worker** service.\n\n#### Build or Pull the Images\n\nTo pull prebuilt images:\n\n```bash\ndocker-compose pull\n```\n\nOr build locally:\n\n```bash\ndocker-compose build\n```\n\n#### Start the Stack\n\n```bash\ndocker-compose up\n```\n\nCheck the running containers:\n\n```bash\ndocker ps -a\n```\n\nExample output:\n\n```\nNAME IMAGE COMMAND SERVICE STATUS\norochi-worker-2 ghcr.io/ldo-cert/orochi_worker:new \"/usr/bin/tini -g --ā€¦\" worker Up 5 weeks\norochi_nginx ghcr.io/ldo-cert/orochi_nginx:new \"/docker-entrypoint.ā€¦\" nginx Up 2 weeks (healthy) 0.0.0.0:443-\u003e443/tcp\n...\n```\n\nOnce the containers are running, Orochi will be available at: \nšŸ”— [https://127.0.0.1](https://127.0.0.1)\n\n#### Update \u0026 Sync Plugins / Symbols\n\n```bash\ndocker-compose run --rm django python manage.py plugins_sync\ndocker-compose run --rm django python manage.py symbols_sync\n```\n\n\u003e āš™ļø These commands can also be executed directly from the Admin page if new plugins or symbols are available.\n\n---\n\n### āš” Quick Start Guide \u003ca id=\"quick-start-guide\"\u003e\u003c/a\u003e\n\n1. Register a user via **Sign Up**\n2. Log in with your credentials\n3. Upload a memory dump (supports `.raw`, `.mem`, and zipped files)\n4. Choose the OS and optional color label\n5. Orochi automatically runs the enabled Volatility plugins in parallel via **Dask**\n6. View results, compare dumps, and bookmark findings\n\n**Default URLs:**\n\n| Service | URL |\n| --------------- | -------------------------------------------------- |\n| Orochi Homepage | [https://127.0.0.1](https://127.0.0.1) |\n| Admin Panel | [https://127.0.0.1/admin](https://127.0.0.1/admin) |\n| Mailpit | [http://127.0.0.1:8025](http://127.0.0.1:8025) |\n| Dask Dashboard | [http://127.0.0.1:8787](http://127.0.0.1:8787) |\n\n---\n\n## šŸŽ„ Video Guide \u003ca id=\"video-guide\"\u003e\u003c/a\u003e\n\n[![Watch on YouTube](https://img.youtube.com/vi/9g8EfC0OK7k/0.jpg)](https://youtu.be/9g8EfC0OK7k)\n\n**Watch a complete 15-minute setup and walkthrough** showing how to install, configure, and use Orochi.\n\n**Guide Timestamps:**\n\n- **00:00** āž”ļø _Introduction:_ Cloning the GitHub repository\n- **00:30** āž”ļø _Docker Launch:_ Starting Orochi with `docker-compose up`\n- **03:00** āž”ļø _Platform Access:_ Opening the web interface\n- **03:35** āž”ļø _Admin Configuration:_ Downloading plugins \u0026 symbols\n- **04:00** āž”ļø _Dask Monitoring:_ Observing parallel analysis tasks\n- **05:20** āž”ļø _Memory Dump Upload:_ Uploading and analyzing a file\n- **10:45** āž”ļø _Download Process:_ Retrieving dumped artifacts\n- **12:15** āž”ļø _Regipy Plugins:_ Viewing parsed registry data\n- **12:40** āž”ļø _Hex Viewer:_ Navigating memory data in hex\n- **14:35** āž”ļø _Bookmarks:_ Saving and revisiting filtered results\n\n---\n\n### šŸ“˜ Documentation \u003ca id=\"documentation\"\u003e\u003c/a\u003e\n\n- [Users Guide](docs/Users-Guide.md)\n- [Admin Guide](docs/Admin-Guide.md)\n- [API Guide](docs/API-Guide.md)\n- [Deploy to Swarm Guide](docs/Deploy-to-Swarm-Guide.md)\n\n---\n\n## šŸ‘„ Community \u003ca id=\"community\"\u003e\u003c/a\u003e\n\nJoin discussions and get help on [Gitter](https://gitter.im/ldo-cert-orochi/community). \nWe welcome questions, feedback, and new ideas to improve Orochi!\n\n\u003e šŸ’” **Tip:** You can also open GitHub Discussions or Issues directly in this repository.\n\n---\n\n## šŸ¤ Contributing \u003ca id=\"contributing\"\u003e\u003c/a\u003e\n\nWe love community contributions! \nPlease review the [Contributing Guidelines](CONTRIBUTING.md) and [Code of Conduct](CODE_OF_CONDUCT.md).\n\n\u003e šŸ§© Pull requests are welcome ā€” from typo fixes to new integrations and plugin improvements.\n\n---\n\n## šŸ‰ Origin of the Name \u003ca id=\"origin-of-the-name\"\u003e\u003c/a\u003e\n\n\u003e _\"Its eyes are like akakagachi, it has one body with eight heads and eight tails. Moss and cypress grow on its back, its belly is constantly bloody and inflamed.\"_\n\n[Read the full legend on Wikipedia ā†’](https://en.wikipedia.org/wiki/Yamata_no_Orochi)\n\nšŸ—”ļø _Let's go cut tails and find your Kusanagi-no-Tsurugi!_\n\n---\n\nĀ© 2025 LDO-CERT ā€” Collaborative Memory Forensics Platform\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fldo-cert%2Forochi","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fldo-cert%2Forochi","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fldo-cert%2Forochi/lists"}