{"id":13509525,"url":"https://github.com/maliceio/malice","last_synced_at":"2025-09-28T23:30:54.944Z","repository":{"id":41384232,"uuid":"48340765","full_name":"maliceio/malice","owner":"maliceio","description":"VirusTotal Wanna Be - Now with 100% more Hipster","archived":true,"fork":false,"pushed_at":"2023-04-03T23:03:21.000Z","size":33558,"stargazers_count":1585,"open_issues_count":26,"forks_count":273,"subscribers_count":96,"default_branch":"master","last_synced_at":"2024-02-15T10:32:08.335Z","etag":null,"topics":["antivirus","cloud","cybersecurity","dfir","docker","elasticsearch","golang","infosec","malice","malware","malware-analysis","malware-research","virustotal"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/maliceio.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2015-12-20T23:12:43.000Z","updated_at":"2024-02-13T13:08:02.000Z","dependencies_parsed_at":"2022-08-25T13:30:26.564Z","dependency_job_id":"f80dc4b9-4d25-49df-a0a6-ab0b3c0ffa30","html_url":"https://github.com/maliceio/malice","commit_stats":null,"previous_names":["blacktop/go-malice","maliceio/go-malice"],"tags_count":28,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/maliceio%2Fmalice","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/maliceio%2Fmalice/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/maliceio%2Fmalice/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/maliceio%2Fmalice/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/maliceio","download_url":"https://codeload.github.com/maliceio/malice/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":234569788,"owners_count":18854133,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["antivirus","cloud","cybersecurity","dfir","docker","elasticsearch","golang","infosec","malice","malware","malware-analysis","malware-research","virustotal"],"created_at":"2024-08-01T02:01:09.053Z","updated_at":"2025-09-28T23:30:49.863Z","avatar_url":"https://github.com/maliceio.png","language":"Go","funding_links":[],"categories":["Online Scanners and Sandboxes","Go","\u003ca id=\"43b0310ac54c147a62c545a2b0f4bce2\"\u003e\u003c/a\u003e辅助周边","Detection Engines","Other Lists","malware-analysis","\u003ca id=\"569887799ee0148230cc5d7bf98e96d0\"\u003e\u003c/a\u003e未分类-Assist"],"sub_categories":["Other Resources","\u003ca id=\"569887799ee0148230cc5d7bf98e96d0\"\u003e\u003c/a\u003e未分类","🧪 LAB","\u003ca id=\"776c034543a65be69c061d1aafce3127\"\u003e\u003c/a\u003e新添加的"],"readme":"![malice logo](https://raw.githubusercontent.com/maliceio/malice/master/docs/images/logo/malice.png)\n\n# malice\n\n[![Circle CI](https://circleci.com/gh/maliceio/malice.png?style=shield)](https://circleci.com/gh/maliceio/malice) [![License](https://img.shields.io/badge/licence-Apache%202.0-blue.svg)](LICENSE) [![Release](https://img.shields.io/github/release/maliceio/malice.svg)](https://github.com/gmaliceio/malice/releases/latest) [![bh-arsenal](https://github.com/toolswatch/badges/blob/master/arsenal/usa/2018.svg)](https://www.blackhat.com/us-18/arsenal/schedule/index.html#maliceio-12000) [![Gitter](https://badges.gitter.im/maliceio/malice.svg)](https://gitter.im/maliceio/malice)\n\n\u003e Malice's mission is to be a free open source version of VirusTotal that anyone can use at any scale from an independent researcher to a fortune 500 company.\n\n---\n\n## Try It Out\n\n\u003e **DEMO:** [demo.malice.io](\u003chttps://demo.malice.io/app/kibana#/discover?_g=(refreshInterval:(pause:!t,value:0),time:(from:'2018-09-03T04:00:00.000Z',mode:absolute,to:'2018-09-10T04:00:00.000Z'))\u0026_a=(columns:!(_source),index:afe16d30-b234-11e8-84d2-4fddc6da27ff,interval:auto,query:(language:lucene,query:''),sort:!(scan_date,desc))\u003e)\n\n- **username**: `malice`\n- **password**: `ecilam`\n\n## Requirements\n\n### Hardware\n\n- ~16GB disk space\n- ~4GB RAM\n\n### Software\n\n- [Docker](https://docs.docker.com)\n\n## Getting Started (OSX)\n\n### Install\n\n```bash\n$ brew install maliceio/tap/malice\n```\n\n```\nUsage: malice [OPTIONS] COMMAND [arg...]\n\nOpen Source Malware Analysis Framework\n\nVersion: 0.3.11\n\nAuthor:\n  blacktop - \u003chttps://github.com/blacktop\u003e\n\nOptions:\n  --debug, -D      Enable debug mode [$MALICE_DEBUG]\n  --help, -h       show help\n  --version, -v    print the version\n\nCommands:\n  scan        Scan a file\n  watch        Watch a folder\n  lookup    Look up a file hash\n  elk        Start an ELK docker container\n  plugin    List, Install or Remove Plugins\n  help        Shows a list of commands or help for one command\n\nRun 'malice COMMAND --help' for more information on a command.\n```\n\n### Scan some _malware_\n\n```bash\n$ malice scan evil.malware\n```\n\n\u003e **NOTE:** On the first run malice will download all of it's default plugins which can take a while to complete.\n\nMalice will output the results as a markdown table that can be piped or copied into a **results.md** that will look great on Github see [here](docs/examples/scan.md)\n\n### Start Malice's Web UI\n\n```bash\n$ malice elk\n```\n\n\u003e You can open the [Kibana](https://www.elastic.co/products/kibana) UI and look at the scan results here: \u003chttp://localhost\u003e (_assuming you are using Docker for Mac_)\n\n![kibana-setup](docs/images/kibana-setup.png)\n\n- Type in **malice** as the `Index name or pattern` and click **Create**.\n\n- Now click on the `Malice Tab` and **behold!!!**\n\n![kibana-plugin](docs/images/new-screen.png)\n\n## Getting Started (_Docker in Docker_)\n\n[![CircleCI](https://circleci.com/gh/maliceio/malice.png?style=shield)](https://circleci.com/gh/maliceio/malice) [![Docker Stars](https://img.shields.io/docker/stars/malice/engine.svg)](https://hub.docker.com/r/malice/engine/) [![Docker Pulls](https://img.shields.io/docker/pulls/malice/engine.svg)](https://hub.docker.com/r/malice/engine/) [![Docker Image](https://img.shields.io/badge/docker%20image-30.6%20MB-blue.svg)](https://hub.docker.com/r/malice/engine/)\n\n### Install/Update all Plugins\n\n```bash\ndocker run --rm -v /var/run/docker.sock:/var/run/docker.sock malice/engine plugin update --all\n```\n\n### Scan a file\n\n```bash\ndocker run --rm -v /var/run/docker.sock:/var/run/docker.sock \\\n                -v `pwd`:/malice/samples \\\n                --network=\"host\" \\\n                -e MALICE_VT_API=$MALICE_VT_API \\\n                malice/engine scan SAMPLE\n```\n\n## Documentation\n\n- [Documentation](docs)\n- [Plugins](docs/plugins)\n- [Examples](docs/examples)\n- [Roadmap](docs/roadmap)\n- [Contributing](CONTRIBUTING.md)\n\n### Known Issues :warning:\n\n#### If you are having issues with `malice` connecting/writting to `elasticsearch` please see the following:\n\nI have noticed when running the new **5.0+** version of [malice/elasticsearch](https://github.com/maliceio/elasticsearch) on a linux host you need to increase the memory map areas with the following command\n\n```bash\nsudo sysctl -w vm.max_map_count=262144\n```\n\nElasticsearch requires a **LOT** of RAM to run smoothly. You can lower it to **2GB** by running the following _(**before running a scan**)_:\n\n```bash\n$ docker run -d \\\n         -p 9200:9200 \\\n         --name malice-elastic \\\n         -e ES_JAVA_OPTS=\"-Xms2g -Xmx2g\" \\\n         malice/elasticsearch\n```\n\n#### See here for more details on [Known Issues/FAQs](https://github.com/maliceio/malice/blob/master/docs/KnownBugs.md) :warning:\n\n### Issues\n\nFind a bug? Want more features? Find something missing in the documentation? Let me know! Please don't hesitate to [file an issue](https://github.com/maliceio/malice/issues/new)\n\n### CHANGELOG\n\nSee [`CHANGELOG.md`](https://github.com/maliceio/malice/blob/master/CHANGELOG.md)\n\n### License\n\nApache License (Version 2.0)\u003cbr\u003e\nCopyright (c) 2013 - 2018 **blacktop**\n\n \u003c!-- [![Slack](https://malice-slack.herokuapp.com/badge.svg)](https://malice-slack.herokuapp.com) --\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmaliceio%2Fmalice","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmaliceio%2Fmalice","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmaliceio%2Fmalice/lists"}