{"id":38704719,"url":"https://github.com/pandora-analysis/pandora","last_synced_at":"2026-01-17T10:54:36.451Z","repository":{"id":37701230,"uuid":"408750607","full_name":"pandora-analysis/pandora","owner":"pandora-analysis","description":"Pandora is an analysis framework to discover if a file is suspicious and conveniently show the results ","archived":false,"fork":false,"pushed_at":"2026-01-12T17:00:12.000Z","size":7885,"stargazers_count":276,"open_issues_count":62,"forks_count":43,"subscribers_count":8,"default_branch":"main","last_synced_at":"2026-01-12T22:21:14.842Z","etag":null,"topics":["document-analysis","document-analyzing","infosec","malware-detection"],"latest_commit_sha":null,"homepage":"https://pandora.circl.lu/","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/pandora-analysis.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"code_of_conduct.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"security.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2021-09-21T08:56:43.000Z","updated_at":"2026-01-12T17:00:23.000Z","dependencies_parsed_at":"2023-11-20T23:28:01.166Z","dependency_job_id":"76c1888b-0d41-483c-bfea-8e77643f25ef","html_url":"https://github.com/pandora-analysis/pandora","commit_stats":null,"previous_names":[],"tags_count":19,"template":false,"template_full_name":null,"purl":"pkg:github/pandora-analysis/pandora","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pandora-analysis%2Fpandora","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pandora-analysis%2Fpandora/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pandora-analysis%2Fpandora/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pandora-analysis%2Fpandora/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/pandora-analysis","download_url":"https://codeload.github.com/pandora-analysis/pandora/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pandora-analysis%2Fpandora/sbom","scorecard":{"id":1236484,"data":{"date":"2025-08-29T15:08:53Z","repo":{"name":"github.com/pandora-analysis/pandora","commit":"135207e1738deb9582a9c0ca63d9991a45c33cec"},"scorecard":{"version":"v5.2.1","commit":"ab2f6e92482462fe66246d9e32f642855a691dc1"},"score":7.3,"checks":[{"name":"Code-Review","score":0,"reason":"Found 0/27 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#code-review"}},{"name":"Maintained","score":10,"reason":"30 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#maintained"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#binary-artifacts"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: security.md:1","Info: Found linked content: security.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: security.md:1","Info: Found text in security policy: security.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#security-policy"}},{"name":"Dependency-Update-Tool","score":10,"reason":"update tool detected","details":["Info: detected update tool: Dependabot: .github/dependabot.yml:1"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#dependency-update-tool"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":9,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: jobLevel 'packages' permission set to 'read': .github/workflows/codeql.yml:36","Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql.yml:39","Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:40","Info: jobLevel 'contents' permission set to 'read': .github/workflows/docker-publish.yml:31","Warn: no topLevel permission defined: .github/workflows/codeql.yml:1","Info: topLevel 'contents' permission set to 'read': .github/workflows/docker-publish.yml:17","Info: topLevel 'contents' permission set to 'read': .github/workflows/lint.yml:12","Info: topLevel 'contents' permission set to 'read': .github/workflows/mypy.yml:10","Info: topLevel permissions set to 'read-all': .github/workflows/scorecards-analysis.yml:18","Info: topLevel 'contents' permission set to 'read': .github/workflows/test_api.yml:10","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#cii-best-practices"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/pandora-analysis/pandora/codeql.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/pandora-analysis/pandora/codeql.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:92: update your workflow using https://app.stepsecurity.io/secureworkflow/pandora-analysis/pandora/codeql.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker-publish.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/pandora-analysis/pandora/docker-publish.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-publish.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/pandora-analysis/pandora/docker-publish.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-publish.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/pandora-analysis/pandora/docker-publish.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-publish.yml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/pandora-analysis/pandora/docker-publish.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-publish.yml:66: update your workflow using https://app.stepsecurity.io/secureworkflow/pandora-analysis/pandora/docker-publish.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-publish.yml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/pandora-analysis/pandora/docker-publish.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/pandora-analysis/pandora/lint.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/pandora-analysis/pandora/lint.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/lint.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/pandora-analysis/pandora/lint.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/mypy.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/pandora-analysis/pandora/mypy.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/mypy.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/pandora-analysis/pandora/mypy.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/scorecards-analysis.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/pandora-analysis/pandora/scorecards-analysis.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/scorecards-analysis.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/pandora-analysis/pandora/scorecards-analysis.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/scorecards-analysis.yml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/pandora-analysis/pandora/scorecards-analysis.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/scorecards-analysis.yml:70: update your workflow using https://app.stepsecurity.io/secureworkflow/pandora-analysis/pandora/scorecards-analysis.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_api.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/pandora-analysis/pandora/test_api.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_api.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/pandora-analysis/pandora/test_api.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_api.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/pandora-analysis/pandora/test_api.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_api.yml:70: update your workflow using https://app.stepsecurity.io/secureworkflow/pandora-analysis/pandora/test_api.yml/main?enable=pin","Warn: containerImage not pinned by hash: Dockerfile:1: pin your Docker image by updating ubuntu:22.04 to ubuntu:22.04@sha256:1aa979d85661c488ce030ac292876cf6ed04535d3a237e49f61542d8e5de5ae0","Warn: pipCommand not pinned by hash: Dockerfile:6-27","Warn: pipCommand not pinned by hash: .github/workflows/mypy.yml:34","Warn: pipCommand not pinned by hash: .github/workflows/test_api.yml:65","Info:   0 out of  15 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   7 third-party GitHubAction dependencies pinned","Info:   0 out of   1 containerImage dependencies pinned","Info:   0 out of   3 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#pinned-dependencies"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: GNU Affero General Public License v3.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#license"}},{"name":"SAST","score":10,"reason":"SAST tool is run on all commits","details":["Info: SAST configuration detected: CodeQL","Info: all commits (3) are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#sast"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#fuzzing"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#vulnerabilities"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/docker-publish.yml:27"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#packaging"}},{"name":"Branch-Protection","score":3,"reason":"branch protection is not maximal on development and all release branches","details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Warn: 'branch protection settings apply to administrators' is disabled on branch 'main'","Warn: 'stale review dismissal' is disabled on branch 'main'","Warn: codeowners review is not required on branch 'main'","Warn: 'last push approval' is disabled on branch 'main'","Warn: 'up-to-date branches' is disabled on branch 'main'","Warn: no status checks found to merge onto branch 'main'","Warn: PRs are not required to make changes on branch 'main'; or we don't have data to detect it.If you think it might be the latter, make sure to run Scorecard with a PAT or use Repo Rules (that are always public) instead of Branch Protection settings"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#branch-protection"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#signed-releases"}},{"name":"CI-Tests","score":10,"reason":"2 out of 2 merged PRs checked by a CI test -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#ci-tests"}},{"name":"Contributors","score":10,"reason":"project has 30 contributing companies or organizations","details":["Info: found contributions from: ArmoredPidgin, CIRCL, CSCLuxembourg, CiviCERT, CodeClubLux, CyCat-project, D4-project, DC11331, Lookyloo, M82-project, MISP, RaReNet, ail-project, attack-community, brightsplash, cerebrate-project, certtools, challengehackers, circl @misp @lookyloo @pandora-analysis @ail-project, cve-search, dataspectra, gcve-eu, hack-lu, hashlookup, misp @circl @cve-search and many others, monarc-project, quuxlabs, senthorus, vulnerability-lookup, yaf-project"],"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#contributors"}}]},"last_synced_at":"2025-08-29T16:43:41.406Z","repository_id":37701230,"created_at":"2025-08-29T16:43:41.406Z","updated_at":"2025-08-29T16:43:41.406Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28506593,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-17T10:25:30.148Z","status":"ssl_error","status_checked_at":"2026-01-17T10:25:29.718Z","response_time":85,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["document-analysis","document-analyzing","infosec","malware-detection"],"created_at":"2026-01-17T10:54:36.365Z","updated_at":"2026-01-17T10:54:36.441Z","avatar_url":"https://github.com/pandora-analysis.png","language":"Python","funding_links":[],"categories":["Cybersecurity"],"sub_categories":[],"readme":"\n[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/pandora-analysis/pandora/badge)](https://api.securityscorecards.dev/projects/github.com/pandora-analysis/pandora)\n\n\n# Pandora\n\n\u003cimg src=\"https://pandora.circl.lu/static/images/logo.svg\" width=\"250\" height=\"250\"\u003e\n\nPandora is an analysis framework to discover if a file is suspicious and conveniently show the results.\n\n## Features\n\n- Flexible and open source framework to integrate external tools for checking files.\n- A convenient preview module to allow a safe preview for end-users.\n- A way to share results on-demand by the end-users.\n- Complete standalone open source solution which can allow any organisation to run their own without leaking information or sensitive documents.\n- Analysis modules included are [hashlookup](https://github.com/pandora-analysis/pandora/blob/main/pandora/workers/hashlookup.py), [hybridanalysis](https://github.com/pandora-analysis/pandora/blob/main/pandora/workers/hybridanalysis.py), [irma](https://github.com/pandora-analysis/pandora/blob/main/pandora/workers/irma.py), [joesandbox](https://github.com/pandora-analysis/pandora/blob/main/pandora/workers/joesandbox.py), [malwarebazaar](https://github.com/pandora-analysis/pandora/blob/main/pandora/workers/malwarebazaar.py), [msodde](https://github.com/pandora-analysis/pandora/blob/main/pandora/workers/msodde.py), [mwdb](https://github.com/pandora-analysis/pandora/blob/main/pandora/workers/mwdb.py), [ole](https://github.com/pandora-analysis/pandora/blob/main/pandora/workers/ole.py), [virustotal](https://github.com/pandora-analysis/pandora/blob/main/pandora/workers/virustotal.py), [xmldeobfuscator](https://github.com/pandora-analysis/pandora/blob/main/pandora/workers/xmldeobfuscator.py), [yara](https://github.com/pandora-analysis/pandora/blob/main/pandora/workers/yara.py).\n\n# Demo and online public instance\n\n- CIRCL operates a [public instance of pandora](https://pandora.circl.lu/) which can be used for evaluating pandora.\n\n# Install guide\n\nNote that it is *strongly* recommended to use Ubuntu 24.04, which comes with a more recent version of libreoffice.\nUsing anything older will result in annoying issues when restarting the service: libreoffice\nisn't always stopped properly and it results in dead processes using 100% CPU.\n\n## System dependencies\n\nYou need poetry installed, see the [install guide](https://python-poetry.org/docs/).\n\n## Prerequisites\n\n### Valkey (formerly Redis)\n\n[Valkey](https://valkey.io/): An open source (BSD licensed), in-memory data structure store, used as a database, cache and message broker.\n\nNOTE: Valkey should be installed from the source, and the repository must be in the same directory as the one you will be cloning Pandora into.\n\nIn order to compile and test valkey, you will need a few packages:\n\n```bash\nsudo apt-get update\nsudo apt install build-essential tcl\n```\n\n```bash\ngit clone https://github.com/valkey-io/valkey.git\ncd valkey\ngit checkout 8.0\nmake -j4\n# Optionally, you can run the tests:\nmake test\ncd ..\n```\n\n### Kvrocks\n\n[Kvrocks](https://github.com/apache/kvrocks) is a distributed key value NoSQL database that uses RocksDB as storage engine and is compatible with Valkey protocol.\nKvrocks intends to decrease the cost of memory and increase the capability while compared to valkey.\n\n\n#### Installing from source\n\nNOTE: Kvrocks should be installed from the source, and the repository must be in the same directory as the one you will be cloning Pandora into.\n\nNOTE: Compiling Kvrocks takes well over 1 hour, you may want to use docker instead (see below).\n\n\nIn order to compile kvrocks, you will need a few packages:\n\n```bash\nsudo apt-get update\nsudo apt install git gcc g++ make cmake autoconf automake libtool python3 libssl-dev\n```\n\n```bash\ngit clone --recursive  https://github.com/apache/kvrocks.git kvrocks\ncd kvrocks\ngit checkout 2.10\n./x.py build -j4\ncd ..\n```\n\n#### Using docker\n\nIf you have docker installed you don't have anything to do. It expects docker installed in [rootless mode](https://docs.docker.com/engine/security/rootless/) (no sudo required).\nIn case you have docker installed in normal mode, you will need to edit `storage/run_kvrocks.sh` and prepend `sudo` to the docker call.\n\n\n### Clone pandora\n\nDo the usual:\n\n```bash\ngit clone https://github.com/pandora-analysis/pandora.git\n```\n\n### Ready to install pandora?\n\nAnd at this point, you should be in a directory that contains `valkey`, `kvrocks`, and `pandora`.\n\nMake sure it is the case by running `ls valkey kvrocks pandora`. If you see `No such file or directory`,\none of them is missing and you need to fix the installation.\n\nThe directory tree must look like that:\n\n```\n.\n├── valkey  =\u003e compiled valkey\n├── kvrocks =\u003e compiled kvrocks\n└── pandora =\u003e not installed pandora yet\n```\n\n## Installation\n\n### System dependencies (requires root)\n\n```bash\nsudo apt install python3-dev  # for compiling things\nsudo apt install libpango-1.0-0 libharfbuzz0b libpangoft2-1.0-0  # For HTML -\u003e PDF\nsudo apt install libreoffice-nogui # For Office -\u003e PDF\nsudo apt install exiftool  # for extracting exif information\nsudo apt install unrar  # for extracting rar files\nsudo apt install libxml2-dev libxslt1-dev antiword unrtf poppler-utils tesseract-ocr flac ffmpeg lame libmad0 libsox-fmt-mp3 sox libjpeg-dev swig  # for textract\nsudo apt install libssl-dev  # seems required for yara-python\nsudo apt install libcairo2-dev  # Required by reportlab, svglib\n```\n\nNote: on Ubuntu 20.04, libreoffice-nogui cannot be installed due to some dependencies issues.\n\n### Important notes regarding libreoffice\n\nSome have issues when generating previews. It seems to be related to the version of libreoffice in the packages, and the headless version (`*-nogui` packages) that are sometimes failing. If you see error messages in the logs, install libreoffice from the PPA:\n\n```bash\nsudo add-apt-repository ppa:libreoffice/ppa\nsudo apt-get update\nsudo apt-get install libreoffice\n```\n\n### Pandora installation\n\nFrom the directory you cloned Pandora to, run:\n\n```bash\ncd pandora  # if you're not already in the directory\npoetry install\n```\n\nInitialize the `.env` file:\n\n```bash\necho PANDORA_HOME=\"`pwd`\" \u003e\u003e .env\n```\n\nGet web dependencies (css, font, js)\n```bash\npoetry run python tools/3rdparty.py\n```\nBe aware that those are version-constrained because [SubResource Integrity (SRI)](https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity) is used (set in website/web/sri.txt).\n\n### Configuration\n\nCopy the config file:\n\n```bash\ncp config/generic.json.sample config/generic.json\n```\n\nAnd configure it accordingly to your needs.\n\n### Antivirus workers\n\n#### ClamAV\n\nInstall the package from the official repositories, and the default config will work out of the box:\n\n```bash\nsudo apt-get install clamav-daemon\n# In order for the module to work, you need the signatures.\n# Running the command \"freshclam\" will do it but if the script is already running\n# (it is started by the systemd service clamav-freshclam)\n# You might want to run the commands below:\nsudo systemctl stop clamav-freshclam.service  # Stop the service\nsudo freshclam  # Run the signatures update\nsudo systemctl start clamav-freshclam.service # Start the service so we keep getting the updates\n```\n\nThen, check if `/var/run/clamav/clamd.ctl` exists. If it doesn't, start the service:\n\n```bash\nsudo service clamav-daemon start\n```\n\n#### Comodo (install only if you really want it, ignore otherwise)\n\nInstall it from the official website:\n\n```bash\nwget https://download.comodo.com/cis/download/installs/linux/cav-linux_x64.deb\nsudo dpkg --ignore-depends=libssl0.9.8 -i cav-linux_x64.deb\n```\n\nAs we need X session to download the database automatically, the easiest on a server is to\ndo it manually from the [official website](https://www.comodo.com/home/internet-security/updates/vdp/database.php).\n\n```bash\nsudo wget http://cdn.download.comodo.com/av/updates58/sigs/bases/bases.cav -O /opt/COMODO/scanners/bases.cav\n```\n\nBest way to keep your Database up-to-date is to create a cron running it.\n\nIn case of error during the next upgrade of the system, edit `/var/lib/dpkg/status`\nand remove the dependencies for cav-linux packages.\n\n### Workers configuration\n\nCopy the sample config files (`\u003cworkername\u003e.yml.sample`) and edit the newly created ones (`\u003cworkername\u003e.yml`):\n\n```bash\nfor file in pandora/workers/*.sample; do cp -i ${file} ${file%%.sample}; done\n```\n\nConfigure them accordingly to your needs (API key, file paths, ...).\n\n### Update and launch\n\nRun the following command to fetch the required javascript deps and run pandora.\n\n```bash\npoetry run update --yes\n```\n\nWith the default configuration, you can access the web interface on `http://0.0.0.0:6100`.\n\n# Usage\n\nStart the tool (as usual, from the directory):\n\n```bash\npoetry run start\n```\n\nYou can stop it with\n\n```bash\npoetry run stop\n```\n\nWith the default configuration, you can access the web interface on `http://0.0.0.0:6100`.\n\n# AppArmor and security notes\n\nIt is important to keep in mind that Pandora parses and sometimes opens or runs untrusted and\n(potentially) malicious content.\nOne of the most dangerous dependency is libreoffice, which is used to generate the\npreviews of office documents. By default libreoffice doesn't runs macros, but\nas every big piece of software, it has vulnerabilities, known or not.\nYou absolutely must make sure you always run the most up-to-date version, and keep track of the\nsecurity patches. On top of that, there will be 0-days, meaning vulnerabilities lacking\na patch (yet). If they can be exploited against libreoffice used by Pandora,\nit could lead to your system being compromised.\n\nTwo things you can do to mitigate the risks:\n\n* make sure the machine running Pandora cannot be used to connect to anything internal in your organisation\n* enable AppArmor profiles related to libreoffice:\n\n```bash\nsudo apt install apparmor-utils  # Installs utils for apparmor\n```\n\nEdit `/etc/apparmor.d/usr.lib.libreoffice.program.soffice.bin` and insert:\n\n```\n  owner @{HOME}/pandora/tasks/** rwk,\n```\n\nAnywhere below this line:\n\n```\nprofile libreoffice-soffice /usr/lib/libreoffice/program/soffice.bin {\n```\n\nAnd finally, enable the profiles:\n\n```bash\naa-enforce /etc/apparmor.d/usr.lib.libreoffice*\n```\n\n# Notes \u0026 issues\n\nIf you're getting a stacktrace that look like that:\n\n```\nFatal exception: Signal 6\nStack:\n/usr/lib/libreoffice/program/libuno_sal.so.3(+0x3ffc3)[0x7f80bb86ffc3]\n/usr/lib/libreoffice/program/libuno_sal.so.3(+0x4013a)[0x7f80bb87013a]\n/lib/x86_64-linux-gnu/libc.so.6(+0x43090)[0x7f80bb675090]\n/lib/x86_64-linux-gnu/libc.so.6(gsignal+0xcb)[0x7f80bb67500b]\n/lib/x86_64-linux-gnu/libc.so.6(abort+0x12b)[0x7f80bb654859]\n/usr/lib/libreoffice/program/libmergedlo.so(+0x1219b92)[0x7f80bcab2b92]\n/usr/lib/libreoffice/program/libmergedlo.so(_ZN11Application5AbortERKN3rtl8OUStringE+0x98)[0x7f80bea12ed8]\n/usr/lib/libreoffice/program/libmergedlo.so(+0x21c6026)[0x7f80bda5f026]\n/usr/lib/libreoffice/program/libmergedlo.so(+0x3181ec1)[0x7f80bea1aec1]\n/usr/lib/libreoffice/program/libuno_sal.so.3(+0x18832)[0x7f80bb848832]\n/usr/lib/libreoffice/program/libuno_sal.so.3(+0x400a7)[0x7f80bb8700a7]\n/lib/x86_64-linux-gnu/libc.so.6(+0x43090)[0x7f80bb675090]\n/usr/lib/libreoffice/program/libmergedlo.so(_ZNK3vcl6Window9GetCursorEv+0x4)[0x7f80be7473a4]\n/usr/lib/libreoffice/program/libmergedlo.so(+0x276cfba)[0x7f80be005fba]\n/usr/lib/libreoffice/program/libmergedlo.so(_ZN9Scheduler22CallbackTaskSchedulingEv+0x2fb)[0x7f80bea0372b]\n/usr/lib/libreoffice/program/libmergedlo.so(_ZN14SvpSalInstance12CheckTimeoutEb+0x10e)[0x7f80beb835ce]\n/usr/lib/libreoffice/program/libmergedlo.so(_ZN14SvpSalInstance7DoYieldEbb+0x8b)[0x7f80beb836db]\n/usr/lib/libreoffice/program/libmergedlo.so(+0x3179872)[0x7f80bea12872]\n/usr/lib/libreoffice/program/libmergedlo.so(_ZN11Application7ExecuteEv+0x45)[0x7f80bea14d35]\n/usr/lib/libreoffice/program/libmergedlo.so(+0x21cdc2b)[0x7f80bda66c2b]\n/usr/lib/libreoffice/program/libmergedlo.so(_Z10ImplSVMainv+0x51)[0x7f80bea1c731]\n/usr/lib/libreoffice/program/libmergedlo.so(soffice_main+0xa3)[0x7f80bda80523]\n/usr/lib/libreoffice/program/soffice.bin(+0x10b0)[0x55edfc86e0b0]\n/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf3)[0x7f80bb656083]\n/usr/lib/libreoffice/program/soffice.bin(+0x10ee)[0x55edfc86e0ee]\n```\n\nInstall the full `libreoffice` package, the `*-nogui` once cause crashes like that, on some files.\n\n\n# Contributing\n\nFeel free to fork the code, play with it, make some patches and send us the pull requests.\n\nFeel free to contact us, create [issues](https://github.com/pandora-analysis/pandora/issues) if you have questions, remarks or bug reports.\n\nIf you have any report concerning security, please read the [SECURITY page](security.md) on how to report security issues and vulnerabilities.\n\nFor more details about how to contribute, don't hesitate to have a look at our [contributing](CONTRIBUTING.md) page.\n\n# License\n\nCopyright (C) 2021-2022 [CIRCL](https://www.circl.lu/) - Computer Incident Response Center Luxembourg\n\nCopyright (C) 2021-2022 [Raphaël Vinot](https://github.com/Rafiot) - Computer Incident Response Center Luxembourg\n\nCopyright (C) 2017-2022 [CERT-AG](https://cert-ag.com/) - CERT AG\n\nThis program is free software: you can redistribute it and/or modify\nit under the terms of the GNU Affero General Public License as published\nby the Free Software Foundation, either version 3 of the License, or\n(at your option) any later version.\n\nThis program is distributed in the hope that it will be useful,\nbut WITHOUT ANY WARRANTY; without even the implied warranty of\nMERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\nGNU Affero General Public License for more details.\n\nYou should have received a copy of the GNU Affero General Public License\nalong with this program.  If not, see \u003chttps://www.gnu.org/licenses/\u003e.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpandora-analysis%2Fpandora","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpandora-analysis%2Fpandora","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpandora-analysis%2Fpandora/lists"}