https://github.com/cybercentrecanada/assemblyline-service-elfparser
Assemblyline 4 service for Elfparser
https://github.com/cybercentrecanada/assemblyline-service-elfparser
assemblyline elf elf-parser malware-analysis
Last synced: 8 days ago
JSON representation
Assemblyline 4 service for Elfparser
- Host: GitHub
- URL: https://github.com/cybercentrecanada/assemblyline-service-elfparser
- Owner: CybercentreCanada
- License: mit
- Created: 2021-10-28T17:00:50.000Z (almost 4 years ago)
- Default Branch: main
- Last Pushed: 2025-01-06T18:51:01.000Z (10 months ago)
- Last Synced: 2025-01-06T19:49:42.438Z (10 months ago)
- Topics: assemblyline, elf, elf-parser, malware-analysis
- Language: Python
- Homepage: https://cybercentrecanada.github.io/assemblyline4_docs/
- Size: 830 KB
- Stars: 0
- Watchers: 2
- Forks: 1
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
Awesome Lists containing this project
README
[](https://discord.gg/GUAy9wErNu)
[](https://discord.gg/GUAy9wErNu)
[](https://github.com/CybercentreCanada/assemblyline)
[](https://github.com/CybercentreCanada/assemblyline-service-elfparser)
[](https://github.com/CybercentreCanada/assemblyline/issues?q=is:issue+is:open+label:service-elfparser)
[](./LICENSE)
# ELFPARSER Service
This Assemblyline service runs the elfparser application against linux executables. It will extract information from the output and format it for easy viewing in the web interface.
## Service Details
### Compiling elfparser
To compile elfparser for assemblyline, first download the latest release (1.4.0 at the time of writing) from the official repository at https://github.com/jacob-baines/elfparser.
```bash
docker run -u 0 --rm -v $(path_to_extracted_elfparser_source_code):/tmp/elfparser -it cccs/assemblyline-v4-service-base /bin/bash
apt update
apt install -y cmake libboost-all-dev build-essential
mkdir /tmp/elfparser/build
cd /tmp/elfparser/build
cmake ..
make
```
## Image variants and tags
Assemblyline services are built from the [Assemblyline service base image](https://hub.docker.com/r/cccs/assemblyline-v4-service-base),
which is based on Debian 11 with Python 3.11.
Assemblyline services use the following tag definitions:
| **Tag Type** | **Description** | **Example Tag** |
| :----------: | :----------------------------------------------------------------------------------------------- | :------------------------: |
| latest | The most recent build (can be unstable). | `latest` |
| build_type | The type of build used. `dev` is the latest unstable build. `stable` is the latest stable build. | `stable` or `dev` |
| series | Complete build details, including version and build type: `version.buildType`. | `4.5.stable`, `4.5.1.dev3` |
## Running this service
This is an Assemblyline service. It is designed to run as part of the Assemblyline framework.
If you would like to test this service locally, you can run the Docker image directly from the a shell:
docker run \
--name ELFPARSER \
--env SERVICE_API_HOST=http://`ip addr show docker0 | grep "inet " | awk '{print $2}' | cut -f1 -d"/"`:5003 \
--network=host \
cccs/assemblyline-service-elfparser
To add this service to your Assemblyline deployment, follow this
[guide](https://cybercentrecanada.github.io/assemblyline4_docs/developer_manual/services/run_your_service/#add-the-container-to-your-deployment).
## Documentation
General Assemblyline documentation can be found at: https://cybercentrecanada.github.io/assemblyline4_docs/
# Service ELFPARSER
Ce service Assemblyline exécute l'application elfparser sur des exécutables Linux. Il extrait des informations de la sortie et les formate pour faciliter la visualisation dans l'interface web.
## Service Details
### Compilation d'elfparser
Pour compiler elfparser pour assemblyline, téléchargez d'abord la dernière version (1.4.0 au moment de la rédaction de ce document) depuis le dépôt officiel à l'adresse https://github.com/jacob-baines/elfparser.
```bash
docker run -u 0 --rm -v $(path_to_extracted_elfparser_source_code):/tmp/elfparser -it cccs/assemblyline-v4-service-base /bin/bash
apt update
apt install -y cmake libboost-all-dev build-essential
mkdir /tmp/elfparser/build
cd /tmp/elfparser/build
cmake ...
make
```
## Variantes et étiquettes d'image
Les services d'Assemblyline sont construits à partir de l'image de base [Assemblyline service](https://hub.docker.com/r/cccs/assemblyline-v4-service-base),
qui est basée sur Debian 11 avec Python 3.11.
Les services d'Assemblyline utilisent les définitions d'étiquettes suivantes:
| **Type d'étiquette** | **Description** | **Exemple d'étiquette** |
| :------------------: | :------------------------------------------------------------------------------------------------------------- | :------------------------: |
| dernière version | La version la plus récente (peut être instable). | `latest` |
| build_type | Type de construction utilisé. `dev` est la dernière version instable. `stable` est la dernière version stable. | `stable` ou `dev` |
| série | Détails de construction complets, comprenant la version et le type de build: `version.buildType`. | `4.5.stable`, `4.5.1.dev3` |
## Exécution de ce service
Ce service est spécialement optimisé pour fonctionner dans le cadre d'un déploiement d'Assemblyline.
Si vous souhaitez tester ce service localement, vous pouvez exécuter l'image Docker directement à partir d'un terminal:
docker run \
--name ELFPARSER \
--env SERVICE_API_HOST=http://`ip addr show docker0 | grep "inet " | awk '{print $2}' | cut -f1 -d"/"`:5003 \
--network=host \
cccs/assemblyline-service-elfparser
Pour ajouter ce service à votre déploiement d'Assemblyline, suivez ceci
[guide](https://cybercentrecanada.github.io/assemblyline4_docs/fr/developer_manual/services/run_your_service/#add-the-container-to-your-deployment).
## Documentation
La documentation générale sur Assemblyline peut être consultée à l'adresse suivante: https://cybercentrecanada.github.io/assemblyline4_docs/