https://github.com/demoorjasper/maltrail
A highly customisable intrusion detection system, with various built in lists(trails) for known attacks and attackers
https://github.com/demoorjasper/maltrail
malware monitoring network
Last synced: 8 months ago
JSON representation
A highly customisable intrusion detection system, with various built in lists(trails) for known attacks and attackers
- Host: GitHub
- URL: https://github.com/demoorjasper/maltrail
- Owner: DeMoorJasper
- License: mit
- Created: 2018-10-18T15:42:44.000Z (over 7 years ago)
- Default Branch: master
- Last Pushed: 2018-12-06T09:36:24.000Z (over 7 years ago)
- Last Synced: 2025-04-05T09:13:20.792Z (about 1 year ago)
- Topics: malware, monitoring, network
- Language: Python
- Homepage:
- Size: 9 MB
- Stars: 1
- Watchers: 1
- Forks: 1
- Open Issues: 7
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Maltrail, modified for easy extendability
This repo is a fork of [Maltrail](https://github.com/stamparm/Maltrail), this fork aims to create a more extendable, simplified, cleaner and advanced version of Maltrail.
This fork also includes a cleaner and more modern React/Node.js based web-api/dashboard for going through the logs.
# Getting started
## Installing Maltrail
```shell
git clone https://github.com/DeMoorJasper/maltrail.git
cd maltrail
```
## Setup sensor
### Installing dependencies
```shell
sudo apt-get install git python-pcapy
curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py && python get-pip.py
pip install impacket requests
```
### Running sensor
This command assumes you're inside the maltrail folder.
```shell
sudo python sensor.py
```
## Setup webserver
### Installing Node.js
First [Install nvm](https://github.com/creationix/nvm#installation).
Once that's finished install node 8 using `nvm install 8`.
### Install/Build webserver
This command assumes you're inside the maltrail folder and have node installed.
```shell
make build-webserver
```
### Running the webserver
This command assumes you're inside the maltrail folder and have node installed.
```shell
make run-webserver
```
# Documentation
For the basic functionality you can find some documentation in the original repo: [Maltrail](https://github.com/stamparm/Maltrail). However this is slightly outdated and this fork is lacking features that the original project had and vice versa.
For the plugin/trigger functionality there is no documentation at the moment other than the existing (example) plugins and triggers.
# Contributing
We welcome any contributor, especially on the plugin side.
The goal of this project is to be a powerful IDS out of the box that is super extendable so it can be used in more extensive research and practise.
If you're intrested known work and bugs are listed in the issues section. Feel free to check it out, ask questions and hopefully try to implement/fix it with a PR.
## License
This project is licensed under MIT.
Original Maltrail was written by [`@stamparm`](https://github.com/stamparm)
This fork is written/maintained by [`@DeMoorJasper`](https://github.com/DeMoorJasper)