Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/intezer/linux-explorer

Easy-to-use live forensics toolbox for Linux endpoints
https://github.com/intezer/linux-explorer

Last synced: about 16 hours ago
JSON representation

Easy-to-use live forensics toolbox for Linux endpoints

Host: GitHub
URL: https://github.com/intezer/linux-explorer
Owner: intezer
License: apache-2.0
Archived: true
Created: 2017-11-26T12:51:38.000Z (almost 7 years ago)
Default Branch: master
Last Pushed: 2024-03-03T19:36:15.000Z (8 months ago)
Last Synced: 2024-03-04T20:01:05.357Z (8 months ago)
Language: HTML
Homepage:
Size: 1.69 MB
Stars: 405
Watchers: 45
Forks: 59
Open Issues: 2
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

ForensicsTools - Linux Expl0rer - Easy-to-use live forensics toolbox for Linux endpoints written in Python & Flask (Challenges / Live forensics)
awesome-forensics - Linux Expl0rer - Easy-to-use live forensics toolbox for Linux endpoints written in Python & Flask (Tools / Live Forensics)
Awesome-Forensics - Linux Expl0rer - Easy-to-use live forensics toolbox for Linux endpoints written in Python & Flask (Tools / Live Forensics)
awesome-hacking-lists - intezer/linux-explorer - Easy-to-use live forensics toolbox for Linux endpoints (HTML)

README

        # This project is no longer maintained!

# Linux Expl0rer

Easy-to-use live forensics toolbox for Linux endpoints written in Python & Flask.

![Alt Text](https://github.com/intezer/linux-explorer/raw/master/image.gif)

## Capabilities

### ps

* View full process list

* Inspect process memory map & fetch memory strings easly

* Dump process memory in one click

* Automatically search hash in public services

  * [VirusTotal](https://www.virustotal.com/#/home/upload)

  * [Intezer Analyze](https://analyze.intezer.com)

  * [AlienVault OTX](https://otx.alienvault.com/)

  * [MalShare](https://malshare.com/)

### users

* users list

### find

* Search for suspicious files by name/regex

### netstat

* Whois

### logs

* syslog

* auth.log(user authentication log)

* ufw.log(firewall log)

* bash history

### anti-rootkit

* chkrootkit

### yara

* Scan a file or directory using YARA signatures by @Neo23x0

* Scan a running process memory address space

* Upload your own YARA signature

  

## Requirements

* Python 3.6

## Installation

```sh

wget https://github.com/intezer/linux-explorer/archive/master.zip -O master.zip

unzip master.zip

cd linux-explorer-master

./deploy.sh

```

## Usage

1. Start your browser

```sh

firefox http://127.0.0.1:8080

```

## Configure API keys (optional)

```sh

nano config.py

```

Edit following lines:

```py

INTEZER_APIKEY = ''

VT_APIKEY = ''

OTX_APIKEY = ''

MALSHARE_APIKEY = ''

```

## Notes

* We recommend using NGINX [reverse proxy with basic http auth](https://www.nginx.com/resources/admin-guide/restricting-access-auth-basic/) & ssl for secure remote access

* Tested with Ubuntu 16.04

## Misc

* ["How to get a VirusTotal public API Key"](https://community.mcafee.com/docs/DOC-6456)

* ["To get an API Key for Intezer Analyze"](https://analyze.intezer.com/#/create-account)