Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/intezer/linux-explorer
Easy-to-use live forensics toolbox for Linux endpoints
https://github.com/intezer/linux-explorer
Last synced: about 1 month ago
JSON representation
Easy-to-use live forensics toolbox for Linux endpoints
- Host: GitHub
- URL: https://github.com/intezer/linux-explorer
- Owner: intezer
- License: apache-2.0
- Archived: true
- Created: 2017-11-26T12:51:38.000Z (about 7 years ago)
- Default Branch: master
- Last Pushed: 2024-03-03T19:36:15.000Z (9 months ago)
- Last Synced: 2024-03-04T20:01:05.357Z (9 months ago)
- Language: HTML
- Homepage:
- Size: 1.69 MB
- Stars: 405
- Watchers: 45
- Forks: 59
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- ForensicsTools - Linux Expl0rer - Easy-to-use live forensics toolbox for Linux endpoints written in Python & Flask (Challenges / Live forensics)
- awesome-forensics - Linux Expl0rer - Easy-to-use live forensics toolbox for Linux endpoints written in Python & Flask (Tools / Live Forensics)
- Awesome-Forensics - Linux Expl0rer - Easy-to-use live forensics toolbox for Linux endpoints written in Python & Flask (Tools / Live Forensics)
- awesome-hacking-lists - intezer/linux-explorer - Easy-to-use live forensics toolbox for Linux endpoints (HTML)
README
# This project is no longer maintained!
# Linux Expl0rer
Easy-to-use live forensics toolbox for Linux endpoints written in Python & Flask.![Alt Text](https://github.com/intezer/linux-explorer/raw/master/image.gif)
## Capabilities
### ps
* View full process list
* Inspect process memory map & fetch memory strings easly
* Dump process memory in one click
* Automatically search hash in public services
* [VirusTotal](https://www.virustotal.com/#/home/upload)
* [Intezer Analyze](https://analyze.intezer.com)
* [AlienVault OTX](https://otx.alienvault.com/)
* [MalShare](https://malshare.com/)
### users
* users list
### find
* Search for suspicious files by name/regex
### netstat
* Whois
### logs
* syslog
* auth.log(user authentication log)
* ufw.log(firewall log)
* bash history
### anti-rootkit
* chkrootkit
### yara
* Scan a file or directory using YARA signatures by @Neo23x0
* Scan a running process memory address space
* Upload your own YARA signature
## Requirements
* Python 3.6## Installation
```sh
wget https://github.com/intezer/linux-explorer/archive/master.zip -O master.zip
unzip master.zip
cd linux-explorer-master
./deploy.sh
```## Usage
1. Start your browser
```sh
firefox http://127.0.0.1:8080
```## Configure API keys (optional)
```sh
nano config.py
```
Edit following lines:
```py
INTEZER_APIKEY = ''
VT_APIKEY = ''
OTX_APIKEY = ''
MALSHARE_APIKEY = ''
```## Notes
* We recommend using NGINX [reverse proxy with basic http auth](https://www.nginx.com/resources/admin-guide/restricting-access-auth-basic/) & ssl for secure remote access
* Tested with Ubuntu 16.04## Misc
* ["How to get a VirusTotal public API Key"](https://community.mcafee.com/docs/DOC-6456)
* ["To get an API Key for Intezer Analyze"](https://analyze.intezer.com/#/create-account)