Easy-to-use live forensics toolbox for Linux endpoints written in Python & Flask.
- View full process list
- Inspect process memory map & fetch memory strings easly
- Dump process memory in one click
- Automatically search hash in public services
- users list
- Search for suspicious files by name/regex
- Whois
- syslog
- auth.log(user authentication log)
- ufw.log(firewall log)
- bash history
- chkrootkit
- Scan a file or directory using YARA signatures by @Neo23x0
- Scan a running process memory address space
- Upload your own YARA signature
- Python 3.6
wget https://github.com/intezer/linux-explorer/archive/master.zip -O master.zip
unzip master.zip
cd linux-explorer-master
./deploy.sh
- Start your browser
firefox http://127.0.0.1:8080
nano config.py
Edit following lines:
INTEZER_APIKEY = '<key>'
VT_APIKEY = '<key>'
OTX_APIKEY = '<key>'
MALSHARE_APIKEY = '<key>'
- We recommend using NGINX reverse proxy with basic http auth & ssl for secure remote access
- Tested with Ubuntu 16.04