Offensive Sec Blog

Security of Information, Threat Intelligence, Hacking, Offensive Security, Pentest, Open Source, Hackers Tools, Leaks, Pr1v8, Premium Courses Free, etc

Tuesday, January 16, 2018

Easy-To-Use Live Forensics Toolbox For Linux Endpoints - Linux Expl0rer

           , , ,       No comments    





Easy-to-use live forensics toolbox for Linux endpoints written in Python & Flask.

 Capabilities

 ps
  • View full process list
  • Inspect process memory map & fetch memory strings easly
  • Dump process memory in one click
  • Automaticly search hash in public services

users
  • users list

 find
  • Search for suspicious files by name/regex

 netstat
  • Whois

 logs
  • syslog
  • auth.log(user authentication log)
  • ufw.log(firewall log)
  • bash history

 anti-rootkit
  • chkrootkit

 yara
  • Scan a file or directory using YARA signatures by @Neo23x0
  • Scan a running process memory address space
  • Upload your own YARA signature

 Requirements
  • Python 2.7
  • YARA
  • chkrootkit

 Installation
  1. Clone repository
git clone https://github.com/intezer/linux_expl0rer
  1. Install required packages
pip install -r requirements.txt
  1. Setup VT/OTX api keys
nano config.py
Edit following lines:
VT_APIKEY = '<key>'
OTX_APIKEY = '<key>'
  1. Install YARA
sudo apt-get install yara
  1. Install chkrootkit
sudo apt-get install chkrootkit

 Start Linux Expl0rer server
sudo python linux_explorer.py

 Usage
  1. Start your browser
firefox http://127.0.0.1:8080
  1. do stuff

 Notes


Share:

0 comentários:

Post a Comment

Note: Only a member of this blog may post a comment.

Copyright © Offensive Sec Blog | Powered by OffensiveSec
Design by OffSec | Theme by Nasa Records | Distributed By Pirate Edition