The flask app accepts IOC (Indicator of Compromise), PCAP (Network Traffic), File in the respective tab and can process the input.
The tab accepts any type of IOC and then submits the IOC on the bases of type to the desired engines which include VirusTotal, Hybrid Analysis, Abuse IP, MalShare, URLScan, Valhalla
The tab accepts a network traffic capture file with the extension of .pcap,
- Extract IPs from PCAP
- Extract Public IPs from PCAP
- Extract URLs from PCAP
- Get the network traffic graph between data (bytes) and time
- Submit the IPs to the desired engines which include VirusTotal, Abuse IP, URLScan
The tab accepts any type of file,
- Extract file strings
- Extract PE information, if file is a valid PE
- Submit the sha256 of file to the desired engines which include VirusTotal, Hybrid Analysis, Abuse IP, MalShare, URLScan, Valhalla
Python3.6+
pip install -r requirements.txt
-
You can get the API keys from the sites and then add the api keys in:
/common/apiKeys.py
If no keys are present then the submission into the engines will not take place.
-
After this you can modify the
config.ini, if you want to change the sever host and port. Default is set tolocalhost:5002 -
Now run the invoker script to start the flask app,
python invoker.py
Any kind of contributions are welcome
- Fork the project
- Commit your changes
- Open a pull request