Easy-to-use live forensics toolbox for Linux endpoints written in Python & Flask. Capabilities: - View full process list - Inspect process memory map & fetch memory strings easily - Dump process memory in one click - Automatically search hash in public services (VirusTotal, Intezer, Analyze AlienVault OTX, MalShare) - Users list find - Search for suspicious files by name/regex - netstat - Whois - Logs: syslog, auth.log (user authentication log), ufw.log (firewall log), bash history - Anti-rootkit chkrootkit - YARA: Scan a file or directory using YARA signatures by @Neo23x0, Scan a running process memory address space, Upload your own YARA signature Requirements: Python 3.6 Installation: - wget https://github.com/intezer/linux-explorer/archive/master.zip -O master.zip - unzip master.zip - cd linux-explorer-master - ./deploy.sh Usage: Start your browser firefox http://127.0.0.1:8080 Configure API keys (optional): - nano config.py - Edit following lines: INTEZER_APIKEY = '<key>', VT_APIKEY = '<key>', OTX_APIKEY = '<key>', MALSHARE_APIKEY = '<key>' Notes: We recommend using NGINX reverse proxy with basic http auth & ssl for secure remote access. Tested with Ubuntu 16.04 Misc: "How to"
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
A library and set of tools for accessing and analyzing storage media devices and partitions for forensic analysis and investigation.
A command-line tool for creating hex dumps, converting between binary and human-readable representations, and patching binary files.
An open source format for storing digital evidence and data, with a C/C++ library for creating, reading, and manipulating AFF4 images.
Free software for extracting Microsoft cabinet files, supporting all features and formats of Microsoft cabinet files and Windows CE installation files.
A library to access and read QEMU Copy-On-Write (QCOW) image file formats with support for zlib compression and AES-CBC encryption.
A library to access the Windows New Technology File System (NTFS) format with read-only support for NTFS versions 3.0 and 3.1.
A comprehensive incident response tool for Windows computers, providing advanced memory forensics and access to locked systems.
A library to access and parse Windows XML Event Log (EVTX) format, useful for digital forensics and incident response.
A digital artifact extraction framework for extracting data from volatile memory (RAM) samples, providing visibility into the runtime state of a system.
PINNED

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.