Linux Expl0rer

Easy-to-use live forensics toolbox for Linux endpoints written in Python & Flask.

Capabilities

• ps: View full process list, inspect process memory map and fetch memory strings easily, dump process memory in one click, automatically search hashes in public services.
• users: List of users.
• find: Search for suspicious files by name/regex.
• netstat: Whois information.
• logs: Access to various log files (syslog, auth.log, ufw.log, bash history).
• anti-rootkit: Check for rootkits using chkrootkit.
• yara: Scan files or directories using YARA signatures and scan running process memory address space.

Requirements

• Python 3.6.

Installation

1. Download the master archive: wget https://github.com/intezer/linux-explorer/archive/master.zip -O master.zip
2. Unzip the archive: unzip master.zip
3. Change into the extracted directory: cd linux-explorer-master
4. Run the deployment script: ./deploy.sh

Usage

1. Start a web browser and navigate to http://127.0.0.1:8080.

Configuration (optional)

• Edit the config.py file using a text editor.
• Update the API key values for Intezer, VirusTotal, OTX, and MalShare.

Notes

• We recommend using NGINX as a reverse proxy with basic HTTP auth and SSL for secure remote access.
• Tested with Ubuntu 16.04.

Miscellaneous

• How to get a VirusTotal public API Key:
• How to get an API Key for Intezer Analyze:

> Visit linux explorer Website <