• Stars
    star
    446
  • Rank 97,888 (Top 2 %)
  • Language
    Python
  • License
    BSD 3-Clause "New...
  • Created almost 12 years ago
  • Updated over 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

USB key cleaner

CIRCLean

Chatroom

CIRCLean logo Cleaner in action

How To Install

Graphical how-to and pre-built image download.

To prepare the SD card on Windows, you can use Win32DiskImager. On linux/macOS, use dd (see the how-to link for instructions).

The current prebuilt image is based on the 1-11-17 release of Raspbian Jessie Lite. The smallest SD card that Circlean can fit on is currently 4GB.

If you'd like to contribute to the project or build the image yourself, see contributing.md and the setup instructions. This is a work in progress - contributions are welcome.

FAQ

Question: I can't login, what is the password?

Answer: For security reasons, it is not possible to login on the default image runinng CIRCLean/KittenGroomer (an attacker could exploit that functionality).

The only thing the default image does is booting, processing the content of the source key, copying over the files to the destination key, and finally shutting down.

Why/What

This project aims to be useful when you get/find a USB key that you can't trust, and you want to look at its contents without taking the risk of plugging it into your computer directly. The official project page can be found at [https://www.circl.lu/projects/CIRCLean/]

The Raspberry Pi Foundation has a blog post with more information about an older version of the project and details of the inspiration behind it.

CIRCLean is currently tested to work with USB keys that have FAT32, NTFS, exFAT or ext2/3/4 filesystems (ext* filesystems can only be used as source keys, not destination keys). The vast majority of USB keys will be FAT32, NTFS, and exFAT.

The content of the untrusted key will be copied or/and converted to the second (blank) key following these rules (based on the mime type as determined by libmagic):

  • Direct copy of:
    • Plain text files (mime type: text/*)
    • Audio files (mime type: audio/*)
    • Video files (mime type: video/*)
    • Example files (mime type: example/*)
    • Multipart files (mime type: multipart/*)
    • xml files, after being converted to text files
    • Octet-stream files
  • Copied after verification:
    • Image files after verifying that they are not compression bombs (mime type: image/*)
    • PDF files, after marking as dangerous if they contain malicious content
    • msword|vnd.openxmlformats-officedocument.*|vnd.ms-*|vnd.oasis.opendocument*, after parsing with oletools/olefile and marking as dangerous if the parsing fails.
  • Copied but marked as dangerous (DANGEROUS_filename_DANGEROUS)
    • Message files (mime type: message/*)
    • Model files (mime type: model/*)
    • x-dosexec (executable)
  • Compressed files (zip|x-rar|x-bzip2|x-lzip|x-lzma|x-lzop|x-xz|x-compress|x-gzip|x-tar|*compressed):
    • Archives are unpacked, with the unpacking process stopped after 2 levels of archives to prevent archive bombs.
    • The above rules are applied recursively to the unpacked files.

Usage

  1. Power off the device and unplug all connections.

  2. Plug the untrusted key in the top left USB slot of the Raspberry Pi.

  3. Plug your own key in the bottom USB slot (or use any of the other slots if there are more than 2).

    Note: This key should be bigger than the original one because any archives present on the source key will be expanded and copied.

  4. Optional: connect the HDMI cable to a screen to monitor the process.

  5. Connect the power to the micro USB port.

    Note: Use a 5V, 700mA+ regulated power supply

  6. Wait until you do not see any blinking green light on the board, or if you connected the HDMI cable, check the screen. The process is slow and can take 30-60 minutes depending on how many document conversions take place.

  7. Power off the device and disconnect the drives.

More Repositories

1

AIL-framework

AIL framework - Analysis Information Leak framework. Project moved to https://github.com/ail-project
Python
1,296
star
2

url-abuse

URL Abuse - A Versatile Software for URL review, analysis and black-list reporting
Python
140
star
3

bgp-ranking

BGP ranking is a free software to calculate the security ranking of Internet Service Provider (ASN).
Python
103
star
4

cve-portal

Common Vulnerabilities and Exposures - Portal
Python
82
star
5

potiron

Potiron - Normalize, Index and Visualize Network Capture
Python
82
star
6

PyPDNS

Client API to query any Passive DNS implementation following the Passive DNS - Common Output Format.
Python
74
star
7

factual-rules-generator

Factual-rules-generator is an open source project which aims to generate YARA rules about installed software from a machine.
Python
73
star
8

compliance

Legal, procedural and policies document templates for operating an IRT
63
star
9

douglas-quaid

Open source software for image correlation, distance and analysis
Python
61
star
10

PyCIRCLean

Python library used by CIRCLean (the USB sanitizer) and others
Python
48
star
11

IP-ASN-history

IP-ASN-history is a server software to store efficiently the history of BGP announces and quickly lookup IP addresses origins
Python
46
star
12

pcapdj

pcapdj - dispatch pcap files
C
45
star
13

carl-hauser

Open Source testing framework for image correlation, distance and analysis
Python
43
star
14

forensic-tools

CIRCL system forensic tools or a jumble of tools to support forensic
Python
41
star
15

yara-validator

Validates yara rules and tries to repair the broken ones.
Python
38
star
16

traceroute-circl

Traceroute improved wrapper for CSIRT and CERT operators
37
star
17

urlquery_python_api

Python API for URL Query
Python
34
star
18

vt-tools

Tools for VirusTotal
Python
34
star
19

IMAP-Proxy

Modular IMAP proxy (including PyCIRCLeanMail and MISP forward modules)
Python
26
star
20

PyEUPI

Client API to query the Phishing Initiative service API
Python
22
star
21

email-abuse

Email Abuse - A Versatile Software for Email review, analysis and reporting
Python
19
star
22

bgpranking-redis-api

API to access the Redis database of a BGP Ranking instance.
Python
17
star
23

PyRichHeader

A Python parser for Rich Headers
Python
14
star
24

pe32-cert-dump

Dump and parse embedded certificates from Windows binaries
Shell
11
star
25

volatility-misp

Volatility plugin to interface with MISP
Python
10
star
26

PyCIRCLeanMail

Standalone CIRCLean/KittenGroomer code to sanitize emails.
Python
10
star
27

pbtc

Passive Bitcoin Project
Go
10
star
28

factual-rules

Factual rules are YARA rules to find legitimate software on raw disk acquisition.
YARA
10
star
29

open-data-security

open-data-security description format is a simple JSON format to describe dataset released as open data by security researchers, security vendors or CSIRTs
9
star
30

lnf-tools

lnf-tools is a set of Perl, Python libraries and C code to analyze and process large set of Netflow records.
Python
8
star
31

hackathon

Website for hackathon.hack.lu - 0x04 virtual hackathon
CSS
7
star
32

misp-darwin

Improving human readability of MISP threat intelligence
6
star
33

PyACDC

Data clearing house API for the Advanced Cyber Defence Centre (ACDC).
Python
5
star
34

dma-frontend

Pre-pre-pre Beta DMA frontend
Less
5
star
35

hash-whitelist-lookup

Python
5
star
36

revoker

Revoke active sessions
Python
4
star
37

ODFCleaner

Python module to cleanup ODF files.
XSLT
4
star
38

pypretalx

Query Pretalx via the API.
Python
4
star
39

mpss-micmgmt

mpss-micmgmt v3.6.1 (Intel Xeon Phi Coprocessor) for Ubuntu LTS 14.04 Trusty
HTML
4
star
40

PasswordTest

Web application to test your password
PHP
4
star
41

libscif

libscif v3.6.1 (Intel Xeon Phi Coprocessor) for Ubuntu LTS 14.04 Trusty
C
3
star
42

circlean-pi-gen

Shell
3
star
43

ail-packer

Packer Scripts to generate AIL-framework VMs
Shell
3
star
44

elfinsight

Utility that collects and aggregates information on ELF files.
Python
2
star
45

orbit-agents

orbit-agents
2
star
46

mpss-modules

MPSS module v3.6.1 (Intel Xeon Phi Coprocessor), with patches for linux-3.19 on Ubuntu LTS 14.04 Trusty
C
2
star
47

mpss-daemon

mpss-daemon v3.6.1 (Intel Xeon Phi Coprocessor) for Ubuntu LTS 14.04 Trusty
C
1
star
48

pisax-website

pisax.org website
HTML
1
star
49

douglas-quaid-results

Results of Douglas-Quaid
Python
1
star
50

junk-ip-indexer

Experiments indexing with IP and related attributes
C++
1
star
51

douglas-quaid-tests

Tests files for douglas-quaid
1
star
52

TestCasesCIRClean

A bunch of files to test if CIRCLean works properly. Contains malicious documents.
1
star
53

miccheck

miccheck v3.6.1 (Intel Xeon Phi Coprocessor) for Ubuntu LTS 14.04 Trusty
Python
1
star
54

openpgp-keys-filterlists

OpenPGP keys filterlists maintained by CIRCL
1
star
55

miclib

miclib v3.6.1 (Intel Xeon Phi Coprocessor) for Ubuntu LTS 14.04 Trusty (extracted from mpss-micmgmt)
C++
1
star