Linux Expl0rer
Easy-to-use live forensics toolbox for Linux endpoints written in Python & Flask.
Capabilities
ps
- View full process list
- Inspect process memory map & fetch memory strings easly
- Dump process memory in one click
- Automatically search hash in public services
users
- users list
find
- Search for suspicious files by name/regex
netstat
- Whois
logs
- syslog
- auth.log(user authentication log)
- ufw.log(firewall log)
- bash history
anti-rootkit
- chkrootkit
yara
- Scan a file or directory using YARA signatures by @Neo23x0
- Scan a running process memory address space
- Upload your own YARA signature
Requirements
- Python 3.6
Installation
wget https://github.com/intezer/linux-explorer/archive/master.zip -O master.zip
unzip master.zip
cd linux-explorer-master
./deploy.sh
Usage
- Start your browser
firefox http://127.0.0.1:8080
Configure API keys (optional)
nano config.py
Edit following lines:
INTEZER_APIKEY = '<key>'
VT_APIKEY = '<key>'
OTX_APIKEY = '<key>'
MALSHARE_APIKEY = '<key>'
Notes
- We recommend using NGINX reverse proxy with basic http auth & ssl for secure remote access
- Tested with Ubuntu 16.04