MultiScanner

Introduction

MultiScanner is a file analysis framework that assists the user in evaluating a set
of files by automatically running a suite of tools for the user and aggregating the output.
Tools can be custom built Python scripts, web APIs, software running on another machine, etc.
Tools are incorporated by creating modules that run in the MultiScanner framework.

Modules are designed to be quickly written and easily incorporated into the framework.
Currently written and maintained modules are related to malware analytics, but the framework is not limited to that
scope. For a list of modules you can look in modules/. Descriptions and config
options can be found on the Analysis Modules page.

MultiScanner also supports a distributed workflow for sample storage, analysis, and
report viewing. This functionality includes a web interface, a REST API, a distributed
file system (GlusterFS), distributed report storage / searching (Elasticsearch), and
distributed task management (Celery / RabbitMQ). Please see Architecture for more details.

Usage

MultiScanner can be used as a command-line interface, a Python API, or a
distributed system with a web interface. See the documentation for more detailed
information on installation and usage.

Command-Line

Install Python (2.7 or 3.4+) if you haven't already.

Then run the following (substituting the actual file you want to scan for <file>):

$ git clone https://github.com/mitre/multiscanner.git
$ cd multiscanner
$ sudo -HE ./install.sh
$ multiscanner init

This will generate a default configuration for you. Check config.ini to see what
modules are enabled. See Configuration for more information.

Now you can scan a file (substituting the actual file you want to scan for <file>):

$ multiscanner <file>

You can run the following to get a list of all of MultiScanner's command-line options:

$ multiscanner --help

Note: If you are not on a RedHat or Debian based Linux distribution, instead of
running the install.sh script, install pip (if you haven't already) and run the
following:

$ pip install -r requirements.txt

Python API

import multiscanner
multiscanner.config_init(filepath)
output = multiscanner.multiscan(file_list)
results = multiscanner.parse_reports(output, python=True)

Web Interface

Install the latest versions of Docker
and Docker Compose if you haven't already.

$ git clone https://github.com/mitre/multiscanner.git
$ cd multiscanner
$ docker-compose up

You may have to wait a while until all the services are up and running, but then you
can use the web interface by going to http://localhost:8000 in your web browser.

Note: this should not be used in production; it is simply an introduction to what a
full installation would look like. See here for more details.

Documentation

For more information, see the full documentation on ReadTheDocs.

Name With Owner	mitre/multiscanner
Primary Language	Python
Program language	Python (Language Count: 5)
Platform
License:	Other

Created At	2015-04-13 14:58:48
Pushed At	2019-10-08 14:12:14
Last Commit At	2019-01-28 09:07:45
Release Count	7
Last Release Name	2.0.0 (Posted on )
First Release Name	1.0.0 (Posted on )

Stargazers Count	618
Watchers Count	59
Fork Count	126
Commits Count	1.6k
Has Issues Enabled
Issues Count	75
Issue Open Count	34
Pull Requests Count	122
Pull Requests Open Count	4
Pull Requests Close Count	10

Has Wiki Enabled
Is Archived
Is Fork
Is Locked
Is Mirror
Is Private

multiscanner

Github stars Tracking Chart