freki: Malware analysis platform

by ddos · Published · Updated

freki

Freki is a free and open-source malware analysis platform.

Goals

  1. Facilitate malware analysis and reverse engineering;
  2. Provide an easy-to-use REST API for different projects;
  3. Easy deployment (via Docker);
  4. Allow the addition of new features by the community.

Current features

  • Hash extraction.
  • VirusTotal API queries.
  • Static analysis of PE files (headers, sections, imports, capabilities, and strings).
  • Pattern matching with Yara.
  • Web interface and REST API.
  • User management.
  • Community comments.
  • Download samples.

Technology

Freki currently uses the following technology to get everything running:

  • Front-end
    • Bootstrap: for easy and responsive interface development
  • Back-end
    • Python: main programming language
    • Flask: lightweight web application framework
    • SQLAlchemy: Python SQL toolkit
    • Gunicorn: Python WSGI HTTP Server
    • VirusTotal API: for querying the detection reports
    • Yara: for pattern matching
    • pefile: to parse information about PE files
    • capa: to identify capabilities in PE files
  • Infrastructure
    • Docker: for easy deployment through containers
    • Nginx: a preferred web server
    • MariaDB: for storing information about samples

Install & Use

Copyright (C) 2020 crhenr

Tags: Malware analysis platform