|
1 | | -MultiScanner |
2 | | -============ |
3 | | -[](https://travis-ci.org/mitre/multiscanner) |
4 | | - |
5 | | -Introduction |
6 | | ------------- |
7 | | -MultiScanner is a file analysis framework that assists the user in evaluating a set |
8 | | -of files by automatically running a suite of tools for the user and aggregating the output. |
9 | | -Tools can be custom built python scripts, web APIs, software running on another machine, etc. |
10 | | -Tools are incorporated by creating modules that run in the MultiScanner framework. |
11 | | - |
12 | | -Modules are designed to be quickly written and easily incorporated into the framework. |
13 | | -Currently written and maintained modules are related to malware analytics, but the framework is not limited to that |
14 | | -scope. For a list of modules you can look in [modules](modules), descriptions and config |
15 | | -options can be found in [docs/modules.md](docs/modules.md) |
16 | | - |
17 | | -Requirements |
18 | | ------------- |
19 | | -Python 3.6 is recommended. Compatibility with 2.7+ and |
20 | | -3.4+ is supported but not as thoroughly maintained and tested. Please submit an issue |
21 | | -or a pull request fixing any issues found with other versions of Python. |
22 | | - |
23 | | - |
24 | | -An installer script is included in the project [install.sh](<install.sh>), which |
25 | | -installs the prerequisites on most systems. |
26 | | - |
27 | | -Installation |
28 | | ------------- |
29 | | -### MultiScanner ### |
30 | | -If you're running on a RedHat or Debian based linux distribution you should try and run |
31 | | -[install.sh](<install.sh>). Otherwise the required python packages are defined in |
32 | | -[requirements.txt](<requirements.txt>). |
33 | | - |
34 | | -MultiScanner must have a configuration file to run. Generate the MultiScanner default |
35 | | -configuration by running `python multiscanner.py init` after cloning the repository. |
36 | | -This command can be used to rewrite the configuration file to its default state or, |
37 | | -if new modules have been written, to add their configuration to the configuration |
38 | | -file. |
39 | | - |
40 | | -### Analytic Machine ### |
41 | | -Default modules have the option to be run locally or via SSH. The development team |
42 | | -runs MultiScanner on a Linux host and hosts the majority of analytical tools on |
43 | | -a separate Windows machine. The SSH server used in this environment is freeSSHd |
44 | | -from <http://www.freesshd.com/>. |
45 | | - |
46 | | -A network share accessible to both the MultiScanner and the Analytic Machines is |
47 | | -required for the multi-machine setup. Once configured, the network share path must |
48 | | -be identified in the configuration file, config.ini. To do this, set the `copyfilesto` |
49 | | -option under `[main]` to be the mount point on the system running MultiScanner. |
50 | | -Modules can have a `replacement path` option, which is the network share mount point |
51 | | -on the analytic machine. |
52 | | - |
53 | | -Module Writing |
54 | | --------------- |
55 | | -Modules are intended to be quickly written and incorporated into the framework. |
56 | | -A finished module must be placed in the modules folder before it can be used. The |
57 | | -configuration file does not need to be manually updated. See [docs/module\_writing.md](<docs/module_writing.md>) |
58 | | -for more information. |
59 | | - |
60 | | -Module Configuration |
61 | | --------------------- |
62 | | -Modules are configured within the configuration file, config.ini. See |
63 | | -[docs/modules.md](<docs/modules.md>) for more information. |
64 | | - |
65 | | -Python API |
66 | | ----------- |
67 | | -MultiScanner can be incorporated as a module in another projects. Below is a simple |
68 | | -example of how to import MultiScanner into a Python script. |
69 | | - |
70 | | -``` python |
71 | | -import multiscanner |
72 | | -output = multiscanner.multiscan(FileList) |
73 | | -Results = multiscanner.parse_reports(output, python=True) |
74 | | -``` |
75 | | - |
76 | | -Results is a dictionary object where each key is a filename of a scanned file. |
77 | | - |
78 | | -`multiscanner.config_init(filepath)` will create a default configuration file at |
79 | | -the location defined by filepath. |
80 | | - |
81 | | -Other Reading |
82 | | -------------- |
83 | | -For more information on module configuration or writing modules check the |
84 | | -[docs](<docs>) folder. |
| 1 | +MultiScanner |
| 2 | +============ |
| 3 | +[](https://travis-ci.org/mitre/multiscanner) |
| 4 | + |
| 5 | +Introduction |
| 6 | +------------ |
| 7 | +MultiScanner is a file analysis framework that assists the user in evaluating a set |
| 8 | +of files by automatically running a suite of tools for the user and aggregating the output. |
| 9 | +Tools can be custom built python scripts, web APIs, software running on another machine, etc. |
| 10 | +Tools are incorporated by creating modules that run in the MultiScanner framework. |
| 11 | + |
| 12 | +Modules are designed to be quickly written and easily incorporated into the framework. |
| 13 | +Currently written and maintained modules are related to malware analytics, but the framework is not limited to that |
| 14 | +scope. For a list of modules you can look in [modules](modules), descriptions and config |
| 15 | +options can be found in [docs/modules.md](docs/modules.md) |
| 16 | + |
| 17 | +Requirements |
| 18 | +------------ |
| 19 | +Python 3.6 is recommended. Compatibility with 2.7+ and |
| 20 | +3.4+ is supported but not as thoroughly maintained and tested. Please submit an issue |
| 21 | +or a pull request fixing any issues found with other versions of Python. |
| 22 | + |
| 23 | + |
| 24 | +An installer script is included in the project [install.sh](<install.sh>), which |
| 25 | +installs the prerequisites on most systems. |
| 26 | + |
| 27 | +Installation |
| 28 | +------------ |
| 29 | +### MultiScanner ### |
| 30 | +If you're running on a RedHat or Debian based linux distribution you should try and run |
| 31 | +[install.sh](<install.sh>). Otherwise the required python packages are defined in |
| 32 | +[requirements.txt](<requirements.txt>). |
| 33 | + |
| 34 | +MultiScanner must have a configuration file to run. Generate the MultiScanner default |
| 35 | +configuration by running `python multiscanner.py init` after cloning the repository. |
| 36 | +This command can be used to rewrite the configuration file to its default state or, |
| 37 | +if new modules have been written, to add their configuration to the configuration |
| 38 | +file. |
| 39 | + |
| 40 | +### Analytic Machine ### |
| 41 | +Default modules have the option to be run locally or via SSH. The development team |
| 42 | +runs MultiScanner on a Linux host and hosts the majority of analytical tools on |
| 43 | +a separate Windows machine. The SSH server used in this environment is freeSSHd |
| 44 | +from <http://www.freesshd.com/>. |
| 45 | + |
| 46 | +A network share accessible to both the MultiScanner and the Analytic Machines is |
| 47 | +required for the multi-machine setup. Once configured, the network share path must |
| 48 | +be identified in the configuration file, config.ini. To do this, set the `copyfilesto` |
| 49 | +option under `[main]` to be the mount point on the system running MultiScanner. |
| 50 | +Modules can have a `replacement path` option, which is the network share mount point |
| 51 | +on the analytic machine. |
| 52 | + |
| 53 | +Module Writing |
| 54 | +-------------- |
| 55 | +Modules are intended to be quickly written and incorporated into the framework. |
| 56 | +A finished module must be placed in the modules folder before it can be used. The |
| 57 | +configuration file does not need to be manually updated. See [docs/module\_writing.md](<docs/module_writing.md>) |
| 58 | +for more information. |
| 59 | + |
| 60 | +Module Configuration |
| 61 | +-------------------- |
| 62 | +Modules are configured within the configuration file, config.ini. See |
| 63 | +[docs/modules.md](<docs/modules.md>) for more information. |
| 64 | + |
| 65 | +Python API |
| 66 | +---------- |
| 67 | +MultiScanner can be incorporated as a module in another projects. Below is a simple |
| 68 | +example of how to import MultiScanner into a Python script. |
| 69 | + |
| 70 | +``` python |
| 71 | +import multiscanner |
| 72 | +output = multiscanner.multiscan(FileList) |
| 73 | +Results = multiscanner.parse_reports(output, python=True) |
| 74 | +``` |
| 75 | + |
| 76 | +Results is a dictionary object where each key is a filename of a scanned file. |
| 77 | + |
| 78 | +`multiscanner.config_init(filepath)` will create a default configuration file at |
| 79 | +the location defined by filepath. |
| 80 | + |
| 81 | +Distributed MultiScanner |
| 82 | +------------------------ |
| 83 | +MultiScanner is also part of a distributed, scalable file analysis framework, complete with distributed task management, web interface, REST API, and report storage. Please set [Distributed Multiscanner](<docs/distributed_multiscanner.md>) for more details. Additionally, we distribute a standalone Docker container with the base set of features (web UI, REST API, ElasticSearch node) as an introduction to the capabilities of this Distributed MultiScanner. See [here](<docs/docker_standalone.md>) for more details. (*Note*: this standalone container should not be used in production, it is simply a primer on what a full installation would look like). |
| 84 | + |
| 85 | +Other Reading |
| 86 | +------------- |
| 87 | +For more information on module configuration or writing modules check the |
| 88 | +[docs](<docs>) folder. |
0 commit comments