Easy-to-use live forensics toolbox for Linux endpoints written in Python & Flask.

• View full process list
• Inspect process memory map & fetch memory strings easly
• Dump process memory in one click
• Automatically search hash in public services
  • VirusTotal
  • Intezer Analyze
  • AlienVault OTX
  • MalShare

• users list

• Search for suspicious files by name/regex

• Whois

• syslog
• auth.log(user authentication log)
• ufw.log(firewall log)
• bash history

• chkrootkit

• Scan a file or directory using YARA signatures by @Neo23x0
• Scan a running process memory address space
• Upload your own YARA signature

• Python 3.6

wget https://github.com/intezer/linux-explorer/archive/master.zip -O master.zip
unzip master.zip
cd linux-explorer-master
./deploy.sh

1. Start your browser

firefox http://127.0.0.1:8080

nano config.py

Edit following lines:

INTEZER_APIKEY = '<key>'
VT_APIKEY = '<key>'
OTX_APIKEY = '<key>'
MALSHARE_APIKEY = '<key>'

• We recommend using NGINX reverse proxy with basic http auth & ssl for secure remote access
• Tested with Ubuntu 16.04

• "How to get a VirusTotal public API Key"
• "To get an API Key for Intezer Analyze"