Linux Expl0rer – Forensics Toolbox – Installation & Configuration

Download Link

Capabilities

ps

·         View full process list

·         Inspect process memory map & fetch memory strings easly

·         Dump process memory in one click

·         Automaticly search hash in public services

·         VirusTotal

·         AlienVault OTX

users

·         users list

find

·         Search for suspicious files by name/regex

netstat

·         Whois

logs

·         syslog

·         auth.log(user authentication log)

·         ufw.log(firewall log)

·         bash history

anti-rootkit

·         chkrootkit

yara

·         Scan a file or directory using YARA signatures by @Neo23x0

·         Scan a running process memory address space

·         Upload your own YARA signature

Requirements

·         Python 2.7

·         YARA

·         chkrootkit

Installation

1.     Clone repository

git clone https://github.com/intezer/linux_expl0rer

2.     Install required packages

pip install -r requirements.txt

3.     Setup VT/OTX api keys

nano config.py

Edit following lines:

VT_APIKEY = '<key>'

OTX_APIKEY = '<key>'

4.     Install YARA

sudo apt-get install yara

5.     Install chkrootkit

sudo apt-get install chkrootkit

Start Linux Expl0rer server

sudo python linux_explorer.py

Usage

1.     Start your browser

firefox http://127.0.0.1:8080

2.     do stuff

Notes

·         We recommend using NGINX reverse proxy with basic http auth & ssl for secure remote access

·         Tested with Ubuntu 16.04