image
MultiScanner is a file analysis framework that assists the user in evaluating a set of files by automatically running a suite of tools for the user and aggregating the output. Tools can be custom built Python scripts, web APIs, software running on another machine, etc. Tools are incorporated by creating modules that run in the MultiScanner framework. Modules are designed to be quickly written and easily incorporated into the framework. Currently written and maintained modules are related to malware analytics, but the framework is not limited to that scope. For a list of modules you can look in modules/ . Descriptions and config options can be found on the Analysis Modules page. MultiScanner also supports a distributed workflow for sample storage, analysis, and report viewing. This functionality includes a web interface, a REST API, a distributed file system (GlusterFS), distributed report storage / searching (Elasticsearch), and distributed task management (Celery / RabbitMQ). Please see Architecture for more details. Usage MultiScanner can be used as a command-line interface, a Python API, or a distributed system with a web interface. See the documentation for more detailed information on installation and usage . Command-Line Install Python (2.7 or 3.4+) if you haven't already. Then run the following (substituting the actual file you want to scan for <file> ): $ git clone https://github.com/mitre/multiscanner.git $ cd multiscanner $ sudo…