MultiScanner – Modular file Scanning/Analysis Framework

MultiScanner is a distributed file analysis framework that assists the user in evaluating a set of files by automatically running a suite of tools and aggregating the output. Tools can be custom Python scripts, web APIs, software running on another machine, etc.

Tools are incorporated by creating modules that run in the framework.

MultiScanner - Modular file Scanning/Analysis Framework
MultiScanner – Modular file Scanning/Analysis Framework

The framework is intended to be used by security operations centers, malware analysis centers, and other organizations involved with cyber threat intelligence (CTI) sharing.

The tool may support manual malware analysis via modules that enable analyst interaction. For example, a module could be developed to allow an analyst to interact with IDA Pro to disassemble and analyze a binary file.

Malware analysis results can be enriched in support of CTI sharing objectives. In addition to data derived from analysis of submitted samples, other CTI sources can be integrated, such as TAXII feeds, commercial CTI providers (FireEye, Proofpoint, CrowdStrike, etc.), and closed-source CTI providers.

This is beside supporting distributed workflow for sample storage, analysis, and report viewing. This functionality includes a web interface, a REST API, a distributed file system (GlusterFS), distributed report storage / searching (Elasticsearch), and distributed task management (Celery / RabbitMQ)

You can read more and download this tool over here: https://github.com/mitre/multiscanner

Share
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments