Nytro Posted October 1, 2014 Report Share Posted October 1, 2014 [h=1]Malcom - Malware Communication Analyzer[/h] Malcom is a tool designed to analyze a system's network communication using graphical representations of network traffic. This comes handy when analyzing how certain malware species try to communicate with the outside world. Malcom can help you: detect central command and control (C&C) serversunderstand peer-to-peer networksobserve DNS fast-flux infrastructuresquickly determine if a network artifact is 'known-bad'The aim of Malcom is to make malware analysis and intel gathering faster by providing a human-readable version of network traffic originating from a given host or network. Convert network traffic information to actionable intelligence faster. Check the wiki for a Quickstart with some nice screenshots and a tutorial on how to add your own feeds. Graph for the host tomchop.me. [h=2]Quick how-to[/h] InstallElevate your privileges to root (yeah, I know, see disclaimer)Start the webserver with ./malcom.py (or see options with ./malcom.py --help) ** Default port is 8080To have a dedicated process for analytics, run ./malcom.py --analyticsTo have a process dedicated to feeding, run ./malcom.py --feeds ** Alternatively, run the feeds from celery. See the feeds section for details on how to to this.Sursa: https://github.com/tomchop/malcom Quote Link to comment Share on other sites More sharing options...
