Shulou(Shulou.com)06/02 Report--

How to understand the MultiScanner modular document scanning and analysis framework, I believe that many inexperienced people do not know what to do. Therefore, this paper summarizes the causes and solutions of the problem. Through this article, I hope you can solve this problem.

MultiScanner introduction

MultiScanner is a powerful file analysis framework that helps users automate the analysis of a large number of file sets and aggregate the analysis results. MultiScanner** provides custom-built Python scripts, Web API, and several software tools that can be functional and merged in the form of modules in MultiScanner.

These modules allow developers to quickly complete custom configurations and easily integrate them into the framework. Currently, most of the modules written and maintained in this project are related to malware analysis, but the framework is not limited to this scope. For a list of modules, you can find them in modules/. The description and configuration options can be found on the Analysis Module page.

MultiScanner also supports distributed workflows, covering sample storage, analysis, report viewing, and so on. In addition, the framework also provides web interface, REST API, distributed file system (GlusterFS), distributed report storage / search (Elasticsearch) and distributed task management (celeri/RabbitMQ).

Tool use

MultiScanner can be used as a command line interface, Python API, and distributed system.

Command line form

First, install Python v2.7 or 3.4 commands, and then run the following command:

$git clone https://github.com/mitre/multiscanner.git$ cd multiscanner$ sudo-HE. / install.sh$ multiscanner init

The above command will generate a default configuration that allows users to view enabled modules in config.ini.

Now we can scan the target file with the following command, where the parameter is the path of the file to be scanned:

$multiscanner

Users can get all the command line options of MultiScanner using the following command:

$multiscanner-help

Note that if you are not using a Linux distribution such as RedHat or Debian, you need to use pip to complete the installation:

$pip install-r requirements.txtPython APIimport multiscannermultiscanner.config_init (filepath) output = multiscanner.multiscan (file_list) results = multiscanner.parse_reports (output, python=True) Web interface

First, install the latest version of Docker and Docker Compose:

$git clone https://github.com/mitre/multiscanner.git$ cd multiscanner$ docker-compose up tool configuration

Some users want to use the MultiScanner framework, Web UI and REST. We have specially built a separate Docker application. After simple environment configuration, the broad masses of users can easily use the MultiScanner framework:

$docker-compose up

The above command will build the necessary container components, and then run the following command:

Api_1 | * Running on http://0.0.0.0:8080/ (Press CTRL+C to quit)

After the installation is complete, wait for all the services to start running, and then the user can use the Web browser and access http://localhost:8000 to use MultiScanner.

Configuration parameters

MultiScanner and its modules can be configured through the configuration file config.ini. The following is a list of parameter configurations for MultiScanner:

Parameter description copyfilesto this parameter allows the script to copy each file to be scanned, which can be deleted or set to False to disable this feature. Group-types this parameter specifies an analysis type that groups the report into sections. You can remove it or set it to False to disable this feature. Storage-config storage configuration file path api-configAPI configuration file path web-configWeb UI configuration file path after reading the above, have you mastered how to understand the MultiScanner modular file scanning and analysis framework? If you want to learn more skills or want to know more about it, you are welcome to follow the industry information channel, thank you for reading!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.