Freki Open-Source Malware Analysis Platform
Freki Open-Source Malware Analysis Platform

Freki: Open-Source Malware Analysis Platform

Freki is a free and open-source malware analysis platform. It was built to facilitate malware analysis and reverse engineering.

It also provides a REST API, so you can query and use it in different projects.

Demo for Freki
Demo for Freki

Features

The current version supports the following features:

  • Hash extraction
    • MD5, SHA-1, SHA-256, SHA-384, SHA-512, CRC32, and SSDEEP.
  • VirusTotal API queries
    • AV results.
  • Static analysis of PE samples
    • Headers, sections, imports, capabilities, and strings.
  • Pattern matching with Yara
  • User management
    • Account creation for sample submissions and API usage.
  • Community comments
    • Users can comment and discuss about samples.
  • Download samples
    • All samples are available for free.

Who can use it?

Anyone who wants a malware analysis tool running locally or publicly. You can use it with a small group of friends or make your instance available to all world.

"
"

What is the difference to VirusTotal?

Although VirusTotal and is a great tool for analyzing different files, it has some limitations. For example, you need to pay for downloading samples.

Another great tool is MalwareBazaar, since it fills some limitations of VirusTotal. However, you can not run it on your private machine or add new features.

It is worth noting that Freki is not a replacement of these tools (only if you want), but a collaborative alternative that was very inspired by them.

Step by step installation

The easy way: Docker

  1. Install Docker and Docker Compose.
  2. Edit the .env file.
  3. If you are going to use it in production, edit freki.conf to enable HTTPS.
  4. Run docker-compose up or make.

Other ways

Install packages

Ubuntu/Debian

$ sudo apt install -y \
git python3 python3-dev python3-pip python3-mysqldb \
python3-setuptools python3-virtualenv \
automake libfuzzy-dev libssl-dev \
libffi-dev mariadb-server libmariadbclient-dev

Create a database user for Freki

$ sudo mysql_secure_installation
$ sudo mysql -u root -p

mysql> CREATE USER 'freki'@'localhost' IDENTIFIED BY 'yourpassword';
mysql> GRANT ALL PRIVILEGES ON * . * TO 'freki'@'localhost';
mysql> FLUSH PRIVILEGES;
mysql> exit

Create a folder to store the uploaded samples

$ sudo mkdir /opt/freki
$ sudo chown -R youruser:usergroup /opt/freki

Clone Freki’s latest version

git clone https://github.com/crhenr/freki.git

Create and start a new virtualenv

"
"
$ cd freki/freki
$ virtualenv venv
$ source venv/bin/activate

Install the Python requirements

(venv) $ pip3 install -r requirements.txt

Export the required environment variables

(venv) $ export FREKI_MYSQL_HOST="localhost"
(venv) $ export FREKI_MYSQL_PASSWORD="yourpassword"
(venv) $ export FREKI_SECRET_KEY="yoursecretkey"

Run Freki!

(venv) $ python3 run.py

or,

(venv) $ gunicorn --bind 0.0.0.0:5000 run:app