Freki is a free and open-source malware analysis platform. It was built to facilitate malware analysis and reverse engineering.
It also provides a REST API, so you can query and use it in different projects.
Features
The current version supports the following features:
- Hash extraction
- MD5, SHA-1, SHA-256, SHA-384, SHA-512, CRC32, and SSDEEP.
- VirusTotal API queries
- AV results.
- Static analysis of PE samples
- Headers, sections, imports, capabilities, and strings.
- Pattern matching with Yara
- User management
- Account creation for sample submissions and API usage.
- Community comments
- Users can comment and discuss about samples.
- Download samples
- All samples are available for free.
Who can use it?
Anyone who wants a malware analysis tool running locally or publicly. You can use it with a small group of friends or make your instance available to all world.
What is the difference to VirusTotal?
Although VirusTotal and is a great tool for analyzing different files, it has some limitations. For example, you need to pay for downloading samples.
Another great tool is MalwareBazaar, since it fills some limitations of VirusTotal. However, you can not run it on your private machine or add new features.
It is worth noting that Freki is not a replacement of these tools (only if you want), but a collaborative alternative that was very inspired by them.
Step by step installation
The easy way: Docker
- Install Docker and Docker Compose.
- Edit the .env file.
- If you are going to use it in production, edit freki.conf to enable HTTPS.
- Run
docker-compose up
ormake
.
Other ways
Install packages
Ubuntu/Debian
$ sudo apt install -y \
git python3 python3-dev python3-pip python3-mysqldb \
python3-setuptools python3-virtualenv \
automake libfuzzy-dev libssl-dev \
libffi-dev mariadb-server libmariadbclient-dev
Create a database user for Freki
$ sudo mysql_secure_installation
$ sudo mysql -u root -p
mysql> CREATE USER 'freki'@'localhost' IDENTIFIED BY 'yourpassword';
mysql> GRANT ALL PRIVILEGES ON * . * TO 'freki'@'localhost';
mysql> FLUSH PRIVILEGES;
mysql> exit
Create a folder to store the uploaded samples
$ sudo mkdir /opt/freki
$ sudo chown -R youruser:usergroup /opt/freki
Clone Freki’s latest version
git clone https://github.com/crhenr/freki.git
Create and start a new virtualenv
$ cd freki/freki
$ virtualenv venv
$ source venv/bin/activate
Install the Python requirements
(venv) $ pip3 install -r requirements.txt
Export the required environment variables
(venv) $ export FREKI_MYSQL_HOST="localhost"
(venv) $ export FREKI_MYSQL_PASSWORD="yourpassword"
(venv) $ export FREKI_SECRET_KEY="yoursecretkey"
Run Freki!
(venv) $ python3 run.py
or,
(venv) $ gunicorn --bind 0.0.0.0:5000 run:app
freki (this link opens in a new window) by crhenr (this link opens in a new window)
:wolf: Malware analysis platform