Malware Analysis and Storage System
Introduction
The Malware Analysis and Storage System (MASS) is a joint research project by the Communication and Network Systems Group @ University of Bonn and Fraunhofer FKIE. The goal of our project is to create a flexible and reusable platform for malware analysis which empowers collaboration between malware researchers.
The MASS server contains a database of all submitted malware samples and all the gathered analysis data. Analysis systems are connected to the MASS server and automatically receive new samples in order to execute an analysis. Researchers can obtain the analysis results via the MASS web interface or the REST API.
MASS is free and open source software licensed under the terms of the MIT license. Other researchers are invited to contribute to the MASS development!
Prerequisites
- Python 3: MASS is developed for Python 3. It may also run with Python 2, but we do not test this and we will not fix any bug which only arises in a Python 2 setup. In the following guide we assume that Python 3 is your system default. If it is not, please adjust the given commands according to your setup.
- MongoDB: MASS uses MongoDB to store samples, reports and all metadata. Please install the latest available version of MongoDB from the package repository of your distribution. We develop and test MASS with the most recent stable release of MongoDB. Thus if you run into any trouble, make sure that your MongoDB is up to date and update if necessary.
-
Python development headers and build environment: In order to build and install necessary Python dependencies, you may need some extra software. On a Debian/Ubuntu system this is usually achieved by
apt-get install python-dev build-essential
. On a Red Hat/Fedora system, tryyum install gcc python-devel
. Please refer to the documentation of your distribution for additional details. - ssdeep: MASS uses ssdeep to create fuzzy hashes of file samples. To install the Python ssdeep wrapper, you may need some extra software. Please refer to the python-ssdeep documentation for additional details.
Installation
git clone git@github.com:mass-project/mass_server.git && cd mass_server
git submodule init && git submodule update
- Install Python dependencies using a)
./make_venv.sh
to build a virtual environment, or b)pip install -r requirements.txt
to install the necessarry packages directly to your Python 3 installation. If any error is reported, make sure you have followed the Prerequisites section closely.
Startup in development mode
- Change to the MASS server directory
- If you have created a virtual enviroment, run
source venv_mass/bin/activate
to activate it. - Run
python mass_server_flask.py
to start up the MASS server in development mode. If any error is reported, make sure you have followed the Prerequisites section closely.
Documentation
Coming soon!
License
MASS is licensed under the terms of the MIT license. For additional details, please take a look at the LICENSE
file.