Overview and current features¶
What is Freki?¶
Freki is a free and open-source malware analysis platform. It was built to facilitate malware analysis and reverse engineering.
It also provides a REST API, so you can query and use it in different projects.
The current version supports the following features:
- Hash extraction
MD5, SHA-1, SHA-256, SHA-384, SHA-512, CRC32, and SSDEEP.
- VirusTotal API queries
- Static analysis of PE samples
Headers, sections, imports, capabilities, and strings.
Pattern matching with Yara
- User management
Account creation for sample submissions and API usage.
- Community comments
Users can comment and discuss about samples.
- Download samples
All samples are available for free.
Who can use it?¶
Anyone who wants a malware analysis tool running locally or publicly. You can use it with a small group of friends or make your instance available to all world.
What is the difference to VirusTotal?¶
Although VirusTotal and is a great tool for analyzing different files, it has some limitations. For example, you need to pay for downloading samples.
Another great tool is MalwareBazaar, since it fills some limitations of VirusTotal. However, you can not run it on your private machine or add new features.
It is worth noting that Freki is not a replacement of these tools (only if you want), but a collaborative alternative that was very inspired by them.
How can I have my own instance?¶
Running Freki is very easy, you can do it via Docker or installing everything by hand. Please check the administrator documentation for more details.
Freki currently uses the following technology to get everything running:
Bootstrap: for easy and responsive interface development
Python: main programming language
Flask: lightweight web application framework
SQLAlchemy: Python SQL toolkit
Gunicorn: Python WSGI HTTP Server
VirusTotal API: for querying the detection reports
Yara: for pattern matching
pefile: to parse information about PE files
capa: to identify capabilities in PE files
You can check all Python requirements here.