Welcome to Vault1337

Malware Storage and Static Analysis Platform

Vault1337 is a self-hosted malware analysis platform built for security researchers and analysts. It provides a secure repository for storing malware samples along with a suite of static analysis tools, all accessible through a modern React-based web interface backed by a Django REST API.

The project started as a hands-on learning exercise and has grown into a full-stack application with a Django 5 / Django REST Framework backend, JWT authentication, and a React 19 + TypeScript + Tailwind CSS frontend built with Vite. Security has been a core focus throughout development — the platform runs comfortably on a Raspberry Pi 5 via Gunicorn and NGINX in production.

Features
  • Upload samples by file or URL, or download directly from VirusTotal or Malware Bazaar by SHA256 hash
  • 10+ static analysis tools: Strings, LIEF Parser, Hex Viewer, PDF Parser, OLE Tools, ExifTool, IOC Extractor, YARA, Email Parser, Zip Extractor, QR Decode
  • YARA rules — create, edit and run rules against samples via a built-in editor
  • IOC tracking — extract and manage indicators of compromise linked to samples
  • IP reputation — query AbuseIPDB, Spur, and Shodan from a single interface
  • Tag-based organisation with full-text search
  • JWT-authenticated REST API with staff/user role separation
  • API key management for all third-party integrations

The platform ships as a Docker image for easy deployment, or can be installed manually on Ubuntu 24.04. Check the Documentation page for full setup instructions.

Source code is available at the Vault1337 GitHub Repository. Feel free to explore or open issues.

Created by DanDreadless


Vault1337