These are the tools that are available in the Vault1337 project
| Tool/Subtool | Description |
|---|---|
Strings- UTF-8
- Latin-1
- UTF-16
- UTF-32
- ASCII
|
Shows all strings from a sample using different encodings |
LIEF Parser- DOS Header
- Rich Header
- PE Header
- Engtrypoint
- Sections
- Imports
- Signature check
- Check Entropy
|
Utiliese the Lief-Project |
| Hex Viewer | Returns a hex view of a sample |
| PDF Parser | Utilises PyMuPDF to extract MetaData, URLs and PDF Content |
OLE Tools- OLEID
- OLEMETA
- OLEDUMP
- OLEVBA
- RTFOBJ
- OLEOBJ
|
Utilises OLE Tools to analyse Microsoft OLE2 samples |
| ExifTool | Requires ExifTool by Phil Harvey to display Exif data |
| IOC Extractor (work in progress) | This script extracts IOCs from a sample and populates the IOC database, linking to particular samples |
| Yara | Create, Edit and run Yara rules against samples |
Email Parser- Get Email Headers
- Get Email body
- Download Attachments
|
Work in progress script to analyse emails and download attachments into the vault for further analysis |
Zip Extractor (work in progress)- With/Without Password
|
Extract .zip and .7z files within the vault |
| Step | Instruction |
|---|---|
| Update your distro | sudo apt update && sudo apt upgrade -y |
| Install required dependancies | sudo apt-get install git exiftool python3-venv python3-pip yara |
| Download the vault - Clone the repository and make sure to take ownership of the files |
cd /var/www (or where ever you want it to live) |
| Create required folders |
mkdir -p vault/samples |
| python venv - Create a python virtual environment and install the requirements |
python3 -m venv env |
| Create SuperUser | python3 manage.py createsuperuser |
| Initialise database |
python3 manage.py makemigrations |
| Generate a new APP Key |
python3 -c 'from django.core.management.utils import get_random_secret_key; print(get_random_secret_key())' |
| Update your .env file with required API Keys |
nano .env |
| You're good to go! Run the app server |
python3 manage.py runserver |
| Step | Instruction |
|---|---|
| Update your distro | sudo apt update && sudo apt upgrade -y |
| Install required dependancies | sudo apt-get install git exiftool python3-venv python3-pip yara |
| Download the vault - Clone the repository and make sure to take ownership of the files |
cd /var/www (or where ever you want it to live) |
| Make the install script executable | chmod +x install.sh |
| Execute the script | ./install.sh |
| Update your .env file with required API Keys |
nano .env |
| You're good to go! |
source env/bin/activate |
The below are usesd to store samples, yara rules and static images
- mkdir -p vault/samples
- mkdir -p vault/yara-rules
- mkdir -p vault/static/images/media
- mv .env.sample .env
- python3 -m venv env creates a virtual environment named env.
- source env/bin/activate activates the virtual environment.
- The pip install -r requirements.txt command is wrapped in an if statement to check if it succeeds.
- If the command fails, it prints an error message and exits the script with a non-zero status.
- The python3 manage.py makemigrations and python3 manage.py migrate commands are also wrapped in an if statement to ensure they succeed.
- The python3 manage.py createsuperuser command is wrapped in an if statement to ensure it succeeds.
- The script generates a Django secret key using Python and displays it to the user.
| Step | Instruction |
|---|---|
| Install Docker | Check the docker website for official instructions |
| Pull the Image | docker pull vault1337/vault1337:latest |
| Run the Image | docker run -p 8000:8000 vault1337/vault1337 |
| login with the default credentials | ** YES I KNOW THIS IS BAD ** |
| CHANGE YOUR PASSWORD FROM THE DJANGO ADMIN AREA | http://localhost:8000/admin |
| Add API Keys | Click "Welcome, Admin" (top right) |
| You're ready to go! | Start safely statically analysing malware at http://localhost:8000 |