Malware Scope

Malware Scope is a modern, web-based tool for browsing, analyzing, and managing malware samples in a secure, containerized environment. Designed for malware researchers, analysts, and educators, it provides a fast and user-friendly interface to explore large malware collections, extract metadata, and perform static analysis with integrated tools.

Table of Contents

• Features
• Screenshots
• Quick Start
• Contributing

---

Features

• Fast File Browser
  Browse directories and files with breadcrumb navigation, folder hierarchy, and instant search.

• Live Search
  Filter files and folders instantly as you type, without reloading the page.

• Pagination
  Efficiently handles large collections with pagination (50 files per page).

• File Metadata
  Displays file type (using the file command), size, and custom descriptions.

• Integrated Static Analysis

  • Strings Extraction: View the output of the strings command in a popup.
  • DIEC Integration: Run DIE-engine (diec -du --verbose) on any file and view the formatted output in a popup.
  • Disassembly: Instantly disassemble any file using ndisasm -b 16 and view the result in a popup.

• Secure Download
  Download any file directly from the interface.

• Modern UI
  Responsive, dark-themed interface with sortable columns, styled popups, and SVG favicons/logos.

• Security

  • All user inputs are sanitized to prevent path traversal and command injection.
  • File access is restricted to the /var/www/malware directory.
  • Designed to run inside a Docker container for isolation.

• Footer with Author & Links
  Includes author credit, year, and links to GitHub and X (Twitter) with SVG icons.

---

Screenshots

---

Quick Start

Prerequisites

• Docker
• Docker Compose

1. Clone the Repository

git clone https://github.com/petikvx/malware-scope.git
cd malware-scope

2. Add Your Malware Samples

Place your samples in the malware/ directory (they will be mounted into the container at /var/www/malware).

3. Build and Run (recommended)

Use the included helper script which performs a safe cleanup of any previously-created containers/images (to avoid state-related bugs), builds fresh images and starts the stack in detached mode. The script will also attempt to open your browser to the web UI.

Run with Bash (recommended):

bash start.sh
# or make executable and run:
chmod +x start.sh
./start.sh

What start.sh does:

• Detects whether docker-compose or the new docker compose is available and uses it.
• Runs docker-compose down --rmi local --volumes --remove-orphans to stop and remove any previous stack built locally.
• Prunes dangling images and unused networks.
• Builds images with --no-cache and starts containers in detached mode.
• Prints a clickable URL (http://localhost:8080/) and tries to open it in your default browser (using xdg-open or open if available).

You can also run the compose commands manually if you prefer:

docker-compose build
docker-compose up -d
# follow logs
docker-compose logs -f

The app will be available at http://localhost:8080.

---

Usage

• Browse: Navigate folders and files using the sidebar and breadcrumbs.
• Search: Use the search bar at the top to filter files and folders instantly.
• Sort: Click on column headers to sort by name or size.
• Analyze:
  • Click Strings to view printable strings from a file.
  • Click DIEC to run DIE-engine static analysis.
  • Click Disassemble to view the output of ndisasm -b 16 for any file.
• Download: Click Download to retrieve any file.

---

Architecture

• Frontend:

  • HTML5, CSS3, and vanilla JavaScript for instant search and popups.
  • Responsive and accessible design.

• Backend:

  • PHP 8.0 (Apache)
  • All file operations and analysis are performed server-side for security.

• Containerization:

  • Runs in Docker for isolation.
  • Installs all dependencies, including binutils, nasm, and DIE-engine, at build time.

---

Security Notes

• All file and path inputs are sanitized to prevent directory traversal and command injection.
• Only files within /var/www/malware are accessible.
• For production or public deployment, consider adding authentication and HTTPS.

---

Customization

• Change the malware directory: Edit the $basePath variable in MalwareController.php.
• Add more analysis tools: Extend the Actions column and backend to integrate new static or dynamic analysis tools.
• UI tweaks & theme: src/views/explorer.php was updated to use Tailwind (via CDN) for easier styling, includes a dark/light theme toggle, sticky header and footer, centered/enlarged title, and improved popup styling for both light and dark modes. Feel free to edit the embedded <style> block or replace with a dedicated stylesheet.
• Start script: start.sh now performs a safe cleanup of previous compose stacks, rebuilds images with --no-cache and starts the stack in detached mode. It also attempts to open the web UI at http://localhost:8080/ and prints helpful follow-up commands (logs / down).

---

Author

• PetiK
  • GitHub
  • X (Twitter)

---

License

This project is for educational and research purposes.
Use responsibly and only with malware samples you are legally allowed to handle.

---

Contributing

Contributions are welcome! If you'd like to contribute to Malware Scope, please follow these steps:

1. Fork the repository.
2. Create a new branch (git checkout -b feature/your-feature-name).
3. Make your changes.
4. Commit your changes (git commit -am 'Add some feature').
5. Push to the branch (git push origin feature/your-feature-name).
6. Create a new Pull Request.

For bugs or feature requests, please open an issue here.