Overview and current features

What is Freki?

Freki is a free and open-source malware analysis platform. It was built to facilitate malware analysis and reverse engineering.

It also provides a REST API, so you can query and use it in different projects.

Features

The current version supports the following features:

• Hash extraction

  • MD5, SHA-1, SHA-256, SHA-384, SHA-512, CRC32, and SSDEEP.

• VirusTotal API queries

  • AV results.

• Static analysis of PE samples

  • Headers, sections, imports, capabilities, and strings.

• Pattern matching with Yara

• User management

  • Account creation for sample submissions and API usage.

• Community comments

  • Users can comment and discuss about samples.

• Download samples

  • All samples are available for free.

Who can use it?

Anyone who wants a malware analysis tool running locally or publicly. You can use it with a small group of friends or make your instance available to all world.

What is the difference to VirusTotal?

Although VirusTotal and is a great tool for analyzing different files, it has some limitations. For example, you need to pay for downloading samples.

Another great tool is MalwareBazaar, since it fills some limitations of VirusTotal. However, you can not run it on your private machine or add new features.

It is worth noting that Freki is not a replacement of these tools (only if you want), but a collaborative alternative that was very inspired by them.

How can I have my own instance?

Running Freki is very easy, you can do it via Docker or installing everything by hand. Please check the administrator documentation for more details.

Technology

Freki currently uses the following technology to get everything running:

• Front-end

  • Bootstrap: for easy and responsive interface development

• Back-end

  • Python: main programming language

  • Flask: lightweight web application framework

  • SQLAlchemy: Python SQL toolkit

  • Gunicorn: Python WSGI HTTP Server

  • VirusTotal API: for querying the detection reports

  • Yara: for pattern matching

  • pefile: to parse information about PE files

  • capa: to identify capabilities in PE files

• Infrastructure

  • Docker: for easy deployment through containers

  • Nginx: preferred web server

  • MariaDB: for storing information about samples

You can check all Python requirements here.

Screenshots

Home page

Sign up page

Analysis page: General information

Analysis page: VirusTotal detection

Analysis page: Static analysis

Analysis page: Static analysis

Analysis page: Static analysis

Community comments

Profile page