Skip to content
/ rhino Public

Agile Sandbox for analyzing Windows, Linux and macOS malware and execution behaviors

License

Notifications You must be signed in to change notification settings

qeeqbox/rhino

Repository files navigation

Generic badge Generic badge Generic badge

Agile Sandbox for analyzing malware and execution behaviors. Customizable, Expandable and can be quickly altered during the analysis iteration. Inspired by the Rhinoceros and Agile methodology.

React Web Interface

Output

General Features

  • Customizable actions and settings
  • Actions are draggable, removable and editable
  • In-time actions tracker (failed, running or success)
  • Some actions work on both Linux and Windows (Auto-switching)
  • Task screen recording, input/output files and network traffic are included
  • Build and save tasks of each iteration
  • Overview stats for recent and old tasks
  • React interface and Flask API for easy integration
  • MongoDB and Redis searching statements (Find, Sort and Limit )
  • VMs are automatically terminated (prevents VMs from locking)
  • Setup, Initialize and Run the project using a Bash script
  • Project expands dynamically based on VM entries
  • Custom Remote control (Experimental, used to snapshot VMs)
  • Auto VMs mapping and switching
  • & More features to Explore

Roadmap

  • Continue implementing the rest of actions (Currently there are 10 out of 65 actions implemented)
  • Add import settings to the web interface
  • Add multi-submit tasks
  • Refactor the web interface

Easy installation!

On ubuntu 18 or 19 System (Auto-configure)

git clone https://github.com/qeeqbox/rhino.git
cd rhino
chmod +x ./run.sh
./run.sh auto_configure

The project interface http://localhost:5000/dashboard will open automatically after finishing the initialization process

On ubuntu 18 or 19 System (Auto-configure Dummy)

git clone https://github.com/qeeqbox/rhino.git
cd rhino
chmod +x ./run.sh
./run.sh auto_configure_dummy

The project interface http://localhost:5000/dashboard will open automatically after finishing the initialization process

On ubuntu 18 or 19 System (Manually)

git clone https://github.com/qeeqbox/rhino.git
cd rhino
chmod +x ./run.sh
./run.sh

Choose an option:
1) Setup requirements (docker, docker-compose and VirtualBox)
2) Initialize your VMs settings (VM name, snapshot, username and password)
3) Initialize dummy VMs settings (VM name, snapshot, username and password are dummy)
4) Setup the project
5) Start the project 
6) Exit the project and restore VMs on local
9) Auto-configure dummy project

Choose 1,2,4 then 5. Once you are done, close the project with ctr+c
open localhost:5000/dashboard

Resources

  • Linux documentation
  • React documentation
  • VirtualBox SDK
  • pyvbox and VirtualBox APIs
  • ionicons
  • llorentegerman
  • My old projects
  • Please let me know if i missed a resource or dependency

Other Licenses

By using this framework, you are accepting the license terms of each package listed below:

Disclaimer\Notes

  • Do not deploy without proper configuration
  • Setup some security group rules and remove default credentials

Other Projects