Vault1337 is an open-source static malware analysis platform and repository to organise and categorize malware samples. The platform has been designed for researchers, educators, and security enthusiasts.

Firstly, I would like to shout out the Viper-Framework which has been the main inspiration / motivation for this project.

Secondly, I'm still learning so please don't harras me for my poor coding skills! yes, I am asking LLMs for help and so should you! - (SNYK backup to help reduce vulnerable code from LLMs)

Vault1337 is being built using the Django framework (5.1.4) to enable me to create a repository for malware and utilise Python3 to perform static analysis on samples.

Currently being developed on Windows but it is likely this will be better suited to run on Linx rather than Windows in order to take advantage of Linux static analysis capabilities ** Update ** I do have this running nicely on my Raspberry PI 5 with SSD board. Served via Gunicorn/NGINX

Documentation is a work in progress but can be found at Vault1337.com

This project is licensed under the GNU Affero General Public License (AGPL-3.0). This ensures that:

• You are free to use, modify, and share this software as long as you comply with the terms of the AGPL-3.0.
• If you deploy this software on a server, you must make the source code, including any modifications, available to your users under the same license.

The full text of the AGPL-3.0 license is available in the LICENSE file.

Vault1337 is open-source software, but we recognize that businesses may want to use it without adhering to the AGPL's strict copyleft requirements (e.g., making modifications publicly available). To accommodate such use cases, we offer a commercial license at a fair price.

1. Use Vault1337 in proprietary environments without the need to open-source your modifications.
2. Support the continued development and maintenance of the project.

The commercial license is available for a one-time fee. Pricing is tailored to the size and needs of your organization. Contact me for details.

If your organization is interested in obtaining a commercial license, please reach out to me at:

LinkedIn: - www.linkedin.com/in/dan-pickering

Even if you don’t require a commercial license, consider supporting the project through donations or sponsorship. Your contributions help us improve Vault1337 and keep it free for the open-source community.

Thank you for using Vault1337!

• Learn Django (ongoing)
• Create documentation (ongoign)
• Investigate potential security issues (ongoing with SNYK VSCode Plugin)
• Move URL function to workbench
• IOC extractor to populate the ioc tab for sample (in progress)
• Import sample from Virus Total - requires premium account (sad face)
• Add yara functionality (in progress)
• Generate FUZZY hashes for samples
• Tidy up code it is a bit of a mess
• create tabels for tags, notes and IOCs and make them relational
  • Tags
  • Notes
  • IOCs
• Add check for the existence of the "samples" folder and create if not there
• Telegram token analysis
• IP Reputation revamp - Drop SPUR as it isn't a free API

• MS document analysis - IN PROGRESS (oletools)
• PDF document analysis - IN PROGRESS
• Email analysis including reputation check - IN PROGRESS
  • Get Email Headers
  • Get Email Body
  • Extract Attachment (Check if this works for multiple attachments)
  • Extract URLs
• Note taking feature for notes tab
• File Unzipper
  • Single file extraction
  • Multiple file extraction
• unpacker
• config extractor
• run custom script against sample (potentially dangerous, consider running inside of docker)
• Sandbox integration
• Virus Total passive checks
• Some sort of AV scan
• Flare-Floss
• AI to help describe script behaviour etc
• integrate Javascript deobfuscation (https://github.com/ben-sb/obfuscator-io-deobfuscator)

• Create basic "Strings" tool to run against samples and display the output
• Hex viewer
• LIEF - Python library integration
• EXIF data - Requires local install of ExifTool by Phil Harvey
• IOC extractor (regex needs some work)
• Ability to run YARA scripts against samples (still neeeds work but a good start)
• Email parser (headers and content need to add attachment extraction)

• Add tags cloud under vault table that are clickable for filtering
• Create "Actions" dropdown in vault table
• Get tags working properly so they are searchable (Django-Taggit)
• Create initial database
• Create user registration form
• Create initial templates
• Create vault page
• Creat sample view page
• Add samples to vault via file upload form
• Add archive samples and unzip via upload form - STILL NEEDS WORK
• Delete samples from the vault
• Add URLs to vault
• Download files from URLs
• Run on home Raspberry PI 5
• Add Virus Total link from samples
• Import sample from Malware Bazaar
• IP Reputation lookup
• Upgrade to Django 5.1 and run tests
• Limit the number of visible rows in the Vault table adding page numbers
• Dark mode (There is no Light mode)
• Docker version Available
• Tested on Raspberry Pi5 running NGINX and GUNICORN
• Sample view to have sha256 in url rather than database id

Head over to the Documentation site for the latest install instructions Vault1337.com