A simple yet powerful web-based explorer for navigating, analyzing, and downloading malware samples from your own archive, ready to deploy with Docker.

Features:

• Clean directory navigation with breadcrumbs and pagination
• View file metadata (size, type, SHA256, VirusTotal links)
• View raw files, extract strings, and disassemble binaries
• Integration with DIE (Detect It Easy) CLI for instant file type analysis
• Toggle dark/light mode and simplified/full filenames
• Direct download for all files
• Deployable in seconds via Docker or Docker Compose

# Clone the repo and enter the directory
git clone https://github.com/petikvx/malware-archive-explorer.git
cd malware-archive-explorer

# Copy your malware samples into the 'malware/' folder
cp -r /path/to/samples/* ./malware/

# Build and run with Docker
docker compose up --build
# or, if you prefer classic Docker:
docker build -t malware-explorer .
docker run -it --rm -p 8080:80 -v $(pwd)/malware:/var/www/html/malware malware-explorer

Then open http://localhost:8080 in your browser.

• index.php — Main web interface, handles navigation, analysis, and actions.
• Dockerfile — Modern Ubuntu base, with Apache2, PHP, ndisasm, and DIE CLI installed.
• docker-compose.yml — Out-of-the-box service configuration with bind mount for your samples.
• malware/ — Place your samples here (mounted inside the container).

• Browse & Download: Full directory explorer with breadcrumbs, sorting (by name/size), and paging (50 per page).
• Quick Analysis:
  • DIEC Integration: Inline DIEC output in the Strings tab for any file.
  • Strings Extraction: Uses GNU strings or built-in fallback.
  • Disassembly: MS-DOS/PE disassembly via ndisasm (16/32-bit, optional offset).
• File Info: SHA256 for each file (with VirusTotal link), MIME type, and pretty file sizes.
• Modes: Dark/light switch, full/simplified filename toggle.
• Security: All file access is path-validated, safe for read-only deployments.
• No database, no setup. Just drop your files in malware/ and launch.

docker compose up --build

• Binds ./malware to /var/www/html/malware inside the container.
• Exposes the web UI on port 8080.

docker build -t malware-explorer .
docker run -it --rm -p 8080:80 -v $(pwd)/malware:/var/www/html/malware malware-explorer

• Base Image: Ubuntu 24.04
• Web Server: Apache2 + PHP
• Analysis Tools:
  • Detect It Easy (diec) portable CLI
  • ndisasm (Netwide Disassembler)
  • strings (GNU binutils)
• Minimal dependencies, fast startup!

How do I add samples?
Just copy files into the malware/ directory before starting (or bind-mount it).

Where are reports generated?
All analysis (DIEC, strings, disasm) is on-the-fly—nothing is stored or sent.

Does it run on ARM?
The Dockerfile uses the official x86_64 DIEC build; adjust if running on ARM.

For educational and research purposes only.
Never expose a malware archive to the internet, and always run in a safe, isolated environment.

• Project by petikvx
• DIE CLI by NTInfo (Detect It Easy)
• Inspired by open-source file explorers and malware researchers.