Community services¶
The Assemblyline community has been hard at work to improve Assemblyline's ability to detect malicious files and extract information about them.
This page lists all the services that our members have created and shared with the public.
Warning
These services are not managed by the Assemblyline team so make sure that you check their source thoroughly and that you are comfortable with what they do before you install them on your system.
Service list¶
| Service Name | Description | Author | Source |
|---|---|---|---|
| AutoItRipper | AutoIt unpacker service | NVISO | link |
| ClamAV | Assemblyline service which submits a file to ClamAV and displays the result | NVISO | link |
| MalwareBazaar | Assemblyline service fetching Malware Bazaar report | NVISO | link |
| MsgParser | Simple MSG extractor AssemblyLine service | NVISO | link |
| MetaDefender Sandbox | Submits a file or a URL to MetaDefender Sandbox | OPSWAT | link |
| PythonExeUnpack | Python exe unpacker service | NVISO | link |
| StegFinder | AssemblyLine service which scans for embedded data in image using StegExpose | NVISO | link |
| Unfurl | Assemblyline service parsing a submitted URL to unshorten it. | NVISO | link |
| UrlScanIo | URLScan.io AL service | NVISO | link |
| WindowsDefender | Windows defender service being adapted from an Assemblyline community conversation | Adam McHugh | link |
Building a Community Service¶
- Obtain the service source code
- Edit the service manifest and ensure the following is set
version: $SERVICE_TAG ... docker_config: image: ${REGISTRY}<service_container_image>:$SERVICE_TAG - Build image and push to your local registry:
Warning
It's strongly recommended to tag service images following the Assemblyline format. Otherwise, the system will disable your service because it will deem it incompatible with the rest of the components.
Service versions should follow the format A.B.C.(dev|stable).D, where:
A, Brepresents the framework and system version, respectively.C, Dcan be used to indicate the major and minor of a service, respectively.- The
devorstableportion of the tag should indicate the state of the service build. This is also relevant for providing service updates under a certain channel.
The following is an example of a service build targetted for an Assemblyline deployment running release 4.4.x.x:
docker build . -t <private_registry>/<service_container_image>:4.4.0.stable0 --build-arg version=4.4.0.stable0
docker push <private_registry>/<service_container_image>:4.4.0.stable0
Add your service¶
Contact us on Discord to get your service featured on this page.