Neon

Collaborative Malware Database Management

Introduction

Neon is a minimalist malware database management system designed for efficient collaboration. After vitrifying payloads, analysts can dissect and document their findings through a dedicated interface, managing malicious artifacts.

Inspired by the idea of a Neon shedding light on malware.

Getting Started

Note

Neon is part of the CERT-EDF/fusion framework. This section will guide you for the standalone usage.

Deployment is designed to be simple using Docker.

export GIT_TAG="$(git describe --tags)"
docker compose up -d

Basic HTTP example using Nginx:

server {
    listen 80;
    server_name neon.domain.lan;

    access_log  /var/log/nginx/neon.access.log;
    error_log  /var/log/nginx/neon.error.log;

    proxy_http_version 1.1;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;

    location /api {
      proxy_pass http://127.0.0.1:8113;
      client_max_body_size 4G;
      proxy_buffering off;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "upgrade";
      proxy_set_header Host $host;
    }

    location / {
      proxy_pass http://127.0.0.1:8123;
    }
  }

Configuration

Refer to the configuration documentation.

License

Distributed under the MIT License.

Contributing

Contributions are welcome, see CONTRIBUTING.md for more information.

Security

To report a (suspected) security issue, see SECURITY.md for more information.