Hacker News new | past | comments | ask | show | jobs | submit login
Pandora is an analysis framework to discover if a file is suspicious (github.com/pandora-analysis)
9 points by adulau on May 31, 2022 | hide | past | favorite | 5 comments



"Pandora is an analysis framework to discover if a file is suspicious and conveniently show the results."

But what does it do exactly?

The readme contains a lot of install instructions but very little explanation what the purpose of the tool actually is. It uses libreoffice.. so... office documents that are.. suspicious? Whatever that means.

If you head over to the public instance, you discover a file upload and nothing else. "Drop suspicious file here".. okay?

Then there's a button labelled "advanced" which shows toggles for different modules. These do provide a tiny bit of insight regarding the purpose of the tool but it's still very much unclear.

This is sad because I'm sure it's a great project. I just have absolutely no clue what it does.

Would it be possible to extend the readme with a "Why would I use this?" section explaining the purpose of the tool with some basic example use-cases?


It appears to hash the file locally, then look it up on a number of aggregators (or local scanner such as clamav), see: https://github.com/pandora-analysis/pandora/tree/main/pandor... for list. For example, check the "usual" sites like virustotal immediately, and do local inspection into embedded document objects.

You will need to be subscribed to those services that are not free and have API keys for each one.

There are some modules that also analyse the MSOffice XML format for bad code, that check OLE (don't know what is OLE? https://threatpost.com/like-macros-before-it-attackers-shift...) and macro deobfuscators.

CIRCL is the Luxembourg CERT, more or less.


Something like "Pandora is a cyber incident response tool automating common analysis methods. Currently, it is focused on office documents" would already be immensely helpful.

... _if_ I understood its purpose correctly that is.


Has there been any CVE on the tool itself yet?


Snakeoil.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: