"Pandora is an analysis framework to discover if a file is suspicious and conveniently show the results."
But what does it do exactly?
The readme contains a lot of install instructions but very little explanation what the purpose of the tool actually is. It uses libreoffice.. so... office documents that are.. suspicious? Whatever that means.
If you head over to the public instance, you discover a file upload and nothing else.
"Drop suspicious file here".. okay?
Then there's a button labelled "advanced" which shows toggles for different modules. These do provide a tiny bit of insight regarding the purpose of the tool but it's still very much unclear.
This is sad because I'm sure it's a great project.
I just have absolutely no clue what it does.
Would it be possible to extend the readme with a "Why would I use this?" section explaining the purpose of the tool with some basic example use-cases?
It appears to hash the file locally, then look it up on a number of aggregators (or local scanner such as clamav), see: https://github.com/pandora-analysis/pandora/tree/main/pandor... for list. For example, check the "usual" sites like virustotal immediately, and do local inspection into embedded document objects.
You will need to be subscribed to those services that are not free and have API keys for each one.
Something like "Pandora is a cyber incident response tool automating common analysis methods. Currently, it is focused on office documents" would already be immensely helpful.
... _if_ I understood its purpose correctly that is.
But what does it do exactly?
The readme contains a lot of install instructions but very little explanation what the purpose of the tool actually is. It uses libreoffice.. so... office documents that are.. suspicious? Whatever that means.
If you head over to the public instance, you discover a file upload and nothing else. "Drop suspicious file here".. okay?
Then there's a button labelled "advanced" which shows toggles for different modules. These do provide a tiny bit of insight regarding the purpose of the tool but it's still very much unclear.
This is sad because I'm sure it's a great project. I just have absolutely no clue what it does.
Would it be possible to extend the readme with a "Why would I use this?" section explaining the purpose of the tool with some basic example use-cases?