LitterBox

概述

LitterBox是一个自托管的载荷分析沙盒，专为红队设计，用于在部署前测试恶意样本与现代检测系统。它集成了多种EDR解决方案，如Elastic Defend和Fibratus，提供静态和动态分析功能。通过MCP集成，AI代理能够端到端地驱动分析流程，从样本提交到检测分数和触发指标的评估。

试试问 AI

装完之后，这里有 5 个你可以让 AI 做的事：

• upload_payload

  Upload a payload file for analysis in the LitterBox sandbox

  试试:Upload this suspicious executable for analysis试试:Scan this binary file with LitterBox试试:Test this payload against detection systems
• run_analysis

  Run static/dynamic/EDR analysis on an uploaded payload

  试试:Run full analysis on the uploaded file试试:Perform static analysis on this sample试试:Check payload detection score with all scanners
• get_detection_score

  Retrieve the detection score for an analyzed payload

  试试:What's the detection score for this payload?试试:Get the risk assessment for this file试试:Check how detectable this sample is
• get_detection_breakdown

  Get detailed breakdown of which indicators triggered detection

  试试:Show me which specific alerts were triggered试试:Break down the detection indicators试试:Which rules flagged this payload?
• dispatch_to_edr

  Send payload to EDR-instrumented VM for real-world testing

  试试:Test this payload against Elastic Defend试试:Run this file in the Fibratus environment试试:Dispatch to EDR VM for dynamic analysis
• list_scanners

  List all available scanners and their versions

  试试:Show all available scanners试试:What analysis tools are available?试试:List scanners with versions
• update_scanner

  Update a specific scanner to the latest version

  试试:Update PE-Sieve to the latest version试试:Refresh all scanners试试:Update YARA rules
• get_config

  Retrieve current LitterBox configuration

  试试:Show current configuration试试:Get scanner settings试试:Check timeout configurations
• get_results

  Retrieve full results from a completed analysis

  试试:Get the full analysis results试试:Show me all detection alerts试试:Retrieve the complete report
• add_yara_rule

  Add a custom YARA rule to the analysis pipeline

  试试:Add this custom YARA rule for detection试试:Upload a new YARA rule试试:Create a custom detection rule
• list_files

  List files in the sandbox environment

  试试:Show files in the upload directory试试:List all samples in the workspace试试:What files are available for analysis?
• create_profile

  Create a new EDR profile for testing environments

  试试:Create a new Elastic Defend profile试试:Set up a Fibratus testing configuration试试:Create custom EDR profile

说明：Tool names inferred from documentation and functionality description. MCP documentation referenced in wiki but not explicitly listed in README.

可对比工具

安装

git clone https://github.com/BlackSnufkin/LitterBox.git
cd LitterBox
python -m venv venv
.\venv\Scripts\Activate.ps1
pip install -r requirements.txt
python litterbox.py

git clone https://github.com/BlackSnufkin/LitterBox.git
cd LitterBox/Docker
chmod +x setup.sh
./setup.sh

{
  "mcpServers": {
    "litterbox": {
      "command": "python",
      "args": ["/path/to/LitterBox/litterbox.py"],
      "env": {}
    }
  }
}

FAQ

LitterBox支持哪些EDR解决方案？

LitterBox支持与Elastic Defend和Fibratus集成，可以将载荷分发到配置好的Windows虚拟机进行动态分析。

检测分数如何计算？

检测分数基于静态分析结果、动态行为观察和EDR警报相关性计算得出。具体方法记录在检测分数解释的Wiki页面中。

LitterBox 对比