MASTIFF

Created by: Tyler Hudak

Contact Information: mastiff-project@korelogic.com [PGP key].

The terms and conditions under which this software is released are set forth in README.LICENSE.

Description:

MASTIFF is a static analysis framework that automates the process of extracting key characteristics from a number of different file formats. To ensure the framework remains flexible and extensible, a community-driven set of plug-ins is used to perform file analysis and data extraction. While originally designed to support malware, intrusion, and forensic analysis, the framework is well-suited to support a broader range of analytic needs. In a nutshell, MASTIFF allows analysts to focus on analysis rather than figuring out how to parse files.

Obtaining MASTIFF:

The current stable release is version 0.7.1, available here: mastiff-0.7.1.tar.gz [sign]. All releases are PGP-signed using the above project key.

The latest development code can be pulled from a public read-only Git repository here:

git clone https://git.korelogic.com/mastiff.git

or from GitHub:

git clone https://github.com/KoreLogicSecurity/mastiff

This contains tags for stable release versions, and any updates since the last release. All git commits are PGP-signed by a key available from MIT PGP keyservers, signed by the above project key.

Feedback:

Please submit comments, feedback, and bug reports to the above contact address, mastiff-project@korelogic.com. Please PGP-encrypt anything sensitive.

Contributing:

Improvements such as new features/plugins, bug fixes, etc. can be submitted in multiple ways:

1. Obtain the source code:
   • from a release tarball,
   • or by cloning the git repository;
2. Create and send us changes:
   • create a patch using diff -urP, git format-patch, etc., and email the patch to mastiff-project@korelogic.com, or
   • put your modified code in a git repository that we can access (such as GitHub, your own server, etc.), and send us a pull request.

Please PGP sign all patches and correspondence if possible.