Anomy – Tor Anonymiser for Malware Analysis

When carrying out Malware Analysis or Threat intelligence, the ability to anonymize your activities is hugely beneficial. The purpose of Anomy is to reduce the time taken to cover your tracks.

It runs the specified command through a tor sock proxy, bouncing the connection though the tor network. Meaning that your information does not show up in the log or records of the bad actor.

Whilst the initial scope of Anomy is to aid in Threat Hunting and Malware Analysis, there are likely many other use cases.

The project can be found here on GitHub, or by following the instruction below.

Instructions
$ anomy -h
Usage: anomy [OPTION]... [URL]...
Mandatory arguments to long options are mandatory for short options too.
    Startup:
    -h,  --help                      print this help
    Functions:
    -w,  --wget                      wget download
    -s,  --ssh                       initiate ssh connection
    -f,  --ftp                       initiate ftp session
    -d,  --sftp                      initiate sftp session
    -t,  --telnet                    initiate telnet session
Installtation

cd /opt
git clone https://github.com/izm1chael/Anomy.git
cd /Anomy
sudo bash install.sh
Uninstall
cd /opt/Anomy
sudo bash uninstall.sh
Update: 12/02/2021

Anomy is now included in the REMnux Toolkit for Malware Analysis, you can find a link to the documentation here.

Leave a Reply

Your email address will not be published. Required fields are marked *