MCRIT Documentation

Quick start

Get MCRIT running in minutes with Docker or standalone installation

Install MCRIT

Deploy with Docker for the simplest setup, including MongoDB and the web frontend:

git clone https://github.com/danielplohmann/docker-mcrit
cd docker-mcrit
docker-compose up -d

Or install standalone with pip:

pip install -e .

Start the server and worker

Run the API server and background worker:

mcrit server

In a separate terminal:

mcrit worker

The server will be available at http://127.0.0.1:8000

Submit your first sample

Use the CLI to submit a binary for analysis:

mcrit client submit sample_unpacked -f malware_family

Or use the Python client:

from mcrit.client.McritClient import McritClient

client = McritClient("http://localhost:8000")
result = client.addBinarySample(binary_data, "sample_name", "family_name")

Explore MCRIT

Learn about MCRIT’s capabilities and how to use them effectively

Installation

Docker and standalone deployment options

CLI Guide

Command-line interface for sample management

Python Client

Programmatic access to all MCRIT features

MinHash Concepts

Understanding MinHash-based similarity analysis

API Endpoints

REST API for samples, functions, and matching

IDA Plugin

Integration with IDA Pro for live analysis

Key features

Powerful capabilities for code similarity analysis and malware research

Fast MinHash matching

Rapidly identify code similarities using MinHash algorithms with configurable band counts and thresholds

SMDA integration

Built on SMDA disassembler for accurate function extraction and analysis across multiple architectures

MongoDB storage

Persistent storage for samples, functions, and analysis results with efficient indexing

Job queue system

Asynchronous processing with worker architecture for compute-intensive matching operations

Get Started

Deployment

Usage Guides

Core Concepts

MCRIT