TRACE
Open Source • Self-Hosted • Enterprise Ready

Analyze Malware with Precision

Self-hosted malware analysis platform with isolated Docker sandboxes, real-time WebSocket telemetry, and MITRE ATT&CK mapping. Your data never leaves your infrastructure.

Launch AppView Docs
3
Analysis Phases
100MB
Max File Size
150+
String Patterns
24/7
Self-Hosted

Built with enterprise-grade technologies

AES-256 Quarantine
Real-time WebSocket
MITRE ATT&CK Mapping

Enterprise-Grade Features

Everything you need for comprehensive malware analysis, from static inspection to dynamic sandboxing and threat intelligence integration.

Static Analysis

YARA rules, entropy analysis, PE/ELF parsing, and 150+ string patterns for comprehensive file inspection.

Dynamic Sandbox

Ubuntu 22.04 containers with strace/ltrace/tcpdump for syscall tracing and behavior monitoring.

Browser Sandbox

Pardus Linux + Firefox ESR with noVNC for safe URL detonation with live video streaming.

Network Analysis

PCAP parsing, JA3 TLS fingerprinting, beaconing detection, and suspicious port monitoring.

MITRE ATT&CK

Automatic syscall-to-technique mapping with dashboard visualization of top attack patterns.

Risk Scoring

0-100 scoring system with 5 severity levels. Automatic quarantine for high-risk samples.

Threat Intel

VirusTotal integration with 24h Redis cache, IOC extraction, STIX 2.1 and CSV export.

AES-256 Quarantine

Infected samples encrypted with pyzipper AES-256 for secure isolation and handling.

Real-time Telemetry

Redis pub/sub to WebSocket for live event streaming. Watch analysis unfold in real-time.

HA PostgreSQL

Patroni 3-node cluster with etcd DCS and HAProxy for high availability and RW/RO split.

USOM Integration

TR-CERT URL blacklist with automatic daily updates at 03:00 UTC for threat protection.

Kubernetes Ready

Kustomize overlays, NetworkPolicy isolation, dynamic Job spawning, and full RBAC support.

3-Phase Pipeline

Comprehensive Analysis Pipeline

From rapid static checks to deep behavioral analysis — our multi-phase pipeline ensures no threat goes undetected.

~10s
Phase 1
Static Analysis

Fast initial inspection without execution

  • Hash calculation (SHA256/MD5/SHA1/ssdeep)
  • MIME type detection & entropy analysis
  • PE/ELF binary parsing
  • YARA rule matching
  • VirusTotal lookup (cached 24h)
120s
Phase 2
Basic Sandbox

Behavioral analysis in isolated container

  • strace syscall tracing
  • Process tree construction
  • File system monitoring
  • Registry & config changes
  • Internal network (no internet)
600s
Phase 3
Deep Sandbox

Advanced network and threat analysis

  • PCAP network capture & analysis
  • JA3/JA3S TLS fingerprinting
  • Beaconing pattern detection
  • MITRE ATT&CK technique mapping
  • Suspicious port monitoring (16 ports)

Total analysis time: ~12 minutes for complete deep analysis

Platform Preview

See TRACE in Action

Explore the powerful interface designed for security analysts.

https://trace.local/dashboard
Analysis Dashboard
Click to enlarge

Analysis Dashboard

Real-time overview of all analyses with risk distribution, MITRE ATT&CK top techniques, and activity timeline.

System Design

Enterprise Architecture

Microservices architecture with high availability, network isolation, and real-time event streaming.

TRACE Platform Architecture Diagram — showing the full system flow from Internet through Cloudflare Tunnel, nginx, frontend/backend, Redis, Patroni HA PostgreSQL, to isolated Docker sandboxes
Internet
Cloudflare Tunnel
Reverse Proxy
nginx :8090
Application Layer
Frontend
React 19 :3000
Backend
FastAPI :8000 (14 services)
Message & Cache
Redis :6379
Pub/Sub + Cache
Celery Workers
Task Queue
Database
HAProxy
:5000 RW / :5001 RO
Patroni HA
PostgreSQL × 3 + etcd
Sandboxes
Malware Sandbox
ubuntu:22.04 • isolated-net (no internet)
Browser Sandbox
Pardus + noVNC :6080 • browser-net
Network Isolation
Malware sandboxes have no internet access
HA Database
Patroni ensures zero downtime failover
Real-time Events
Redis pub/sub to WebSocket streaming
Self-Hosted

Why Self-Host?

Keep your malware samples where they belong — in your own infrastructure. Full control, complete privacy, unlimited analysis.

Complete Data Privacy

All analysis happens on your infrastructure. Sensitive files and malware samples never leave your network.

Zero data exfiltration

Compliance Ready

Meet regulatory requirements for data residency. Perfect for government, finance, and healthcare sectors.

GDPR, HIPAA, SOC 2

Air-Gap Compatible

Deploy in fully isolated environments. VirusTotal integration is optional — full offline operation supported.

No internet required

Full Transparency

Open source codebase. Audit every line of code. No black boxes, no hidden telemetry.

MIT License

Unlimited Customization

Modify YARA rules, adjust risk thresholds, extend analysis phases. The platform adapts to your needs.

Your rules, your way

No API Limits

Analyze as many samples as your hardware allows. No quotas, no rate limits, no per-scan fees.

Unlimited scans

Self-Hosted vs Cloud Solutions

FeatureTRACE (Self-Hosted)Cloud Services
Data LocationYour serversThird-party cloud
API LimitsUnlimitedQuota-based
Cost ModelOne-time setupPer-scan fees
CustomizationFull accessLimited
Offline ModeSupportedNot possible
Source CodeOpen sourceClosed
Pricing

Open Source. Enterprise Ready.

Start with our fully-featured open source version. Upgrade to enterprise when you need dedicated support and custom development.

Open Source

Free forever for individuals and small teams

FreeMIT License
  • Full platform access
  • 3-phase analysis pipeline
  • Static + Dynamic analysis
  • Browser sandbox
  • MITRE ATT&CK mapping
  • Docker Compose deployment
  • Community support
  • Self-managed infrastructure
Deploy with Docker
RECOMMENDED
Enterprise

For organizations requiring dedicated support

Contact UsCustom pricing
  • Everything in Open Source
  • Kubernetes deployment support
  • Custom YARA rule development
  • Priority security updates
  • SLA-backed support
  • Training & onboarding
  • Custom integrations
  • Dedicated account manager
Contact Sales

Enterprise Services Include

Security Consulting

Custom deployment review and hardening recommendations

On-Site Training

Train your SOC team on advanced malware analysis techniques

24/7 Support

Direct access to engineering team for critical issues

Custom Development

New features and integrations tailored to your workflow