litmus beta

ML-powered malware classifier that leverages cleave output to make threat assessment decisions. Trains custom XGBoost models tailored to your specific threat environment. Unlike cleave, which reports neutral capabilities, litmus makes the call on whether something is malicious.

Capabilities

• Custom model training — train XGBoost models on your own labeled data
• File scanning — scan individual files, directories, and archives
• Supply chain detection — compare package versions with litmus diff to catch tampering
• Feature explanation — understand why something was flagged
• Model management — maintain multiple trained models for different environments
• Server mode — HTTP API for integration into pipelines

Install

$ cargo install --git https://codeberg.org/atomdrift/litmus

Usage

$ litmus scan /path/to/file
$ litmus scan /path/to/directory/
$ litmus diff old-package.tar.gz new-package.tar.gz

Beta software — expect false positives and false negatives. Not recommended as a sole decision-maker for production security.