Overview
Malbox supports two plugin types that determine where plugins execute and how they can communicate with the host system.Plugin Types
Guest Plugins
Guest plugins are meant to be executed within a sandboxed environment (containers, virtual machines, etc.), providing isolated analysis.Characteristics
Characteristics
- Execute within sandboxed environments (VMs, containers, etc.)
- Terminated with sandbox after task completion
Use cases
Use cases
- Dynamic malware analysis
- Behavioral monitoring in sandbox
- File execution and observation
Host Plugins
Host plugins execute directly on the host system.Characteristics
Characteristics
- Execute directly on the host system
- Full access to host resources and capabilities
- Higher performance without sandbox overhead
- Can be persistent across multiple tasks
Use cases
Use cases
- Statical file analysis
- Fast preprocessing tasks
- Virtual machine introspection
- Emulation-related plugins