diff --git a/README.md b/README.md
index 7c319b3..1b23dad 100644
--- a/README.md
+++ b/README.md
@@ -236,6 +236,7 @@ A collection of delicious docker recipes.
- [x] hydra
- [x] iptables
- [x] kismet
+- [x] maltrail
- [x] routersploit
- [x] snort :beetle:
- [x] snort3 :beetle:
diff --git a/editly/Dockerfile b/editly/Dockerfile
index d20d219..7c39b2c 100644
--- a/editly/Dockerfile
+++ b/editly/Dockerfile
@@ -2,11 +2,11 @@
# Dockerfile for editly
#
-FROM node:lts-bullseye
+FROM node:lts-bookworm
MAINTAINER EasyPi Software Foundation
ARG EDITLY_VERSION=0.14.2
-ARG FFMPEG_VERSION=6.0
+ARG FFMPEG_VERSION=6.1
RUN set -xe \
&& apt update \
diff --git a/maltrail/Dockerfile b/maltrail/Dockerfile
new file mode 100644
index 0000000..0a014b7
--- /dev/null
+++ b/maltrail/Dockerfile
@@ -0,0 +1,41 @@
+#
+# Dockerfile for maltrail
+#
+
+FROM debian:12
+MAINTAINER EasyPi Software Foundation
+
+ARG MALTRAIL_VERSION=0.67
+ARG MALTRAIL_URL=https://github.com/stamparm/maltrail/archive/refs/tags/${MALTRAIL_VERSION}.tar.gz
+
+WORKDIR /opt/maltrail
+
+RUN set -xe \
+ && apt update -y \
+ && apt install -y curl \
+ build-essential \
+ libpcap0.8 \
+ libpcap-dev \
+ procps \
+ python3 \
+ python3-dev \
+ python3-pip \
+ python-is-python3 \
+ schedtool \
+ && pip install --break-system-packages pcapy-ng \
+ && curl -sSL ${MALTRAIL_URL} | tar xz --strip 1 \
+ && mkdir -p etc log var misc/custom \
+ && mv maltrail.conf etc \
+ && mv trails/custom/dprk.txt misc/custom \
+ && chmod +x server.py sensor.py \
+ && ./server.py --version \
+ && ./sensor.py --version \
+ && apt remote -y curl \
+ build-essential \
+ libpcap-dev \
+ python3-dev \
+ && rm -rf /var/lib/apt/lists/*
+
+EXPOSE 8337/udp 8338/tcp
+
+CMD ["./server.py", "-c", "etc/maltrail.conf"]
diff --git a/maltrail/README.md b/maltrail/README.md
new file mode 100644
index 0000000..bb6c575
--- /dev/null
+++ b/maltrail/README.md
@@ -0,0 +1,17 @@
+maltrail
+========
+
+[Maltrail][1] is a malicious traffic detection system.
+
+
+```bash
+$ docker compose up -d
+$ curl http://127.0.0.1:8338
+
+$ ping -c 1 136.161.101.53
+$ nslookup morphed.ru
+
+$ tail -f ./data/log/$(date +"%Y-%m-%d").log
+```
+
+[1]: https://github.com/stamparm/maltrail
diff --git a/maltrail/data/etc/maltrail.conf b/maltrail/data/etc/maltrail.conf
new file mode 100644
index 0000000..83c4f39
--- /dev/null
+++ b/maltrail/data/etc/maltrail.conf
@@ -0,0 +1,150 @@
+# [Server]
+
+# Listen address of (reporting) HTTP server
+HTTP_ADDRESS 0.0.0.0
+#HTTP_ADDRESS ::
+#HTTP_ADDRESS fe80::12c3:7bff:fe6d:cf9b%eno1
+
+# Listen port of (reporting) HTTP server
+HTTP_PORT 8338
+
+# Use SSL/TLS
+USE_SSL false
+
+# SSL/TLS (private/cert) PEM file (e.g. openssl req -new -x509 -keyout server.pem -out server.pem -days 1023 -nodes)
+#SSL_PEM misc/server.pem
+
+# User entries (username:sha256(password):UID:filter_netmask(s))
+# Note(s): sha256(password) can be generated on Linux with: echo -n 'password' | sha256sum | cut -d " " -f 1
+# UID >= 1000 have only rights to display results (Note: this moment only functionality implemented at the client side)
+# filter_netmask(s) is/are used to filter results
+USERS
+ admin:9ab3cd9d67bf49d01f6a2e33d0bd9bc804ddbe6ce1ff5d219c42624851db5dbc:0: # changeme!
+# local:9ab3cd9d67bf49d01f6a2e33d0bd9bc804ddbe6ce1ff5d219c42624851db5dbc:1000:192.168.0.0/16 # changeme!
+
+# Mask custom trail names for non-admin users (UID >= 1000)
+ENABLE_MASK_CUSTOM true
+
+# Listen address of (log collecting) UDP server
+UDP_ADDRESS 0.0.0.0
+#UDP_ADDRESS ::
+#UDP_ADDRESS fe80::12c3:7bff:fe6d:cf9b%eno1
+
+# Listen port of (log collecting) UDP server
+UDP_PORT 8337
+
+# Should server do the trail updates too (to support UPDATE_SERVER directive in [Sensor] parameters)
+USE_SERVER_UPDATE_TRAILS false
+
+# Aliases used in client's web browser interface to describe the src_ip and/or dst_ip column entries
+#IP_ALIASES
+# 8.8.8.8:google
+# 8.8.4.4:google
+
+# Option to change the top-left logo with a custom image/text
+#HEADER_LOGO 
XYZ
+
+# Regular expression to be used in external /fail2ban calls for extraction of attacker source IPs
+FAIL2BAN_REGEX attacker|reputation|potential[^"]*(web scan|directory traversal|injection|remote code|iot-malware download)|spammer|mass scanner
+
+# Blacklist generation rules
+# BLACKLIST
+# src_ip !~ ^192.168. and dst_port ~ ^22$
+# src_ip ~ ^192.168. and filter ~ malware
+
+# [Sensor]
+
+# Number of processes
+PROCESS_COUNT 1
+
+# Disable setting of CPU affinity (with schedtool) on Linux machines (e.g. because of load issues with other processes)
+DISABLE_CPU_AFFINITY false
+
+# Use feeds (too) in trail updates
+USE_FEED_UPDATES true
+
+# Disable (retrieval from) specified feeds (Note: respective .py files inside /trails/feeds; turris and ciarmy/cinsscore seem to be too "noisy" lately; policeman is old and produces lots of false positives)
+DISABLED_FEEDS turris, ciarmy, policeman, myip, alienvault
+
+# Ignore IPs that appear on lower than IP_MINIMUM_FEEDS number of feeds (Note: static IP trails are always included)
+IP_MINIMUM_FEEDS 3
+
+# Disable trails based on the following regular expression run against the corresponding info
+#DISABLED_TRAILS_INFO_REGEX known attacker|tor exit node
+
+# Update trails after every given period (seconds)
+UPDATE_PERIOD 86400
+
+# Use remote custom feed (too) in trail updates
+#CUSTOM_TRAILS_URL http://www.test.com/custom.txt
+
+# Location of directory with custom trails (*.txt) files
+CUSTOM_TRAILS_DIR ./misc/custom
+
+# (Max.) size of multiprocessing network capture ring buffer (in bytes or percentage of total physical memory) used by sensor (e.g. 512MB)
+CAPTURE_BUFFER 10%
+
+# Interface used for monitoring (e.g. eth0, eth1)
+MONITOR_INTERFACE any
+
+# Network capture filter (e.g. ip)
+# Note(s): more info about filters can be found at: https://danielmiessler.com/study/tcpdump/
+#CAPTURE_FILTER ip or ip6
+CAPTURE_FILTER udp or icmp or (tcp and (tcp[tcpflags] == tcp-syn or port 80 or port 1080 or port 3128 or port 8000 or port 8080 or port 8118))
+
+# Sensor name to appear in produced logs
+SENSOR_NAME $HOSTNAME
+
+# Remote Maltrail server instance to send log entries (Note: listening at :)
+LOG_SERVER 127.0.0.1:8337
+#LOG_SERVER [fe80::12c3:7bff:fe6d:cf9b%eno1]:8337
+
+# Remote address to send Syslog events
+#SYSLOG_SERVER 192.168.2.107:514
+
+# Remote address to send JSON events (e.g. Logstash)
+#LOGSTASH_SERVER 192.168.2.107:5000
+
+# Regular expression used for calculating severity attribute when sending events to SYSLOG_SERVER or LOGSTASH_SERVER
+REMOTE_SEVERITY_REGEX (?P(remote )?custom\)|malwaredomainlist|iot-malware|malware(?! (distribution|site))|adversary|ransomware)|(?Ppotential malware site|malware distribution)|(?Pmass scanner|reputation|attacker|spammer|compromised|crawler|scanning)
+
+# Set only (!) in cases when LOG_SERVER should be exclusively used for log storage
+DISABLE_LOCAL_LOG_STORAGE false
+
+# Remote address for pulling (latest) trail definitions (e.g. http://192.168.2.107:8338/trails). USE_SERVER_UPDATE_TRAILS directive should be active in [Server] parameters.
+#UPDATE_SERVER http://192.168.2.107:8338/trails
+
+# Use heuristic methods
+USE_HEURISTICS true
+
+# Capture HTTP requests with missing Host header (introducing potential false positives)
+CHECK_MISSING_HOST false
+
+# Check values in Host header (along with standard non-HTTP checks) for malicious DNS trails (introducing greater number of events)
+CHECK_HOST_DOMAINS false
+
+# Location of file with whitelisted entries (i.e. IP addresses, domain names, etc.) (note: take a look into 'misc/whitelist.txt')
+#USER_WHITELIST misc/whitelist.txt
+
+# Location of file with ignore event rules. Example under misc/ignore_events.txt
+#USER_IGNORELIST misc/ignore_events.txt
+
+# Regular expression to be used against the whole event entry to be ignored
+#IGNORE_EVENTS_REGEX sql injection|long domain|117.21.225.3|sinkhole
+
+# [All]
+
+# Show debug messages (in console output)
+SHOW_DEBUG false
+
+# Directory used for log storage
+LOG_DIR ./log/maltrail
+
+# HTTP(s) proxy address
+#PROXY_ADDRESS http://192.168.5.101:8118
+
+# Disable checking of sudo/Administrator privileges (e.g. if using: setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /bin/python)
+DISABLE_CHECK_SUDO true
+
+# Override default location for trail storage (~/.maltrail/trails.csv)
+TRAILS_FILE ./var/maltrail.csv
diff --git a/maltrail/data/log/.gitkeep b/maltrail/data/log/.gitkeep
new file mode 100644
index 0000000..e69de29
diff --git a/maltrail/data/var/.gitkeep b/maltrail/data/var/.gitkeep
new file mode 100644
index 0000000..e69de29
diff --git a/maltrail/docker-compose.yml b/maltrail/docker-compose.yml
new file mode 100644
index 0000000..27cd717
--- /dev/null
+++ b/maltrail/docker-compose.yml
@@ -0,0 +1,25 @@
+version: "3.8"
+
+services:
+
+ maltrail-server:
+ image: vimagick/maltrail
+ command: ./server.py -c etc/maltrail.conf
+ container_name: maltrail-server
+ volumes:
+ - ./data/etc:/opt/maltrail/etc
+ - ./data/log:/opt/maltrail/log
+ - ./data/var:/opt/maltrail/var
+ network_mode: host
+ restart: unless-stopped
+
+ maltrail-sensor:
+ image: vimagick/maltrail
+ command: ./sensor.py -c etc/maltrail.conf
+ container_name: maltrail-sensor
+ volumes:
+ - ./data/etc:/opt/maltrail/etc
+ - ./data/log:/opt/maltrail/log
+ - ./data/var:/opt/maltrail/var
+ network_mode: host
+ restart: unless-stopped