Displaying 1 to 7 from 7 results

Loki - Loki - Simple IOC and Incident Response Scanner

  •    Python

The Windows binary is compiled with PyInstaller 2.1 and should run as x86 application on both x86 and x64 based systems. Download the latest version of LOKI from the releases section.

signature-base - Signature base for my scanner tools

  •    Python

The signature-base repository is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This signature-base is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICLAR PURPOSE. See the GNU General Public License for more details.

awesome-yara - A curated list of awesome YARA rules, tools, and people.

  •    

A curated list of awesome YARA rules, tools, and resources. Inspired by awesome-python and awesome-php. YARA is an ancronym for: YARA: Another Recursive Ancronym, or Yet Another Ridiculous Acronym. Pick your choice.

yara-validator - Validates yara rules and tries to repair the broken ones.

  •    Python

Validates yara rules and tries to repair the broken ones.




yara-forensics - Set of Yara rules for finding files using magics headers

  •    Shell

Yara is the pattern matching swiss knife for malware researchers (and everyone else). Basically Yara allow us to scan files based on textual or binary patterns, thus we can take advantage of Yara's potential and focus it in forensic investigations. For now I have created a set of rules that search for magic headers on files and dump files like raw image of dd as well. So I invite anyone to add or improve rules regarding forensics stuff.

ThreatKB - Knowledge base workflow management for Yara rules and C2 artifacts (IP, DNS, SSL) (ALPHA STATE AT THE MOMENT)

  •    Javascript

It's best to run the application and it's Python virtualenv within a screen session to ensure ThreatKB continues to run. Note: Within screen, Ctrl+a+d will dettach your session and return you to your normal shell. To return to the screen session, run screen -list and look for the "Inquest_ThreatKB" entry followed by its PID then use screen -r InQuest_ThreatKB.<PID> to reattach.

yara-rules - A collection of Yara rules we wish to share with the world, most probably referenced from http://blog

  •    

A collection of Yara rules we wish to share with the world, most probably referenced from http://blog.inquest.net.