Kraken – Cross-platform Yara Scanner Written In Go

Kraken – Cross-platform Yara Scanner Written In Go

Kraken is a basic cross-system Yara scanner that can be created for Windows, Mac, FreeBSD and Linux. It is primarily intended for incident response, analysis and advertisement-hoc detections (not for endpoint defense). Following are the main characteristics:

  • Scan managing executables and memory of managing procedures with supplied Yara principles (leveraging go-yara).
  • Scan executables mounted for autorun (leveraging go-autoruns).
  • Scan the filesystem with the provided Yara rules.
  • Report any detection to a distant server provided with a Django-based mostly world wide web interface.
  • Operate continually and periodically test for new autoruns and scan any newly-executed processes. Kraken will retail outlet gatherings in a area SQLite3 database and will maintain copies of autorun and detected executables.

Some attributes are nevertheless beneath operate or nearly finished:

  • Installer and launcher to mechanically start Kraken at startup.
  • Obtain up-to-date Yara procedures from the server.

Screenshots

kraken 2 cmd

How to use

Launch Kraken with any of the out there choices:

Use of kraken:
--backend string Specify a specific hostname to the backend to join to (overrides the default)
--daemon Allow daemon mode (this will also help the report flag)
--debug Permit debug logs
--folder string Specify a individual folder to be scanned (overrides the default comprehensive filesystem)
--no-autoruns Disable scanning of autoruns
--no-filesystem Disable scanning of filesystem
--no-approach Disable scanning of jogging processes
--report Permit reporting of functions to the backend
--procedures Specify a particular route to a file or folder made up of the Yara guidelines to use

Consumer Information

For specifics on how to set up, use and build Kraken you need to refer to the Consumer Guidebook. The original source documents for the documentation are available here, be sure to open up any challenge or pull request pertinent to documentation there.

GKChtuvSOvg

Graphic and Write-up Supply url

Read Extra on Pentesting Equipment

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this: