The CyberCX Digger project is designed to help Australian organisations determine if they have been impacted by certain high profile cyber security incidents. Digger provides threat hunting functionality packaged in a simple-to-use tool, allowing users to detect certain attacker activities; all for free.

Stars: ✭ 45 (+95.65%)

Mutual labels: incident-response, dfir

Scripting

PS / Bash / Python / Other scripts For FUN!

Stars: ✭ 47 (+104.35%)

Mutual labels: incident-response, dfir

Mthc

All-in-one bundle of MISP, TheHive and Cortex

Stars: ✭ 134 (+482.61%)

Mutual labels: incident-response, dfir

Cortex4py

Python API Client for Cortex

Stars: ✭ 22 (-4.35%)

Mutual labels: incident-response, dfir

Beagle

Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.

Stars: ✭ 976 (+4143.48%)

Mutual labels: incident-response, dfir

Oriana

Oriana is a threat hunting tool that leverages a subset of Windows events to build relationships, calculate totals and run analytics. The results are presented in a Web layer to help defenders identify outliers and suspicious behavior on corporate environments.

Stars: ✭ 152 (+560.87%)

Mutual labels: incident-response, dfir

Packrat

Live system forensic collector

Stars: ✭ 16 (-30.43%)

Mutual labels: incident-response, dfir

View All Similar Projects ➔

PyaraScanner

A multithreaded many-rules to many-files YARA scanner for incident response or malware zoos

Prerequisites

YARA installed and Python 3.0-3.5 with the Yara-Python package

pip install yara-python

Yara-Python requires Microsoft Visual C++ Build Tools available here under 'Build Tools for Visual Studio 2017' and the Yara binaries, available here or here

Alternatively, you can download an easy installer which should download everything you need for your version of Python here (only supports up to Python 3.5)

Running a scan

To run with default settings, just specify a folder for .yar rules and a starting point for files to scan. All directories for both inputs are scanned recursively

pyarascanner.py C:\Yara_Rules_Path C:\Scan_Directory

Full syntax:

pyarascanner.py [-h] [-e] [-a] [-l LOG] [-m MAXSIZE] [-c CORES] [-x EXISTING_RULES] rules_path scan_path

Optional Arguments

-h show this help message and exit
-e Show all errors
-a Show alerts only
-l LOG Output to specified log file
-m MAXSIZE Set maximum file size (MB)
-c CORES Number of cores to use (defaults to number on system if unspecified)
-x EXISTING_RULES If specified, look for .rules file in same path as script

Known Problems

Problematic files can cause a hang in the multiprocessing with each thread needing to finis
Only scan results are logged, no script messages (including yara compiling)

Built With

Yara-Python - The awesome python implementation of awesome YARA rules

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

nogoodconfig / pyarascanner

Programming Languages

Labels

Projects that are alternatives of or similar to pyarascanner

PyaraScanner

Prerequisites

Running a scan

Optional Arguments

Known Problems

Built With