GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → Velocidex → Velociraptor

Velocidex / Velociraptor

Licence: other
Digging Deeper....

Programming Languages

go
31211 projects - #10 most used programming language

Labels

incident-responsedigital-forensicsinventory-management

Projects that are alternatives of or similar to Velociraptor

Thehive4py
Python API Client for TheHive
Stars: ✭ 143 (-78.97%)
Mutual labels:  incident-response, digital-forensics
Cortex
Cortex: a Powerful Observable Analysis and Active Response Engine
Stars: ✭ 676 (-0.59%)
Mutual labels:  incident-response, digital-forensics
Thehive
TheHive: a Scalable, Open Source and Free Security Incident Response Platform
Stars: ✭ 2,300 (+238.24%)
Mutual labels:  incident-response, digital-forensics
Beagle
Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.
Stars: ✭ 976 (+43.53%)
Mutual labels:  incident-response, digital-forensics
catalyst
Catalyst is an open source SOAR system that helps to automate alert handling and incident response processes
Stars: ✭ 91 (-86.62%)
Mutual labels:  incident-response, digital-forensics
Dfirtrack
DFIRTrack - The Incident Response Tracking Application
Stars: ✭ 232 (-65.88%)
Mutual labels:  incident-response, digital-forensics
Cortex Analyzers
Cortex Analyzers Repository
Stars: ✭ 246 (-63.82%)
Mutual labels:  incident-response, digital-forensics
ThePhish
ThePhish: an automated phishing email analysis tool
Stars: ✭ 676 (-0.59%)
Mutual labels:  incident-response, digital-forensics
MemProcFS-Analyzer
MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR
Stars: ✭ 89 (-86.91%)
Mutual labels:  incident-response, digital-forensics
INDXRipper
Carve file metadata from NTFS index ($I30) attributes
Stars: ✭ 32 (-95.29%)
Mutual labels:  incident-response, digital-forensics
Thehivedocs
Documentation of TheHive
Stars: ✭ 353 (-48.09%)
Mutual labels:  incident-response, digital-forensics
CASE
Cyber-investigation Analysis Standard Expression (CASE) Ontology
Stars: ✭ 46 (-93.24%)
Mutual labels:  incident-response, digital-forensics
Kuiper
Digital Forensics Investigation Platform
Stars: ✭ 257 (-62.21%)
Mutual labels:  incident-response, digital-forensics
Urlextractor
Information gathering & website reconnaissance | https://phishstats.info/
Stars: ✭ 341 (-49.85%)
Mutual labels:  incident-response
Opcde
OPCDE Cybersecurity Conference Materials
Stars: ✭ 538 (-20.88%)
Mutual labels:  incident-response
Watcher
Watcher - Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS.
Stars: ✭ 324 (-52.35%)
Mutual labels:  incident-response
Ir Rescue
A Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.
Stars: ✭ 311 (-54.26%)
Mutual labels:  incident-response
Cyberchef Recipes
A list of cyber-chef recipes and curated links
Stars: ✭ 619 (-8.97%)
Mutual labels:  incident-response
Howtheysre
A curated collection of publicly available resources on how technology and tech-savvy organizations around the world practice Site Reliability Engineering (SRE)
Stars: ✭ 6,962 (+923.82%)
Mutual labels:  incident-response
Openboxes
OpenBoxes is a supply chain management system designed to manage inventory and track stock movements for healthcare facilities.
Stars: ✭ 309 (-54.56%)
Mutual labels:  inventory-management
View All Similar Projects ➔

Velociraptor - Endpoint visibility and collection tool.

Velociraptor is a tool for collecting host based state information using Velocidex Query Language (VQL) queries.

To learn more about Velociraptor, read the documentation on:

https://www.velocidex.com/docs/

Quick start

If you want to see what Velociraptor is all about simply:

  1. Download the binary from the release page for your favorite platform (Windows/Linux/MacOS).

  2. Start the GUI

  $ velociraptor gui

This will bring up the GUI, Frontend and a local client. You can collect artifacts from the client (which is just running on your own machine) as normal.

Once you are ready for a full deployment, check out the various deployment options at https://www.velocidex.com/docs/getting-started

Running Velociraptor via Docker

To run a Velociraptor server via Docker, follow the instructions here: https://github.com/weslambert/velociraptor-docker

Running Velociraptor locally

Velociraptor is also useful as a local triage tool. You can create a self contained local collector using the GUI:

  1. Start the GUI as above (velociraptor gui).

  2. Select the Server Artifacts sidebar menu, then Build Collector.

  3. Select and configure the artifacts you want to collect, then select the Uploaded Files tab and download your customized collector.

Building from source

To build from source, make sure you have a recent Golang installed from https://golang.org/dl/ (Currently at least Go 1.14):

    $ git clone https://github.com/Velocidex/velociraptor.git
    $ cd velociraptor

    # This will build the GUI elements. You will need to have node
    # installed first. For example get it from
    # https://nodejs.org/en/download/.
    $ cd gui/velociraptor/
    $ npm install

    # This will build the webpack bundle
    $ make build

    # To build a dev binary just run make.
    # NOTE: Make sure ~/go/bin is on your path -
    # this is required to find the Golang tools we need.
    $ cd ../..
    $ make

    # To build production binaries
    $ make linux
    $ make windows

Getting the latest version

We have a pretty frequent release schedule but if you see a new feature submitted that you are really interested in, we would love to have more testing prior to the official release.

We have a CI pipeline managed by GitHub actions. You can see the pipeline by clicking the actions tab on our GitHub project. There are two workflows:

  1. Windows Test: this workflow builds a minimal version of the Velociraptor binary (without the GUI) and runs all the tests on it. We also test various windows support functions in this pipeline. This pipeline builds on every push in each PR.

  2. Linux Build All Arches: This pipeline builds complete binaries for many supported architectures. It only runs when the PR is merged into the master branch. To download the latest binaries simply select the latest run of this pipeline, scroll down the page to the "Artifacts" section and download the Binaries.zip file (Note you need to be logged into GitHub to see this).

If you fork the project on GitHub, the pipelines will run on your own fork as well as long as you enable GitHub Actions on your fork. If you need to prepare a PR for a new feature or modify an existing feature you can use this to build your own binaries for testing on all architectures before send us the PR.

Supported platforms

Velociraptor is written in Golang and so is available for all the platforms supported by Go. This means that Windows XP and Windows server 2003 are not supported but anything after Windows 7/Vista is.

We build our releases on Centos 6 (x64) for Linux and Sierra for MacOS so earlier platforms may not be supported by our release pipeline. If you need 32 bit builds you will need to build from source. You can do this easily by forking the project on GitHub, enabling GitHub Actions in your fork and editing the Linux Build All Arches pipeline.

Getting help

Questions and feedback are welcome at [email protected]

You can also chat with us directly on discord https://www.velocidex.com/discord

File issues on https://github.com/Velocidex/velociraptor

Read more about Velociraptor on our blog:

https://www.velocidex.com/blog/

Hang out on Medium https://medium.com/velociraptor-ir

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].