Kraken - Cross-platform Yara Scanner Written In Go

2020-11-05T20:30:02
ID KITPLOIT:7502592055175491881
Type kitploit
Reporter KitPloit
Modified 2020-11-05T20:30:02

Description

Kraken is a simple cross-platform Yara scanner that can be built for Windows, Mac, FreeBSD and Linux. It is primarily intended for incident response, research and ad-hoc detections ( _ not _ for endpoint protection). Following are the core features:

  • Scan running executables and memory of running processes with provided Yara rules (leveraging go-yara ).
  • Scan executables installed for autorun (leveraging go-autoruns ).
  • Scan the filesystem with the provided Yara rules.
  • Report any detection to a remote server provided with a Django-based web interface.
  • Run continuously and periodically check for new autoruns and scan any newly-executed processes. Kraken will store events in a local SQLite3 database and will keep copies of autorun and detected executables.

Some features are still under work or almost completed:

  • Installer and launcher to automatically start Kraken at startup.
  • Download updated Yara rules from the server.

Screenshots

How to use

Launch Kraken with any of the available options:

Usage of kraken:  
      --backend string   Specify a particular hostname to the backend to connect to (overrides the default)  
      --daemon           Enable daemon mode (this will also enable the report flag)  
      --debug            Enable debug logs  
      --folder string    Specify a particular folder to be scanned (overrides the default full filesystem)  
      --no-autoruns      Disable [scanning](<https://www.kitploit.com/search/label/Scanning> "scanning" ) of autoruns  
      --no-filesystem    Disable scanning of filesystem  
      --no-process       Disable scanning of running processes  
      --report           Enable [reporting](<https://www.kitploit.com/search/label/Reporting> "reporting" ) of events to the backend  
      --rules            Specify a particular path to a file or folder containing the Yara rules to use

User Guide

For details on how to install, use and build Kraken you should refer to the User Guide . The original source files for the documentation are available here , please open any issue or pull request pertinent to documentation there.

Download Kraken