Kraken is a simple cross-platform Yara scanner that can be built for Windows, Mac, FreeBSD and Linux. It is primarily intended for incident response, research and ad-hoc detections ( _ not _ for endpoint protection). Following are the core features:
Some features are still under work or almost completed:
How to use
Launch Kraken with any of the available options:
Usage of kraken: --backend string Specify a particular hostname to the backend to connect to (overrides the default) --daemon Enable daemon mode (this will also enable the report flag) --debug Enable debug logs --folder string Specify a particular folder to be scanned (overrides the default full filesystem) --no-autoruns Disable [scanning](<https://www.kitploit.com/search/label/Scanning> "scanning" ) of autoruns --no-filesystem Disable scanning of filesystem --no-process Disable scanning of running processes --report Enable [reporting](<https://www.kitploit.com/search/label/Reporting> "reporting" ) of events to the backend --rules Specify a particular path to a file or folder containing the Yara rules to use
For details on how to install, use and build Kraken you should refer to the User Guide . The original source files for the documentation are available here , please open any issue or pull request pertinent to documentation there.