Factual-rules-generator is an open source project which aims to generate YARA rules about installed software from a running operating system.
The goal of the software is to be able to use a set of rules against collected or acquired digital forensic evidences and find installed software in a timely fashion.
The software can be used to baseline known software from Windows system and create a set of rules for finding similar installation on other systems.
sudo apt-get install build-essential libffi-dev python3 python3-dev python3-pip libfuzzy-dev
pip install ssdeep
Some tools are required on the host operating system some are Unix standard tools and some additional ones:
For the Windows virtual machine, the following software is required to be installed:
bin/OnWindows/Varclient.py
bin/OnWindows/client.py
in an executable file with PyInstaller and put in startup folderetc/allVariables.py
to match your desired configuraitonIn test/
some examples of software to install is given, the following specific format is required:
:
, or the name of the file in case of msi or exe file.:
there’s the name of the exe to extract and run it (without extension).,
follow the same system with the word installer
first and after :
the type of installer :uninstaller
follow by :
and the uninstaller like choco, msiexec or exebin/Generator.py
is the only script to run, don’t forget to update etc/allVariables.py
(critical step).Overview WhatsMyName is a free, community-driven OSINT tool designed to identify where a username exists…
Managing disk usage is a crucial task for Linux users and administrators alike. Understanding which…
Efficient disk space management is vital in Linux, especially for system administrators who manage servers…
Knowing how to check directory sizes in Linux is essential for managing disk space and…
Managing user accounts is a core responsibility for any Linux administrator. Whether you’re securing a…
Linux offers powerful command-line tools for system administrators to view and manage user accounts. Knowing…