Factual-rules-generator is an open source project which aims to generate YARA rules about installed software from a running operating system.
The goal of the software is to be able to use a set of rules against collected or acquired digital forensic evidences and find installed software in a timely fashion.
The software can be used to baseline known software from Windows system and create a set of rules for finding similar installation on other systems.
sudo apt-get install build-essential libffi-dev python3 python3-dev python3-pip libfuzzy-devpip install ssdeepSome tools are required on the host operating system some are Unix standard tools and some additional ones:
For the Windows virtual machine, the following software is required to be installed:
bin/OnWindows/Varclient.pybin/OnWindows/client.py in an executable file with PyInstaller and put in startup folderetc/allVariables.py to match your desired configuraitonIn test/ some examples of software to install is given, the following specific format is required:
:, or the name of the file in case of msi or exe file.: there’s the name of the exe to extract and run it (without extension)., follow the same system with the word installer first and after : the type of installer :uninstaller follow by : and the uninstaller like choco, msiexec or exebin/Generator.py is the only script to run, don’t forget to update etc/allVariables.py (critical step).Nginx server blocks let you run more than one website on a single server. Each block…
Tor Browser is a modified version of Firefox that routes all your web traffic through the Tor…
Vagrant is a command-line tool that makes it easy to build and manage virtual machine environments.…
VMware Tools is a set of drivers and services that improves the performance of an Ubuntu…
Java developers use project management tools to automate building their applications. Apache Maven is an open source…
Running programs built for Microsoft's framework on a Linux system is easier than you think. Mono is…