Factual-rules-generator is an open source project which aims to generate YARA rules about installed software from a running operating system.
The goal of the software is to be able to use a set of rules against collected or acquired digital forensic evidences and find installed software in a timely fashion.
The software can be used to baseline known software from Windows system and create a set of rules for finding similar installation on other systems.
sudo apt-get install build-essential libffi-dev python3 python3-dev python3-pip libfuzzy-devpip install ssdeepSome tools are required on the host operating system some are Unix standard tools and some additional ones:
For the Windows virtual machine, the following software is required to be installed:
bin/OnWindows/Varclient.pybin/OnWindows/client.py in an executable file with PyInstaller and put in startup folderetc/allVariables.py to match your desired configuraitonIn test/ some examples of software to install is given, the following specific format is required:
:, or the name of the file in case of msi or exe file.: there’s the name of the exe to extract and run it (without extension)., follow the same system with the word installer first and after : the type of installer :uninstaller follow by : and the uninstaller like choco, msiexec or exebin/Generator.py is the only script to run, don’t forget to update etc/allVariables.py (critical step).Opera is one of the most popular cross-platform web browsers in the world, available on Windows,…
Gogs is a free, self-hosted Git service written in Go. It gives you a private GitHub-like…
Elasticsearch is an open-source distributed search and analytics engine built on Apache Lucene. It supports RESTful…
Flask is a free, open-source micro web framework for Python. It is built on Werkzeug and…
Memcached is a free, open-source, high-performance in-memory caching system. It stores data as key-value pairs in…
TensorFlow is a free, open-source machine learning platform developed by Google. It is used by major…