IRFuzz is a simple scanner with yara rules for document archives or any files.
Install
1. Prerequisites
Linux or OS X
Dependencies are managed with pipenv
. To get started install dependencies and activate virtual environment with following commands:
$ pipenv install
$ pipenv shell
Running IRFuzz – Watchd
Running IRFuzz
$ python -m watchd.watch ~/tools/IR/ -y rules/maldocs --csv csvfile.csv
Supported Features
Custom Extensions
$ python -m watchd.watch ~/tools/IR/ -y rules/maldocs --csv csvfile.csv --extensions .zip,.rar
Alert Matching Yara Rule
Generate token from https://irfuzz.com/tokens
$ python -m watchd.watch ~/tools/IR/ -y rules/maldocs --csv csvfile.csv --extensions .php --token tokenhere
Configure alerts from the website to Telegram or your email.
Delete Matched File
$ python -m watchd.watch ~/tools/IR/ -y rules/maldocs --csv csvfile.csv --delete
Polling (Inotify Not Supported)
$ python -m watchd.watch ~/tools/IR/ -y rules/maldocs --csv csvfile.csv --polling
Adds –poll option to force the use of polling mechanism to detect changes in data directory. Polling is slower than the underlying mechanism in OS to detect changes but it’s necessary with certain file systems such as SMB mounts.
Cybersecurity tools play a critical role in safeguarding digital assets, systems, and networks from malicious…
MODeflattener is a specialized tool designed to reverse OLLVM's control flow flattening obfuscation through static…
"My Awesome List" is a curated collection of tools, libraries, and resources spanning various domains…
CVE-2018-17463, a type confusion vulnerability in Chrome’s V8 JavaScript engine, allowed attackers to execute arbitrary…
The blog post "Chrome Browser Exploitation, Part 1: Introduction to V8 and JavaScript Internals" provides…
The exploitation of CVE-2018-17463, a type confusion vulnerability in Chrome’s V8 JavaScript engine, relies on…