IRFuzz is a simple scanner with yara rules for document archives or any files.
Install
1. Prerequisites
Linux or OS X
Dependencies are managed with pipenv
. To get started install dependencies and activate virtual environment with following commands:
$ pipenv install
$ pipenv shell
Running IRFuzz – Watchd
Running IRFuzz
$ python -m watchd.watch ~/tools/IR/ -y rules/maldocs --csv csvfile.csv
Supported Features
Custom Extensions
$ python -m watchd.watch ~/tools/IR/ -y rules/maldocs --csv csvfile.csv --extensions .zip,.rar
Alert Matching Yara Rule
Generate token from https://irfuzz.com/tokens
$ python -m watchd.watch ~/tools/IR/ -y rules/maldocs --csv csvfile.csv --extensions .php --token tokenhere
Configure alerts from the website to Telegram or your email.
Delete Matched File
$ python -m watchd.watch ~/tools/IR/ -y rules/maldocs --csv csvfile.csv --delete
Polling (Inotify Not Supported)
$ python -m watchd.watch ~/tools/IR/ -y rules/maldocs --csv csvfile.csv --polling
Adds –poll option to force the use of polling mechanism to detect changes in data directory. Polling is slower than the underlying mechanism in OS to detect changes but it’s necessary with certain file systems such as SMB mounts.
Pystinger is a Python-based tool that enables SOCKS4 proxying and port mapping through webshells. It…
Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…
Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…
If you are working with Linux or writing bash scripts, one of the most common…
What is a bash case statement? A bash case statement is a way to control…
Why Do We Check Files in Bash? When writing a Bash script, you often work…