Kraken : Cross Platform Yara Scanner Written In Go

Kraken is a simple cross-platform Yara scanner that can be built for Windows, Mac, FreeBSD and Linux. It is primarily intended for incident response, research and ad-hoc detections (not for endpoint protection). Following are the core features:

  • Scan running executables and memory of running processes with provided Yara rules (leveraging go-yara).
  • Scan executables installed for autorun (leveraging go-autoruns).
  • Scan the filesystem with the provided Yara rules.
  • Report any detection to a remote server provided with a Django-based web interface.
  • Run continuously and periodically check for new autoruns and scan any newly-executed processes. Kraken will store events in a local SQLite3 database and will keep copies of autorun and detected executables.

Some features are still under work or almost completed:

  • Installer and launcher to automatically start Kraken at startup.
  • Download updated Yara rules from the server.

Screenshots

How to use?

Launch Kraken with any of the available options:

sage of kraken:
–backend string Specify a particular hostname to the backend to connect to (overrides the default)
–daemon Enable daemon mode (this will also enable the report flag)
–debug Enable debug logs
–folder string Specify a particular folder to be scanned (overrides the default full filesystem)
–no-autoruns Disable scanning of autoruns
–no-filesystem Disable scanning of filesystem
–no-process Disable scanning of running processes
–report Enable reporting of events to the backend
–rules Specify a particular path to a file or folder containing the Yara rules to use

User Guide

For details on how to install, use and build Kraken you should refer to the User Guide. The original source files for the documentation are available here, please open any issue or pull request pertinent to documentation there.

License

Kraken is released under the GNU General Public License v3.0 and is copyrighted to Claudio Guarnieri.

R K

Recent Posts

JBDev : A Tool For Jailbreak And TrollStore Development

JBDev is a specialized development tool designed to streamline the creation and debugging of jailbreak…

15 hours ago

Kereva LLM Code Scanner : A Revolutionary Tool For Python Applications Using LLMs

The Kereva LLM Code Scanner is an innovative static analysis tool tailored for Python applications…

17 hours ago

Nuclei-Templates-Labs : A Hands-On Security Testing Playground

Nuclei-Templates-Labs is a dynamic and comprehensive repository designed for security researchers, learners, and organizations to…

19 hours ago

SSH-Stealer : The Stealthy Threat Of Advanced Credential Theft

SSH-Stealer and RunAs-Stealer are malicious tools designed to stealthily harvest SSH credentials, enabling attackers to…

19 hours ago

ollvm-unflattener : A Tool For Reversing Control Flow Flattening In OLLVM

Control flow flattening is a common obfuscation technique used by OLLVM (Obfuscator-LLVM) to transform executable…

19 hours ago

Cybersecurity – Tools And Their Function

Cybersecurity tools play a critical role in safeguarding digital assets, systems, and networks from malicious…

2 days ago