YaraHunter scans container images, running Docker containers, and filesystems to find indicators of malware. It uses a YARA ruleset to identify resources that match known malware signatures, and may indicate that the container or filesystem has been compromised. YaraHunter can be used in the following ways: - At build-and-test: scan build artifacts in the CI/CD pipeline, reporting on possible indicators of malware - At rest: scan local container images, for example, before they are deployed, to verify they do not contain malware - At runtime: scan running docker containers, for example, if you observe unusual network traffic or CPU activity - Against filesystems: at any time, YaraHunter can scan local filesystems for indicators of compromise Key capabilities: - Scan running and at-rest containers - Scan filesystems - Scan during CI/CD build operations Run anywhere: highly-portable, docker container form factor Designed for automation: easy-to-deploy, easy-to-parse JSON output YaraHunter is a work-in-progress (check the Roadmap and issues list), and will be integrated into the ThreatMapper threat discovery platform. We welcome any contributions to help improve this tool.
This tool is not verified yet and doesn't have listed features.
Did you submit the verified tool? Sign in to add features.
Are you the author? Claim the tool by clicking the icon above. After claiming, you can add features.
BARF is an open source binary analysis framework for supporting various binary code analysis tasks in information security.
A tool for injecting and loading executables with a focus on stealth techniques.
A tool that reveals invisible links within JavaScript files
A 32-bit assembler level analyzing debugger for Microsoft Windows.
A PE/COFF file viewer that displays header, section, directory, import table, export table, and resource information within various file types.
Repository of TRISIS/TRITON/HatMan malware samples and decompiled sources targeting ICS Triconex SIS controllers.