YaraHunter
YaraHunter scans container images, running Docker containers, and filesystems to find indicators of malware. It uses a YARA ruleset to identify resources that match known malware signatures, and may indicate that the container or filesystem has been compromised. YaraHunter can be used in the following ways: - At build-and-test: scan build artifacts in the CI/CD pipeline, reporting on possible indicators of malware - At rest: scan local container images, for example, before they are deployed, to verify they do not contain malware - At runtime: scan running docker containers, for example, if you observe unusual network traffic or CPU activity - Against filesystems: at any time, YaraHunter can scan local filesystems for indicators of compromise Key capabilities: - Scan running and at-rest containers - Scan filesystems - Scan during CI/CD build operations Run anywhere: highly-portable, docker container form factor Designed for automation: easy-to-deploy, easy-to-parse JSON output YaraHunter is a work-in-progress (check the Roadmap and issues list), and will be integrated into the ThreatMapper threat discovery platform. We welcome any contributions to help improve this tool.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
A collection of resources for beginners to learn assembly language.
A tutorial on setting up a virtual ARM environment, reversing ARM binaries, and writing basic exploits for ARM using the trafman challenge of rwthCTF as an example.
A freeware suite of tools for PE editing and process viewing, including CFF Explorer and Resource Editor.
Standalone graphical utility for viewing Java source codes from ".class" files.
A PE/COFF file viewer that displays header, section, directory, import table, export table, and resource information within various file types.
A write-up of the reverse engineering challenge from the 2019 BambooFox CTF competition
PINNED
Mandos
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.