viernes, 28 de agosto de 2020

Rastrea2R - Collecting & Hunting For IOCs With Gusto And Style



Ever wanted to turn your AV console into an Incident Response & Threat Hunting machine? Rastrea2r (pronounced "rastreador" - hunter- in Spanish) is a multi-platform open source tool that allows incident responders and SOC analysts to triage suspect systems and hunt for Indicators of Compromise (IOCs) across thousands of endpoints in minutes. To parse and collect artifacts of interest from remote systems (including memory dumps), rastrea2r can execute sysinternal, system commands and other 3rd party tools across multiples endpoints, saving the output to a centralized share for automated or manual analysis. By using a client/server RESTful API, rastrea2r can also hunt for IOCs on disk and memory across multiple systems using YARA rules. As a command line tool, rastrea2r can be easily integrated within McAfee ePO, as well as other AV consoles and orchestration tools, allowing incident responders and SOC analysts to collect forensic evidence and hunt for IOCs without the need for an additional agent, with 'gusto' and style!


Dependencies
  • Python 2.7.x
  • git
  • bottle
  • requests
  • yara-python

Quickstart
  • Clone the project to your local directory (or download the zip file of the project)
$git clone https://github.com/rastrea2r/rastrea2r.git
$cd rastrea2r
  • All the dependencies necessary for the tool to run can be installed within a virtual environment via the provided makefile.
$make help
help - display this makefile's help information
venv - create a virtual environment for development
clean - clean all files using .gitignore rules
scrub - clean all files, even untracked files
test - run tests
test-verbose - run tests [verbosely]
check-coverage - perform test coverage checks
check-style - perform pep8 check
fix-style - perform check with autopep8 fixes
docs - generate project documentation
check-docs - quick check docs consistency
serve-docs - serve project html documentation
dist - create a wheel distribution package
dist-test - test a wheel distribution package
dist-upload - upload a wheel distribution package
  • Create a virtual environment with all dependencies
$make venv
//Upon successful creation of the virtualenvironment, enter the virtualenvironment as instructed, for ex:
$source /Users/ssbhat/.venvs/rastrea2r/bin/activate
  • Start the rastrea2r server by going to $PROJECT_HOME/src/rastrea2r/server folder
$cd src/rastrea2r/server/
$python rastrea2r_server_v0.3.py
Bottle v0.12.13 server starting up (using WSGIRefServer())...
Listening on http://0.0.0.0:8080/
  • Now execute the client program, depending on which platform you are trying to scan choose the target python script appropriately. Currently Windows, Linux and Mac platforms are supported.
$python rastrea2r_osx_v0.3.py -h
usage: rastrea2r_osx_v0.3.py [-h] [-v] {yara-disk,yara-mem,triage} ...

Rastrea2r RESTful remote Yara/Triage tool for Incident Responders

positional arguments: {yara-disk,yara-mem,triage}

modes of operation
yara-disk Yara scan for file/directory objects on disk
yara-mem Yara scan for running processes in memory
triage Collect triage information from endpoint

optional arguments:
-h, --help show this help message and exit
-v, --version show program's version number and exit


Further more, the available options under each command can be viewed by executing the help option. i,e

$python rastrea2r_osx_v0.3.py yara-disk -h
usage: rastrea2r_osx_v0.3.py yara-disk [-h] [-s] path server rule

positional arguments:
path File or directory path to scan
server rastrea2r REST server
rule Yara rule on REST server

optional arguments:
-h, --help show this help message and exit
-s, --silent Suppresses standard output
  • For ex, on a Mac or Unix system you would do:
$cd src/rastrea2r/osx/

$python rastrea2r_osx_v0.3.py yara-disk /opt http://127.0.0.1:8080/ test.yar

Executing rastrea2r on Windows

Currently Supported functionality
  • yara-disk: Yara scan for file/directory objects on disk
  • yara-mem: Yara scan for running processes in memory
  • memdump: Acquires a memory dump from the endpoint ** Windows only
  • triage: Collects triage information from the endpoint ** Windows only

Notes
For memdump and triage modules, SMB shares must be set up in this specific way:
  • Binaries (sysinternals, batch files and others) must be located in a shared folder called TOOLS (read only)
    \path-to-share-foldertools
  • Output is sent to a shared folder called DATA (write only)
    \path-to-share-folderdata
  • For yara-mem and yara-disk scans, the yara rules must be in the same directory where the server is executed from.
  • The RESTful API server stores data received in a file called results.txt in the same directory.

Contributing to rastrea2r project
The Developer Documentation provides complete information on how to contribute to rastrea2r project

Demo videos on Youtube

Presentations

Credits & References



More info


  1. Hack Tools Online
  2. Beginner Hacker Tools
  3. Easy Hack Tools
  4. Hacker Tool Kit
  5. Pentest Tools Windows
  6. Hacker Hardware Tools
  7. New Hack Tools
  8. Hackers Toolbox
  9. Blackhat Hacker Tools
  10. Hacking Tools 2020
  11. Pentest Tools For Ubuntu
  12. Hack Tools For Ubuntu
  13. Hack Tool Apk
  14. Android Hack Tools Github
  15. Pentest Tools For Android
  16. World No 1 Hacker Software
  17. What Is Hacking Tools
  18. Pentest Tools Linux
  19. Hack Tools 2019
  20. Hacking Tools For Beginners
  21. Hacks And Tools
  22. Hacking Tools Kit
  23. Free Pentest Tools For Windows
  24. Hacking Tools Name
  25. Hacking Apps
  26. What Are Hacking Tools
  27. Pentest Tools Bluekeep
  28. Pentest Tools Nmap
  29. Pentest Tools Alternative
  30. Termux Hacking Tools 2019
  31. Hacking Tools
  32. Pentest Tools Find Subdomains
  33. Hacker Tools For Windows
  34. Hacking Tools And Software
  35. Pentest Tools For Android
  36. Blackhat Hacker Tools
  37. Hack Tools For Windows
  38. Hacking Tools
  39. Pentest Tools Github
  40. Hacking Tools 2020
  41. How To Make Hacking Tools
  42. Pentest Box Tools Download
  43. Hacking Tools For Windows 7
  44. Black Hat Hacker Tools
  45. Hacker Tools Apk
  46. New Hacker Tools
  47. Ethical Hacker Tools
  48. Hacking Tools Mac
  49. Pentest Tools Bluekeep
  50. Hacking Tools Github
  51. Ethical Hacker Tools
  52. Pentest Tools Website Vulnerability
  53. Hacking Tools For Pc
  54. Hacking Tools For Windows 7
  55. Nsa Hack Tools
  56. Pentest Tools Online
  57. Pentest Tools For Ubuntu
  58. Nsa Hack Tools Download
  59. Android Hack Tools Github
  60. Hacking Tools For Windows
  61. Hacker Tools For Pc
  62. Pentest Tools Tcp Port Scanner
  63. Hacker Tools Free
  64. How To Install Pentest Tools In Ubuntu
  65. Install Pentest Tools Ubuntu
  66. Hack Tools
  67. How To Hack
  68. Pentest Tools Online
  69. Underground Hacker Sites
  70. What Are Hacking Tools
  71. How To Make Hacking Tools
  72. What Is Hacking Tools
  73. Hacking Tools Windows
  74. Hacking Tools 2019
  75. Game Hacking
  76. Pentest Tools For Android
  77. Hackrf Tools
  78. Hacker Tools Apk Download
  79. Hack Tools For Mac
  80. Pentest Tools Windows
  81. Hacker Tools Windows
  82. Pentest Tools Online
  83. Pentest Automation Tools
  84. Hacking Tools And Software
  85. Bluetooth Hacking Tools Kali
  86. Hacking Tools Windows 10
  87. Pentest Tools Apk
  88. Hak5 Tools
  89. Hacker Tools Free Download
  90. Hacking Tools Software
  91. Pentest Tools For Ubuntu
  92. Pentest Tools For Ubuntu
  93. Hacking Tools Online
  94. Hacker Tools Apk Download
  95. Hacker Tools Free
  96. Hacker Security Tools
  97. Pentest Tools Online
  98. New Hack Tools
  99. Hack Website Online Tool
  100. Blackhat Hacker Tools
  101. Top Pentest Tools
  102. World No 1 Hacker Software
  103. Hacking Tools Hardware
  104. Best Pentesting Tools 2018
  105. Hacker Tools Linux
  106. Hack Tools Download
  107. Hacker Tools For Windows
  108. Computer Hacker
  109. Tools 4 Hack
  110. Nsa Hack Tools
  111. Hacker Tools List
  112. Hacking Tools For Beginners
  113. Hack Tools
  114. Growth Hacker Tools
  115. Hacking Tools Mac
  116. Free Pentest Tools For Windows
  117. How To Install Pentest Tools In Ubuntu
  118. Pentest Tools Url Fuzzer
  119. Pentest Tools For Android
  120. Hacker Tools Online
  121. Hacking Tools Free Download
  122. Hacker Tools For Windows
  123. Computer Hacker
  124. Hacking Tools Kit
  125. Physical Pentest Tools
  126. Pentest Tools Free
  127. Hacking App
  128. Hacking Tools 2019
  129. Hack Tools
  130. New Hack Tools
  131. Hacking Tools 2019
  132. Hacker Tools Apk Download
  133. Nsa Hack Tools Download
  134. Kik Hack Tools
  135. Hacking Tools Windows
  136. Hack Tools
  137. Hacking Tools For Kali Linux
  138. Hacker Tools Free Download
  139. Hack Tools For Mac
  140. New Hacker Tools
  141. Pentest Tools Find Subdomains
  142. Pentest Tools List
  143. Pentest Tools For Mac
  144. World No 1 Hacker Software
  145. Ethical Hacker Tools
  146. Pentest Tools Linux
  147. Hack Tools Pc
  148. How To Make Hacking Tools
  149. Tools For Hacker
  150. Hack Tools For Games
  151. Hacking Tools Software
  152. Pentest Tools For Mac
  153. Ethical Hacker Tools
  154. Hacking Tools Usb
  155. Underground Hacker Sites
  156. Tools 4 Hack
  157. Hacking Tools Download
  158. Pentest Tools List
  159. Pentest Tools For Windows
  160. Game Hacking
  161. Pentest Tools Github
  162. Hacker Tools Mac
  163. Pentest Tools Free
  164. Hack Tools Online
  165. Hacking Tools And Software
  166. How To Install Pentest Tools In Ubuntu
  167. Hacker Tools For Ios
  168. Tools Used For Hacking
  169. Hacking Tools Windows 10
  170. Hack App
  171. Pentest Recon Tools
  172. Pentest Tools Apk
  173. Pentest Tools For Android
  174. Growth Hacker Tools
  175. Hack And Tools
  176. Hacking Tools For Mac
  177. Best Hacking Tools 2020

No hay comentarios:

Publicar un comentario