sábado, 22 de agosto de 2020

Rastrea2R - Collecting & Hunting For IOCs With Gusto And Style



Ever wanted to turn your AV console into an Incident Response & Threat Hunting machine? Rastrea2r (pronounced "rastreador" - hunter- in Spanish) is a multi-platform open source tool that allows incident responders and SOC analysts to triage suspect systems and hunt for Indicators of Compromise (IOCs) across thousands of endpoints in minutes. To parse and collect artifacts of interest from remote systems (including memory dumps), rastrea2r can execute sysinternal, system commands and other 3rd party tools across multiples endpoints, saving the output to a centralized share for automated or manual analysis. By using a client/server RESTful API, rastrea2r can also hunt for IOCs on disk and memory across multiple systems using YARA rules. As a command line tool, rastrea2r can be easily integrated within McAfee ePO, as well as other AV consoles and orchestration tools, allowing incident responders and SOC analysts to collect forensic evidence and hunt for IOCs without the need for an additional agent, with 'gusto' and style!


Dependencies
  • Python 2.7.x
  • git
  • bottle
  • requests
  • yara-python

Quickstart
  • Clone the project to your local directory (or download the zip file of the project)
$git clone https://github.com/rastrea2r/rastrea2r.git
$cd rastrea2r
  • All the dependencies necessary for the tool to run can be installed within a virtual environment via the provided makefile.
$make help
help - display this makefile's help information
venv - create a virtual environment for development
clean - clean all files using .gitignore rules
scrub - clean all files, even untracked files
test - run tests
test-verbose - run tests [verbosely]
check-coverage - perform test coverage checks
check-style - perform pep8 check
fix-style - perform check with autopep8 fixes
docs - generate project documentation
check-docs - quick check docs consistency
serve-docs - serve project html documentation
dist - create a wheel distribution package
dist-test - test a wheel distribution package
dist-upload - upload a wheel distribution package
  • Create a virtual environment with all dependencies
$make venv
//Upon successful creation of the virtualenvironment, enter the virtualenvironment as instructed, for ex:
$source /Users/ssbhat/.venvs/rastrea2r/bin/activate
  • Start the rastrea2r server by going to $PROJECT_HOME/src/rastrea2r/server folder
$cd src/rastrea2r/server/
$python rastrea2r_server_v0.3.py
Bottle v0.12.13 server starting up (using WSGIRefServer())...
Listening on http://0.0.0.0:8080/
  • Now execute the client program, depending on which platform you are trying to scan choose the target python script appropriately. Currently Windows, Linux and Mac platforms are supported.
$python rastrea2r_osx_v0.3.py -h
usage: rastrea2r_osx_v0.3.py [-h] [-v] {yara-disk,yara-mem,triage} ...

Rastrea2r RESTful remote Yara/Triage tool for Incident Responders

positional arguments: {yara-disk,yara-mem,triage}

modes of operation
yara-disk Yara scan for file/directory objects on disk
yara-mem Yara scan for running processes in memory
triage Collect triage information from endpoint

optional arguments:
-h, --help show this help message and exit
-v, --version show program's version number and exit


Further more, the available options under each command can be viewed by executing the help option. i,e

$python rastrea2r_osx_v0.3.py yara-disk -h
usage: rastrea2r_osx_v0.3.py yara-disk [-h] [-s] path server rule

positional arguments:
path File or directory path to scan
server rastrea2r REST server
rule Yara rule on REST server

optional arguments:
-h, --help show this help message and exit
-s, --silent Suppresses standard output
  • For ex, on a Mac or Unix system you would do:
$cd src/rastrea2r/osx/

$python rastrea2r_osx_v0.3.py yara-disk /opt http://127.0.0.1:8080/ test.yar

Executing rastrea2r on Windows

Currently Supported functionality
  • yara-disk: Yara scan for file/directory objects on disk
  • yara-mem: Yara scan for running processes in memory
  • memdump: Acquires a memory dump from the endpoint ** Windows only
  • triage: Collects triage information from the endpoint ** Windows only

Notes
For memdump and triage modules, SMB shares must be set up in this specific way:
  • Binaries (sysinternals, batch files and others) must be located in a shared folder called TOOLS (read only)
    \path-to-share-foldertools
  • Output is sent to a shared folder called DATA (write only)
    \path-to-share-folderdata
  • For yara-mem and yara-disk scans, the yara rules must be in the same directory where the server is executed from.
  • The RESTful API server stores data received in a file called results.txt in the same directory.

Contributing to rastrea2r project
The Developer Documentation provides complete information on how to contribute to rastrea2r project

Demo videos on Youtube

Presentations

Credits & References



Continue reading


  1. Hacking Tools Github
  2. Tools Used For Hacking
  3. Hacker Search Tools
  4. Game Hacking
  5. Github Hacking Tools
  6. Hacking Tools And Software
  7. Hack Tools For Games
  8. Easy Hack Tools
  9. Hack Tools
  10. Hack Tools Download
  11. Hack Rom Tools
  12. Best Pentesting Tools 2018
  13. Top Pentest Tools
  14. Pentest Tools
  15. Tools 4 Hack
  16. Hacker Tools 2020
  17. Hacking Tools Github
  18. Computer Hacker
  19. Hack Tools For Games
  20. Nsa Hack Tools Download
  21. Underground Hacker Sites
  22. Hack Apps
  23. Hack Tools Github
  24. Hacking Tools Software
  25. Hacking Tools Online
  26. Underground Hacker Sites
  27. Hacking Tools For Games
  28. Hacking App
  29. Hacks And Tools
  30. Pentest Tools Url Fuzzer
  31. Hacking Tools Online
  32. Hacker Tools Software
  33. New Hack Tools
  34. Pentest Tools Online
  35. Hacking Tools Github
  36. Hacker Tools Hardware
  37. Computer Hacker
  38. Hacking Tools Pc
  39. Hacker Tools Free Download
  40. Pentest Tools Framework
  41. Hacker Techniques Tools And Incident Handling
  42. Hacking Tools For Windows Free Download
  43. Hacking Tools Download
  44. Computer Hacker
  45. Hacking Tools And Software
  46. Pentest Tools Online
  47. Pentest Tools Website Vulnerability
  48. Android Hack Tools Github
  49. Pentest Tools Framework
  50. Hacking Tools For Windows Free Download
  51. Hackers Toolbox
  52. Hack Tool Apk
  53. Hacker Hardware Tools
  54. Hacking Tools
  55. Hack Tools Github
  56. Computer Hacker
  57. Tools Used For Hacking
  58. Hacker Tools Free Download
  59. Bluetooth Hacking Tools Kali
  60. Hacking Tools
  61. Nsa Hacker Tools
  62. Pentest Tools Android
  63. Android Hack Tools Github
  64. Hacker Hardware Tools
  65. Termux Hacking Tools 2019
  66. Hacking Tools Name
  67. Hacking Tools 2020
  68. Black Hat Hacker Tools
  69. Hacking Tools For Windows
  70. Hack Tools Online
  71. New Hack Tools
  72. Hak5 Tools
  73. Hacker Security Tools
  74. Pentest Tools Alternative
  75. Hack Tools Github
  76. Hak5 Tools
  77. Hack Website Online Tool
  78. Hacking Tools 2020
  79. Hacking Tools Free Download
  80. Hacking Tools Windows
  81. Underground Hacker Sites
  82. Hacker Tools Free
  83. Pentest Tools For Mac
  84. Hack Apps
  85. Nsa Hacker Tools
  86. Hacking Tools Github
  87. Hacking Tools Download
  88. Hack Tools
  89. Pentest Tools Tcp Port Scanner
  90. Hacker Tools Free Download
  91. Hacking Tools Mac
  92. Hacking Tools Pc
  93. Hack And Tools
  94. Hacking Tools Usb
  95. Growth Hacker Tools
  96. Hack Tools Download
  97. Hack Tools Online
  98. Hacker Tools 2020
  99. Blackhat Hacker Tools
  100. Tools 4 Hack
  101. Hack Tools For Ubuntu
  102. Hak5 Tools
  103. Hacker Tools Software
  104. Hacker Tools Software
  105. Hack Tools For Ubuntu
  106. Hacking Tools Github
  107. Hacker Tools For Mac
  108. Top Pentest Tools
  109. Hack Tools For Games
  110. Hack And Tools
  111. Best Hacking Tools 2020
  112. Hacking Tools Usb
  113. Hacker Tools Free Download
  114. Hacking Tools For Windows 7
  115. Easy Hack Tools
  116. Nsa Hack Tools

No hay comentarios:

Publicar un comentario