Kraken User Guide
  • Introduction
  • How to Use
  • Installing the Web Interface
  • Building from Sources
    • Building on Linux
    • Building on Mac
    • Building on FreeBSD
    • Cross-compiling for Windows
Powered by GitBook
On this page
  • Screenshots
  • License

Introduction

NextHow to Use

Last updated 6 years ago

Kraken is a simple cross-platform Yara scanner that can be built for Windows, Mac, FreeBSD and Linux. It is primarily intended for incident response, research and ad-hoc detections (not for endpoint protection). Following are the core features:

  • Scan running executables and memory of running processes with provided Yara rules (leveraging ).

  • Scan executables installed for autorun (leveraging ).

  • Scan the filesystem with the provided Yara rules.

  • Report any detection to a remote server provided with a Django-based web interface.

  • Run continuously and periodically check for new autoruns and scan any newly-executed processes. Kraken will store events in a local SQLite3 database and will keep copies of autorun and detected executables.

Some features are still under work or almost completed:

  • Installer and launcher to automatically start Kraken at startup.

  • Download updated Yara rules from the server.

Screenshots

License

Kraken is released under the and is copyrighted to .

GNU General Public License v3.0
Claudio Guarnieri
go-yara
go-autoruns