Kraken is a simple cross-platform Yara scanner that can be built for Windows, Mac, FreeBSD and Linux. It is primarily intended for incident response, research and ad-hoc detections (not for endpoint protection). Following are the core features:
- Scan running executables and memory of running processes with provided Yara rules (leveraging go-yara).
- Scan executables installed for autorun (leveraging go-autoruns).
- Scan the filesystem with the provided Yara rules.
- Report any detection to a remote server provided with a Django-based web interface.
- Run continuously and periodically check for new autoruns and scan any newly-executed processes. Kraken will store events in a local SQLite3 database and will keep copies of autorun and detected executables.
Some features are still under work or almost completed:
- Installer and launcher to automatically start Kraken at startup.
- Download updated Yara rules from the server.
Kraken is released under the GNU General Public License v3.0 and is copyrighted to Claudio Guarnieri.