rastrea2r

LSE toolsLSE toolsrastrea2r (292)rastrea2r (292)

Tool and Usage

Project details

License
MIT
Author
Ismael Valenzuela
Latest release
No release found
Latest release date
Unknown

Project health

64
This score is calculated by different factors, like project age, last release date, etc.

Why this tool?

Rastrea2r is a threat hunting utility for indicators of compromise (IOC). It is named after the Spanish word rastreador, which means hunter. This multi-platform open source tool helps incident responders and SOC analysts to triage suspected systems. The hunt for IOCs can be achieved in just a matter of a few minutes.

How it works

Rastrea2r will collect and parse artifacts from remote systems. This includes memory dumps and command output. All data is saved on a centralized share, where it can be picked up for further analysis. With the usage of a client/server API, the rastrea2r tool can hunt for detail on disk and memory. In this case, it uses YARA rules to match any data of interest. Rastrea2r can also be integrated with external tools like McAfee ePO, allowing to find more details without requiring an additional agent on the client systems.

Usage and audience

rastrea2r is commonly used for digital forensics, malware detection, threat discovery, or threat hunting. Target users for this tool are forensic specialists, malware analysts, security professionals, and system administrators.

Features

  • Application programming interface (API) available
  • Command line interface
  • Customization and additions are possible
  • Tool allows multiple integrations

Example usage and output

usage: rastrea2r_osx.py [-h] [-v] {yara-disk,yara-mem,triage} ...

Rastrea2r RESTful remote Yara/Triage tool for Incident Responders

positional arguments: {yara-disk,yara-mem,triage}

modes of operation
yara-disk Yara scan for file/directory objects on disk
yara-mem Yara scan for running processes in memory
triage Collect triage information from endpoint

optional arguments:
-h, --help show this help message and exit
-v, --version show program's version number and exit


Further more, the available options under each command can be viewed by executing the help option. i,e

$python rastrea2r_osx.py yara-disk -h
usage: rastrea2r_osx.py yara-disk [-h] [-s] path server rule

positional arguments:
path File or directory path to scan
server rastrea2r REST server
rule Yara rule on REST server

optional arguments:
-h, --help show this help message and exit
-s, --silent Suppresses standard output

History and highlights

  • Demo at Black Hat USA 2016 Arsenal

Author and Maintainers

Rastrea2r is under development by Ismael Valenzuela. This project is currently maintained by Sudheendra Bhat.

Installation

Supported operating systems

Rastrea2r is known to work on Linux, Microsoft Windows, and macOS.

Dependencies

Several dependencies are required to use rastrea2r.

  • Pyinstaller
  • boto3
  • psutil
  • requests
  • yara-python

rastrea2r alternatives

Similar tools to rastrea2r:

64

HELK

HELK is short for The Hunting ELK, containing Elasticsearch, Logstash, and Kibana. It has advanced analytic capabilities for threat hunting.

93

Loki

Loki is security tool to find so-called indicators of compromise (IOC). It does this by scanning files and then uses pattern matching.

100

TheHive

TheHive is a platform to deal with security incidents. It helps CSIRTs, CERTs, and SOCs to deal with the available data and decrease the amount of manual analysis.

All rastrea2r alternatives

This tool page was updated at . Found an improvement? Help the community by submitting an update.

Related tool information

Categories

This tool is categorized as a IOC scanner, IOC tool, and threat hunting tool.