Linux Analyzers

Generic WebShell Analyzer (wsa)

Scans asset for malicious webshells using YARA rules.

Vulnerability Analyzer (vua)

Identifying if your device compromised with a known vulnerability.

YARA Scanner (gys)

Scans your asset with your YARA repositories(refer to blog post here).

Process Analyzer (lpa)

Executes rules for running Processes, Process modules and Process handles.

CronJob Analyzer (cra)

Identifies suspicious entries in CronJob tasks.

Package Manager Analyzer (pkgmngr)

Identifies suspicious entries in Package Managers.

Shell History Analyzer (sha)

Identifies suspicious entries in Shell histories.