Sauron is a minimalistic cross-platform malware scanner with non-blocking realtime filesystem monitoring using YARA rules, written in Rust.
cargo build --release
Your system must have libssl-dev
installed. For Ubuntu-derivatives this can be installed via sudo apt install libssl-dev
.
Assuming you have your YARA rules in ./yara-rules
(you can find plenty of free rules online):
sudo ./target/release/sauron --rules ./yara-rules
Alternatively you can perform a one-time recursive scan of the specified folder using the --scan
argument:
sudo ./target/release/sauron --rules ./yara-rules --scan --root /path/to/scan
You can specify which file extensions to scan (all by default) with the --ext
argument:
sudo ./target/release/sauron \
--rules ./yara-rules \
--scan \
--root /path/to/scan \
--ext exe \
--ext elf \
--ext doc \
--ext docx
This project is made with ♥ by @evilsocket and it is released under the GPL3 license.