Skip to content

Kaleidora/Windows-Emergency-Response-Tools

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4,974 Commits
.github
.github
 
 
LICENSE
LICENSE
 
 
LOG
LOG
 
 
README.md
README.md
 
 
cenetos.py
cenetos.py
 
 
ubuntu.py
ubuntu.py
 
 
win.py
win.py
 
 
win设计.ui
win设计.ui
 
 

Repository files navigation

Win Emergency Response Detection Tool

1



Features

System Process List

System Services

System Logs

Network Connections

Scheduled Tasks

Shared Resources

Files Modified in the Last Three Days

Display Process and Service Information

Display Processes and Owners

Yara Scripts (Supports detection of shell, ransomware, mining, etc.)

Yara Script Collection:

https://github.com/InQuest/awesome-yara/tree/master

https://segmentfault.com/q/1010000043271331



Attention

Common Pitfalls When Installing the Yara Library

libyara.dll No results found

Solution: Perform a global search for libyara.dll

Simply copy the libyara.dll file here to the correct directory (Python 3 root directory).

For reference:https://blog.csdn.net/weixin_43781139/article/details/131087788







Linux Emergency Response Detection Tool

image

image

Features

  1. Retrieve external network connection status
  2. Display processes
  3. Task startup entries
  4. Check abnormal ports
  5. Check scheduled tasks
  6. Monitor processes communicating with target IPs
  7. Sort CPU usage in descending order
  8. Query historical commands
  9. Files modified within the last 7 days
  10. Login records
  11. Number of IPs brute-forcing root accounts on the host
  12. Identifying IPs involved in brute-force attacks
  13. Determining the brute-force username dictionary
  14. Successful login dates, usernames, and IPs
  15. Query sudo-privileged accounts
  16. Detect files using YARA rules
  17. Execute all commands and export results with one click
  18. Find files added within the last 72 hours
  19. Exit


Encountered error

ubuntu

Installing Yara error OSError: /usr/lib/libyara.so: cannot open shared object file: No such file or directory

Simply copy the libyara.so file to this directory. /usr/lib/libyara.so

root User Permissions cp -r libyara.so /usr/lib/





cenetos

cenetos7 Direct installation of Yara fails; it only succeeds in a virtual environment. Subsequent tests will not produce errors.

Using a virtual environment (optional):

If you haven't already set up a virtual environment, consider creating one to isolate the Python environment for this project:

python3 -m venv myenv source myenv/bin/activate



Note: Select a command 16. Use YARA rules to scan files

Do not add single/double quotes to the path, otherwise it will cause an error.

About

Automated analysis of network and Windows security emergency response tools.

Topics

ark port-scanner anti-malware network-discovery vulnerability-scanners network-security anti-rootkit host-security cybersecurity-emergency-response-tool emergency-response-system

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 1

release Latest
Dec 3, 2025

Sponsor this project

Packages

 
 
 

Contributors

Languages