dionysos

Scanner for various IoCs

Installation

shell cargo install dionysos

Usage

``` dionysos 0.1.1

Scanner for various IoCs

USAGE: dionysos [OPTIONS]

OPTIONS: -F, --filename regular expression to match against the basename of files. This parameter can be specified multiple times -h, --help Print help information -P, --path path which must be scanned -v level of verbosity (specify multiple times to increase verbosity -V, --version Print version information -Y, --yara use yara scanner with the specified ruleset. This can be a single file, a zip file or a directory containing lots of yara files. Yara files must end with 'yar' or 'yara', and zip files must end with 'zip' ```

Developer guide

How to add scanners

1. Declare scanner result type

You should enhance the class ScannerFinding in src/scanner_result.rs.

2. Implementation of the scanner

Take, for example, the FilenameScanner, which tries to do a simple filename match:

```rust use crate::consumer::; use crate::scanner_result::{ScannerResult, ScannerFinding}; use dionysos_provider_derive::; use dionysosconsumerderive::*; use std::sync::Arc;

[derive(FileProvider)]

[derive(FileConsumer)]

pub struct FilenameScanner { #[consumer_data] patterns: Arc>,

#[consumers_list]
consumers: Vec<Box<dyn FileConsumer>>,

#[thread_handle]
thread_handle: Option<std::thread::JoinHandle<()>>,

}

impl FilenameScanner { pub fn new(patterns: Vec) -> Self { Self { patterns: Arc::new(patterns), consumers: Vec::default(), thread_handle: None } } }

impl FileHandler> for FilenameScanner { fn handlefile(result: &ScannerResult, patterns: Arc>) { for p in patterns.iter() { if p.ismatch(result.filename()) { result.addfinding(ScannerFinding::Filename(p.tostring())); } } } } ```

3. Add your scanner to the scanner chain

Which is currently hard-coded in Dionysos::run() (in src/dionysos.rs)

Feature ideas