Rudra: The Destroyer of Evil

Rudra aims to provide a developer-friendly framework for exhaustive analysis of (PCAP and PE) files. It provides features to scan and generate reports that include file's structural properties, entropy visualization, compression ratio, theoretical minsize, etc. These details, alongwith file-format specific analysis information, help an analyst to understand the type of data embedded in a file and quickly decide if it deserves further investigation. It supports scanning PE files and can perform API scans, anti{debug, vm, sandbox} detection, packer detection, authenticode verification, alongwith Yara, shellcode, and regex detection upon them.

CREDITS:

Rudra uses following external modules for its various features to work. If you find it useful, please thank authors of the below listed projects:

• libnids/pynids
• libdasm/pydasm
• libemu/pylibemu
• utilitybelt
• XRayGlasses
• python-magic
• ssdeep/pydeep
• ipwhois
• requests
• GeoIP
• pygeoip
• prettytable
• jinja2

The Calculate File Entropy post by Kenneth Hartman was also extremely helpful and it inspired me to include entropy/minsize/compressionratio statistics in generated reports.

LICENSE:

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.