├── .gitignore ├── CHANGELOG.md ├── Docker └── Dockerfile ├── LICENSE ├── README.md ├── docs ├── Example Test.png ├── FSF Overview.png ├── FSF Process.png ├── INSTALL.md ├── JQ_EXAMPLES.md ├── JQ_FILTERS.md ├── MODULES.md ├── Test.json └── Test.zip ├── fsf-client ├── conf │ ├── __init__.py │ └── config.py └── fsf_client.py └── fsf-server ├── conf ├── __init__.py ├── config.py └── disposition.py ├── daemon.py ├── jq ├── embedded_sfx_rar_w_exe.jq ├── exe_in_zip.jq ├── fresh_vt_scan.jq ├── macro_gt_five_suspicious.jq ├── many_objects.jq ├── more_than_ten_yara.jq ├── no_yara_hits.jq ├── one_module.jq ├── pe_recently_compiled.jq ├── vt_broadbased_detections_found.jq ├── vt_exploit_detections_found.jq ├── vt_match_found.jq └── vt_match_not_found.jq ├── main.py ├── modules ├── EXTRACT_CAB.py ├── EXTRACT_EMBEDDED.py ├── EXTRACT_GZIP.py ├── EXTRACT_HEXASCII_PE.py ├── EXTRACT_RAR.py ├── EXTRACT_RTF_OBJ.py ├── EXTRACT_SWF.py ├── EXTRACT_TAR.py ├── EXTRACT_UPX.py ├── EXTRACT_VBA_MACRO.py ├── EXTRACT_ZIP.py ├── META_BASIC_INFO.py ├── META_ELF.py ├── META_JAVA_CLASS.py ├── META_MACHO.py ├── META_OLECF.py ├── META_OOXML.py ├── META_PDF.py ├── META_PE.py ├── META_PE_SIGNATURE.py ├── META_VT_INSPECT.py ├── SCAN_YARA.py ├── __init__.py └── template.py ├── processor.py ├── scanner.py └── yara ├── ft_cab.yara ├── ft_elf.yara ├── ft_exe.yara ├── ft_gzip.yara ├── ft_jar.yara ├── ft_java_class.yara ├── ft_macho.yara ├── ft_office_open_xml.yara ├── ft_ole_cf.yara ├── ft_pdf.yara ├── ft_rar.yara ├── ft_rtf.yara ├── ft_swf.yara ├── ft_tar.yara ├── ft_zip.yara ├── misc_compressed_exe.yara ├── misc_hexascii_pe_in_html.yara ├── misc_no_dosmode_header.yara ├── misc_ooxml_core_properties.yara ├── misc_pe_signature.yara ├── misc_upx_packed_binary.yara └── rules.yara /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EmersonElectricCo/fsf/HEAD/.gitignore -------------------------------------------------------------------------------- /CHANGELOG.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EmersonElectricCo/fsf/HEAD/CHANGELOG.md -------------------------------------------------------------------------------- /Docker/Dockerfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EmersonElectricCo/fsf/HEAD/Docker/Dockerfile -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EmersonElectricCo/fsf/HEAD/LICENSE -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EmersonElectricCo/fsf/HEAD/README.md -------------------------------------------------------------------------------- /docs/Example Test.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EmersonElectricCo/fsf/HEAD/docs/Example Test.png -------------------------------------------------------------------------------- /docs/FSF Overview.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EmersonElectricCo/fsf/HEAD/docs/FSF Overview.png -------------------------------------------------------------------------------- /docs/FSF Process.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EmersonElectricCo/fsf/HEAD/docs/FSF Process.png -------------------------------------------------------------------------------- /docs/INSTALL.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EmersonElectricCo/fsf/HEAD/docs/INSTALL.md -------------------------------------------------------------------------------- /docs/JQ_EXAMPLES.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EmersonElectricCo/fsf/HEAD/docs/JQ_EXAMPLES.md -------------------------------------------------------------------------------- /docs/JQ_FILTERS.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EmersonElectricCo/fsf/HEAD/docs/JQ_FILTERS.md -------------------------------------------------------------------------------- /docs/MODULES.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EmersonElectricCo/fsf/HEAD/docs/MODULES.md -------------------------------------------------------------------------------- /docs/Test.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EmersonElectricCo/fsf/HEAD/docs/Test.json -------------------------------------------------------------------------------- /docs/Test.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EmersonElectricCo/fsf/HEAD/docs/Test.zip -------------------------------------------------------------------------------- /fsf-client/conf/__init__.py: -------------------------------------------------------------------------------- 1 | __all__ = ['config'] 2 | -------------------------------------------------------------------------------- /fsf-client/conf/config.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EmersonElectricCo/fsf/HEAD/fsf-client/conf/config.py -------------------------------------------------------------------------------- /fsf-client/fsf_client.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EmersonElectricCo/fsf/HEAD/fsf-client/fsf_client.py -------------------------------------------------------------------------------- /fsf-server/conf/__init__.py: -------------------------------------------------------------------------------- 1 | __all__ = ['config', 'disposition'] 2 | -------------------------------------------------------------------------------- /fsf-server/conf/config.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EmersonElectricCo/fsf/HEAD/fsf-server/conf/config.py -------------------------------------------------------------------------------- /fsf-server/conf/disposition.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EmersonElectricCo/fsf/HEAD/fsf-server/conf/disposition.py -------------------------------------------------------------------------------- /fsf-server/daemon.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EmersonElectricCo/fsf/HEAD/fsf-server/daemon.py -------------------------------------------------------------------------------- /fsf-server/jq/embedded_sfx_rar_w_exe.jq: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EmersonElectricCo/fsf/HEAD/fsf-server/jq/embedded_sfx_rar_w_exe.jq -------------------------------------------------------------------------------- /fsf-server/jq/exe_in_zip.jq: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EmersonElectricCo/fsf/HEAD/fsf-server/jq/exe_in_zip.jq -------------------------------------------------------------------------------- /fsf-server/jq/fresh_vt_scan.jq: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EmersonElectricCo/fsf/HEAD/fsf-server/jq/fresh_vt_scan.jq -------------------------------------------------------------------------------- /fsf-server/jq/macro_gt_five_suspicious.jq: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EmersonElectricCo/fsf/HEAD/fsf-server/jq/macro_gt_five_suspicious.jq -------------------------------------------------------------------------------- /fsf-server/jq/many_objects.jq: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EmersonElectricCo/fsf/HEAD/fsf-server/jq/many_objects.jq -------------------------------------------------------------------------------- /fsf-server/jq/more_than_ten_yara.jq: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EmersonElectricCo/fsf/HEAD/fsf-server/jq/more_than_ten_yara.jq -------------------------------------------------------------------------------- /fsf-server/jq/no_yara_hits.jq: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EmersonElectricCo/fsf/HEAD/fsf-server/jq/no_yara_hits.jq -------------------------------------------------------------------------------- /fsf-server/jq/one_module.jq: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EmersonElectricCo/fsf/HEAD/fsf-server/jq/one_module.jq -------------------------------------------------------------------------------- /fsf-server/jq/pe_recently_compiled.jq: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EmersonElectricCo/fsf/HEAD/fsf-server/jq/pe_recently_compiled.jq -------------------------------------------------------------------------------- /fsf-server/jq/vt_broadbased_detections_found.jq: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EmersonElectricCo/fsf/HEAD/fsf-server/jq/vt_broadbased_detections_found.jq -------------------------------------------------------------------------------- /fsf-server/jq/vt_exploit_detections_found.jq: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EmersonElectricCo/fsf/HEAD/fsf-server/jq/vt_exploit_detections_found.jq -------------------------------------------------------------------------------- /fsf-server/jq/vt_match_found.jq: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EmersonElectricCo/fsf/HEAD/fsf-server/jq/vt_match_found.jq -------------------------------------------------------------------------------- /fsf-server/jq/vt_match_not_found.jq: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EmersonElectricCo/fsf/HEAD/fsf-server/jq/vt_match_not_found.jq -------------------------------------------------------------------------------- /fsf-server/main.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EmersonElectricCo/fsf/HEAD/fsf-server/main.py -------------------------------------------------------------------------------- /fsf-server/modules/EXTRACT_CAB.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EmersonElectricCo/fsf/HEAD/fsf-server/modules/EXTRACT_CAB.py -------------------------------------------------------------------------------- /fsf-server/modules/EXTRACT_EMBEDDED.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EmersonElectricCo/fsf/HEAD/fsf-server/modules/EXTRACT_EMBEDDED.py -------------------------------------------------------------------------------- /fsf-server/modules/EXTRACT_GZIP.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EmersonElectricCo/fsf/HEAD/fsf-server/modules/EXTRACT_GZIP.py -------------------------------------------------------------------------------- /fsf-server/modules/EXTRACT_HEXASCII_PE.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EmersonElectricCo/fsf/HEAD/fsf-server/modules/EXTRACT_HEXASCII_PE.py -------------------------------------------------------------------------------- /fsf-server/modules/EXTRACT_RAR.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EmersonElectricCo/fsf/HEAD/fsf-server/modules/EXTRACT_RAR.py -------------------------------------------------------------------------------- /fsf-server/modules/EXTRACT_RTF_OBJ.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EmersonElectricCo/fsf/HEAD/fsf-server/modules/EXTRACT_RTF_OBJ.py -------------------------------------------------------------------------------- /fsf-server/modules/EXTRACT_SWF.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EmersonElectricCo/fsf/HEAD/fsf-server/modules/EXTRACT_SWF.py -------------------------------------------------------------------------------- /fsf-server/modules/EXTRACT_TAR.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EmersonElectricCo/fsf/HEAD/fsf-server/modules/EXTRACT_TAR.py -------------------------------------------------------------------------------- /fsf-server/modules/EXTRACT_UPX.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EmersonElectricCo/fsf/HEAD/fsf-server/modules/EXTRACT_UPX.py -------------------------------------------------------------------------------- /fsf-server/modules/EXTRACT_VBA_MACRO.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EmersonElectricCo/fsf/HEAD/fsf-server/modules/EXTRACT_VBA_MACRO.py -------------------------------------------------------------------------------- /fsf-server/modules/EXTRACT_ZIP.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EmersonElectricCo/fsf/HEAD/fsf-server/modules/EXTRACT_ZIP.py -------------------------------------------------------------------------------- /fsf-server/modules/META_BASIC_INFO.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EmersonElectricCo/fsf/HEAD/fsf-server/modules/META_BASIC_INFO.py -------------------------------------------------------------------------------- /fsf-server/modules/META_ELF.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EmersonElectricCo/fsf/HEAD/fsf-server/modules/META_ELF.py -------------------------------------------------------------------------------- /fsf-server/modules/META_JAVA_CLASS.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EmersonElectricCo/fsf/HEAD/fsf-server/modules/META_JAVA_CLASS.py -------------------------------------------------------------------------------- /fsf-server/modules/META_MACHO.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EmersonElectricCo/fsf/HEAD/fsf-server/modules/META_MACHO.py -------------------------------------------------------------------------------- /fsf-server/modules/META_OLECF.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EmersonElectricCo/fsf/HEAD/fsf-server/modules/META_OLECF.py -------------------------------------------------------------------------------- /fsf-server/modules/META_OOXML.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EmersonElectricCo/fsf/HEAD/fsf-server/modules/META_OOXML.py -------------------------------------------------------------------------------- /fsf-server/modules/META_PDF.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EmersonElectricCo/fsf/HEAD/fsf-server/modules/META_PDF.py -------------------------------------------------------------------------------- /fsf-server/modules/META_PE.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EmersonElectricCo/fsf/HEAD/fsf-server/modules/META_PE.py -------------------------------------------------------------------------------- /fsf-server/modules/META_PE_SIGNATURE.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EmersonElectricCo/fsf/HEAD/fsf-server/modules/META_PE_SIGNATURE.py -------------------------------------------------------------------------------- /fsf-server/modules/META_VT_INSPECT.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EmersonElectricCo/fsf/HEAD/fsf-server/modules/META_VT_INSPECT.py -------------------------------------------------------------------------------- /fsf-server/modules/SCAN_YARA.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EmersonElectricCo/fsf/HEAD/fsf-server/modules/SCAN_YARA.py -------------------------------------------------------------------------------- /fsf-server/modules/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EmersonElectricCo/fsf/HEAD/fsf-server/modules/__init__.py -------------------------------------------------------------------------------- /fsf-server/modules/template.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EmersonElectricCo/fsf/HEAD/fsf-server/modules/template.py -------------------------------------------------------------------------------- /fsf-server/processor.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EmersonElectricCo/fsf/HEAD/fsf-server/processor.py -------------------------------------------------------------------------------- /fsf-server/scanner.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EmersonElectricCo/fsf/HEAD/fsf-server/scanner.py -------------------------------------------------------------------------------- /fsf-server/yara/ft_cab.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EmersonElectricCo/fsf/HEAD/fsf-server/yara/ft_cab.yara -------------------------------------------------------------------------------- /fsf-server/yara/ft_elf.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EmersonElectricCo/fsf/HEAD/fsf-server/yara/ft_elf.yara -------------------------------------------------------------------------------- /fsf-server/yara/ft_exe.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EmersonElectricCo/fsf/HEAD/fsf-server/yara/ft_exe.yara -------------------------------------------------------------------------------- /fsf-server/yara/ft_gzip.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EmersonElectricCo/fsf/HEAD/fsf-server/yara/ft_gzip.yara -------------------------------------------------------------------------------- /fsf-server/yara/ft_jar.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EmersonElectricCo/fsf/HEAD/fsf-server/yara/ft_jar.yara -------------------------------------------------------------------------------- /fsf-server/yara/ft_java_class.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EmersonElectricCo/fsf/HEAD/fsf-server/yara/ft_java_class.yara -------------------------------------------------------------------------------- /fsf-server/yara/ft_macho.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EmersonElectricCo/fsf/HEAD/fsf-server/yara/ft_macho.yara -------------------------------------------------------------------------------- /fsf-server/yara/ft_office_open_xml.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EmersonElectricCo/fsf/HEAD/fsf-server/yara/ft_office_open_xml.yara -------------------------------------------------------------------------------- /fsf-server/yara/ft_ole_cf.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EmersonElectricCo/fsf/HEAD/fsf-server/yara/ft_ole_cf.yara -------------------------------------------------------------------------------- /fsf-server/yara/ft_pdf.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EmersonElectricCo/fsf/HEAD/fsf-server/yara/ft_pdf.yara -------------------------------------------------------------------------------- /fsf-server/yara/ft_rar.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EmersonElectricCo/fsf/HEAD/fsf-server/yara/ft_rar.yara -------------------------------------------------------------------------------- /fsf-server/yara/ft_rtf.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EmersonElectricCo/fsf/HEAD/fsf-server/yara/ft_rtf.yara -------------------------------------------------------------------------------- /fsf-server/yara/ft_swf.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EmersonElectricCo/fsf/HEAD/fsf-server/yara/ft_swf.yara -------------------------------------------------------------------------------- /fsf-server/yara/ft_tar.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EmersonElectricCo/fsf/HEAD/fsf-server/yara/ft_tar.yara -------------------------------------------------------------------------------- /fsf-server/yara/ft_zip.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EmersonElectricCo/fsf/HEAD/fsf-server/yara/ft_zip.yara -------------------------------------------------------------------------------- /fsf-server/yara/misc_compressed_exe.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EmersonElectricCo/fsf/HEAD/fsf-server/yara/misc_compressed_exe.yara -------------------------------------------------------------------------------- /fsf-server/yara/misc_hexascii_pe_in_html.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EmersonElectricCo/fsf/HEAD/fsf-server/yara/misc_hexascii_pe_in_html.yara -------------------------------------------------------------------------------- /fsf-server/yara/misc_no_dosmode_header.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EmersonElectricCo/fsf/HEAD/fsf-server/yara/misc_no_dosmode_header.yara -------------------------------------------------------------------------------- /fsf-server/yara/misc_ooxml_core_properties.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EmersonElectricCo/fsf/HEAD/fsf-server/yara/misc_ooxml_core_properties.yara -------------------------------------------------------------------------------- /fsf-server/yara/misc_pe_signature.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EmersonElectricCo/fsf/HEAD/fsf-server/yara/misc_pe_signature.yara -------------------------------------------------------------------------------- /fsf-server/yara/misc_upx_packed_binary.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EmersonElectricCo/fsf/HEAD/fsf-server/yara/misc_upx_packed_binary.yara -------------------------------------------------------------------------------- /fsf-server/yara/rules.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EmersonElectricCo/fsf/HEAD/fsf-server/yara/rules.yara --------------------------------------------------------------------------------