THOR Manual
latest

Contents:

  • 1. What is THOR?
  • 2. Requirements
  • 3. Before You Begin
  • 4. Deployment
  • 5. Scan
  • 6. Scan Modes
  • 7. Special Scan Modes
  • 8. Analysis
  • 9. Configuration
  • 10. Output Options
  • 11. Update
  • 12. Custom Signatures
  • 13. Other Topics
  • 14. Command Line Options
  • 15. Debugging
  • 16. Analysis and Info
  • 17. Use Cases
  • 18. Known Issues
  • 19. Links and References
    • 19.1. Open Source License Acknowledgements
      • 19.1.1. golang.org
      • 19.1.2. OpenSSL
      • 19.1.3. YARA
      • 19.1.4. github.com/Azure/go-ntlmssp
      • 19.1.5. github.com/botherder/go-autoruns
      • 19.1.6. github.com/omarghader/pefile-go
      • 19.1.7. Copyright (c) 2018 Marcel Gebhardt
      • 19.1.8. Copyright (c) 2018 Samuel Melrose
      • 19.1.9. Copyright (c) 2011, Evan Shaw <edsrzf@gmail.com>
      • 19.1.10. github.com/StackExchange/wmi
      • 19.1.11. Copyright (c) 2018-2020 velocidex
      • 19.1.12. github.com/andrewkroh/sys
      • 19.1.13. github.com/botherder/go-files
      • 19.1.14. github.com/coreos/go-systemd/v22
      • 19.1.15. github.com/dsnet/compress
      • 19.1.16. github.com/dustin/go-humanize
      • 19.1.17. Copyright (c) 2014-2020 Elasticsearch BV
      • 19.1.18. github.com/fatih/color
      • 19.1.19. github.com/fsnotify/fsnotify
      • 19.1.20. Copyright (c) 2015 Zack Guo
      • 19.1.21. github.com/go-ole/go-ole
      • 19.1.22. github.com/godbus/dbus
      • 19.1.23. github.com/gofrs/uuid
      • 19.1.24. github.com/google/pprof
      • 19.1.25. github.com/golang/snappy
      • 19.1.26. Copyright (c) 2010-2012 The w32 Authors
      • 19.1.27. Licensed under Mozilla Public License 2.0
      • 19.1.28. github.com/hillu/go-yara/v4
      • 19.1.29. github.com/inconshreveable/mousetrap
      • 19.1.30. github.com/joeshaw/multierror
      • 19.1.31. github.com/kardianos/service
      • 19.1.32. github.com/marcsauter/single
      • 19.1.33. Copyright (c) Yasuhiro MATSUMOTO <mattn.jp@gmail.com>
      • 19.1.34. github.com/mitchellh/go-wordwrap
      • 19.1.35. github.com/mholt/archiver
      • 19.1.36. github.com/nsf/termbox-go
      • 19.1.37. github.com/nwaples/rardecode
      • 19.1.38. github.com/pierrec/lz4
      • 19.1.39. Copyright (c) Dave Cheney <dave@cheney.net>
      • 19.1.40. github.com/pytimer/win-netstat
      • 19.1.41. github.com/sebdah/goldie
      • 19.1.42. github.com/shirou/gopsutil
      • 19.1.43. Copyright (c) 2016 SmartyStreets, LLC
      • 19.1.44. github.com/spf13/cobra
      • 19.1.45. github.com/spf13/pflag
      • 19.1.46. github.com/stretchr/testify
      • 19.1.47. github.com/xi2/xz
      • 19.1.48. Copyright (c) 2016-2017 Uber Technologies, Inc.
      • 19.1.49. go.uber.org/zap
      • 19.1.50. Copyright (c) 2009 The Go Authors
      • 19.1.51. gopkg.in/ini.v1
      • 19.1.52. gopkg.in/natefinch/npipe.v2
      • 19.1.53. Copyright 2011-2016 Canonical Ltd.
      • 19.1.54. howett.net/plist
      • 19.1.55. github.com/williballenthin/shellbags
      • 19.1.56. go.opencensus.io
      • 19.1.57. cloud.google.com/go
      • 19.1.58. Copyright (c) 2015 Chzyer
      • 19.1.59. github.com/ianlancetaylor/demangle
      • 19.1.60. github.com/jstemmer/go-junit-report
      • 19.1.61. Google Go modules
      • 19.1.62. Copyright (c) 2018 The Go Authors
      • 19.1.63. github.com/golang/groupcache
      • 19.1.64. github.com/google/go-cmp
      • 19.1.65. https://github.com/hasherezade/pe-sieve
      • 19.1.66. https://github.com/hasherezade/libpeconv
      • 19.1.67. https://github.com/parsiya/golnk
      • 19.1.68. https://github.com/olekukonko/tablewriter
      • 19.1.69. github.com/frankban/quicktest
      • 19.1.70. github.com/niemeyer/pretty
      • 19.1.71. github.com/prometheus/procfs
      • 19.1.72. Beats
      • 19.1.73. https://github.com/ulikunitz/xz
      • 19.1.74. go.elastic.co/ecszap
      • 19.1.75. gopkg.in/check.v1
      • 19.1.76. github.com/gopherjs/gopherjs
      • 19.1.77. github.com/kr/text
      • 19.1.78. Copyright (c) 2016 Mark Bates
      • 19.1.79. github.com/karrick/godirwalk
      • 19.1.80. github.com/rogpeppe/go-internal
      • 19.1.81. github.com/sirupsen/logrus
      • 19.1.82. github.com/Workiva/go-datastructures
      • 19.1.83. github.com/swagger-api/swagger-ui
      • 19.1.84. github.com/cheggaaa/pb/v3
      • 19.1.85. github.com/magefile/mage
      • 19.1.86. github.com/secDre4mer/go-parseflags
      • 19.1.87. github.com/secDre4mer/go-inject
THOR Manual
  • 19. Links and References
  • Edit on GitHub

19. Links and References

THOR Website

https://www.nextron-systems.com/thor/

Nextron Customer Portal

https://portal.nextron-systems.com

Nextron Software Update Status

https://update1.nextron-systems.com/info.php

YARA Documentation

https://yara.readthedocs.io/

yarGen - YARA Rule Generator

https://github.com/Neo23x0/yarGen/

THOR APT Scanner App and Add-on v2

https://splunkbase.splunk.com/app/3717/

https://splunkbase.splunk.com/app/3718/

Sigma Project

https://github.com/Neo23x0/sigma

19.1. Open Source License Acknowledgements

List of third-party software components used by THOR 10 with open source licensing requirements.

19.1.1. golang.org


Copyright (c) 2009 The Go Authors
Licensed under BSD-3 License

19.1.2. OpenSSL

Copyright (c) OpenSSL
Licensed under OpenSSL license (https://www.openssl.org/source/license.html)

19.1.3. YARA

Copyright (c) 2007-2016 The YARA Authors
Licensed under BSD-3 License

19.1.4. github.com/Azure/go-ntlmssp

Copyright (c) 2016 Microsoft
Licensed under MIT License

19.1.5. github.com/botherder/go-autoruns

modified as github.com/Codehardt/go-autoruns
Copyright (c) 2018 Claudio Guarnieri
Licensed under MIT License

19.1.6. github.com/omarghader/pefile-go

modified as github.com/Codehardt/go-pefile
Copyright (c) 2004-2015 Ero Carrera
Licensed under MIT License

19.1.7. Copyright (c) 2018 Marcel Gebhardt

github.com/Codehardt/go-cpulimit
github.com/Codehardt/go-handle
github.com/Codehardt/go-ntlm-proxy-auth
github.com/Codehardt/go-osversion
github.com/Codehardt/go-priority
github.com/Codehardt/go-taskscheduler
Licensed under MIT License

19.1.8. Copyright (c) 2018 Samuel Melrose

github.com/Codehardt/go-win64api
github.com/iamacarpet/go-win64api
Licensed under MIT License

19.1.9. Copyright (c) 2011, Evan Shaw <edsrzf@gmail.com>

github.com/Codehardt/mmap-go
github.com/ncw/mmap-go
Licensed under BSD-3 License

19.1.10. github.com/StackExchange/wmi

Copyright (c) 2013 Stack Exchange
Licensed under MIT License

19.1.11. Copyright (c) 2018-2020 velocidex

github.com/Velocidex/ordereddict
github.com/Velocidex/regparser
github.com/secDre4mer/regparser
www.velocidex.com/golang/go-ntfs
www.velocidex.com/golang/evtx
github.com/Velocidex/evtx
Licensed under Apache License 2.0

19.1.12. github.com/andrewkroh/sys

Copyright (c) 2009 The Go Authors

19.1.13. github.com/botherder/go-files

Copyright (c) 2018 Nex
Licensed under MIT License

19.1.14. github.com/coreos/go-systemd/v22

(no copyright notes found)
Licensed under Apache License 2.0

19.1.15. github.com/dsnet/compress

Copyright (c) 2015, Joe Tsai and The Go Authors
Licensed under BSD-3 License

19.1.16. github.com/dustin/go-humanize

Copyright (c) 2005-2008 Dustin Sallings <dustin@spy.net>
Licensed under MIT License

19.1.17. Copyright (c) 2014-2020 Elasticsearch BV

github.com/elastic/beats
github.com/elastic/go-ucfg
github.com/elastic/go-sysinfo
Licensed under Apache License 2.0

19.1.18. github.com/fatih/color

Copyright (c) 2013 Fatih Arslan
Licensed under MIT License

19.1.19. github.com/fsnotify/fsnotify

Copyright (c) 2012 The Go Authors
Copyright (c) 2012 fsnotify Authors
Licensed under BSD-3 License

19.1.20. Copyright (c) 2015 Zack Guo

github.com/gizak/termui/v3
github.com/gizak/termui/v3/widgets
github.com/gizak/termui/v3/drawille
Licensed under MIT License

19.1.21. github.com/go-ole/go-ole

Copyright (c) 2013-2017 Yasuhiro Matsumoto, <mattn.jp@gmail.com>
Licensed under MIT License

19.1.22. github.com/godbus/dbus

Copyright (c) 2013, Georg Reinke (<guelfey at gmail dot com>), Google
Licensed under BSD-2 License

19.1.23. github.com/gofrs/uuid

Copyright (C) 2013-2018 by Maxim Bublis <b@codemonkey.ru>
Licensed under MIT License

19.1.24. github.com/google/pprof

(no copyright notes found)
Licensed under Apache License 2.0

19.1.25. github.com/golang/snappy

Copyright (c) 2011 The Snappy-Go Authors
Licensed under BSD-3 License

19.1.26. Copyright (c) 2010-2012 The w32 Authors

github.com/gonutz/w32
github.com/shirou/w32
github.com/AllenDang/w32
Licensed under MIT License

19.1.27. Licensed under Mozilla Public License 2.0

github.com/hashicorp/go-multierror
github.com/hashicorp/golang-lru
github.com/hashicorp/errwrap
(no copyright notes found)

19.1.28. github.com/hillu/go-yara/v4

Copyright (c) 2015-2020 Hilko Bengen <bengen@hilluzination.de>
Licensed under BSD-2 License

19.1.29. github.com/inconshreveable/mousetrap

Copyright (c) 2014 Alan Shreve
Licensed under Apache License 2.0

19.1.30. github.com/joeshaw/multierror

Copyright (c) 2014 Joe Shaw
Licensed under MIT License

19.1.31. github.com/kardianos/service

Copyright (c) 2015 Daniel Theophanes
Licensed under zlib License

19.1.32. github.com/marcsauter/single

Copyright (c) 2018 Marc Sauter
Licensed under MIT License

19.1.33. Copyright (c) Yasuhiro MATSUMOTO <mattn.jp@gmail.com>

github.com/mattn/go-colorable
github.com/mattn/go-isatty
github.com/mattn/go-runewidth
github.com/mattn/go-shellwords
github.com/mattn/go-sqlite3
Licensed under MIT License

19.1.34. github.com/mitchellh/go-wordwrap

Copyright (c) 2014 Mitchell Hashimoto
Licensed under MIT License

19.1.35. github.com/mholt/archiver

Copyright (c) 2016 Matthew Holt
Licensed under MIT License

19.1.36. github.com/nsf/termbox-go

Copyright (C) 2012 termbox-go authors
Licensed under MIT License

19.1.37. github.com/nwaples/rardecode

Copyright (c) 2015 Nicholas Waples
Licensed under BSD-2 License

19.1.38. github.com/pierrec/lz4

Copyright (c) 2015 Pierre Curto
Licensed under BSD-3 License

19.1.39. Copyright (c) Dave Cheney <dave@cheney.net>

github.com/pkg/errors
github.com/pkg/profile
Licensed under BSD-2 License

19.1.40. github.com/pytimer/win-netstat

Copyright (c) 2018 pytimer
Licensed under MIT License

19.1.41. github.com/sebdah/goldie

Copyright 2016 Sebastian Dahlgren <sebastian.dahlgren@gmail.com>
Licensed under MIT License

19.1.42. github.com/shirou/gopsutil

Copyright (c) 2014 WAKAYAMA Shirou
Copyright (c) 2009 The Go Authors
Licensed under BSD License

19.1.43. Copyright (c) 2016 SmartyStreets, LLC

github.com/smartystreets/goconvey
github.com/smartystreets/assertions
Licensed under MIT License

19.1.44. github.com/spf13/cobra

(no copyright notes found)
Licensed under Apache License 2.0

19.1.45. github.com/spf13/pflag

Copyright (c) 2012 Alex Ogier
Copyright (c) 2012 The Go Authors
Licensed under BSD-3 License

19.1.46. github.com/stretchr/testify

Copyright (c) 2012-2018 Mat Ryer and Tyler Bunnell
Licensed under MIT License

19.1.47. github.com/xi2/xz

(no license and copyright notes found)

19.1.48. Copyright (c) 2016-2017 Uber Technologies, Inc.

go.uber.org/atomic
go.uber.org/multierr
Licensed under MIT License

19.1.49. go.uber.org/zap

Copyright (c) 2016-2017 Uber Technologies, Inc.
Licensed under MIT License

19.1.50. Copyright (c) 2009 The Go Authors

golang.org/x/arch
golang.org/x/crypto
golang.org/x/sys
golang.org/x/exp
golang.org/x/net
golang.org/x/oauth2
golang.org/x/term
golang.org/x/time
golang.org/x/tools
golang.org/x/sync
Licensed under BSD-3 License

19.1.51. gopkg.in/ini.v1

Copyright (c) 2014 Unknwon
Licensed under Apache License 2.0

19.1.52. gopkg.in/natefinch/npipe.v2

Copyright (c) 2013 npipe authors
Licensed under MIT License

19.1.53. Copyright 2011-2016 Canonical Ltd.

gopkg.in/yaml.v2
gopkg.in/yaml.v3
Licensed under Apache License 2.0

19.1.54. howett.net/plist

Copyright (c) 2013, Dustin L. Howett
Copyright (c) 2012 The Go Authors
Licensed under BSD-3 License

19.1.55. github.com/williballenthin/shellbags

(no copyright notes found)
Licensed under Apache License 2.0

19.1.56. go.opencensus.io

(no copyright notes found)
Licensed under Apache License 2.0

19.1.57. cloud.google.com/go

(no copyright notes found)
Licensed under Apache License 2.0

19.1.58. Copyright (c) 2015 Chzyer

github.com/chzyer/logex
github.com/chzyer/readline
github.com/chzyer/test
Licensed under MIT License

19.1.59. github.com/ianlancetaylor/demangle

Copyright (c) 2015 The Go Authors
Licensed under BSD-3 License

19.1.60. github.com/jstemmer/go-junit-report

Copyright (c) 2012 Joel Stemmer
Licensed under MIT License

19.1.61. Google Go modules

google.golang.org/api
google.golang.org/appengine
google.golang.org/genproto
google.golang.org/grpc
(no copyright notes found)
Licensed under Apache License 2.0

19.1.62. Copyright (c) 2018 The Go Authors

google.golang.org/protobuf
github.com/golang/protobuf
Licensed under BSD-3 License

19.1.63. github.com/golang/groupcache

(no copyright notes found)
Licensed under Apache License 2.0

19.1.64. github.com/google/go-cmp

Copyright (c) 2017 The Go Authors
Licensed under BSD-3 License

19.1.65. https://github.com/hasherezade/pe-sieve

Copyright (c) 2017-2020, @hasherezade
Licensed under BSD 2-Clause License

19.1.66. https://github.com/hasherezade/libpeconv

Copyright (c) 2017-2019, hasherezade (@hasherezade)
Licensed under BSD 2-Clause License

19.1.67. https://github.com/parsiya/golnk

(no copyright notes found)
Licensed under Apache License 2.0

19.1.68. https://github.com/olekukonko/tablewriter

Copyright (C) 2014 by Oleku Konko
Licensed under MIT License

19.1.69. github.com/frankban/quicktest

Copyright (c) 2017 Canonical Ltd.
Licensed under MIT License

19.1.70. github.com/niemeyer/pretty

Copyright 2012 Keith Rarick
Licensed under MIT License

19.1.71. github.com/prometheus/procfs

(no copyright notes found)
Licensed under Apache License 2.0

19.1.72. Beats

https://github.com/secDre4mer/beats/v7
https://github.com/elastic/beats/v7
Licensed by Elasticsearch B.V.
Licensed under Apache License 2.0

19.1.73. https://github.com/ulikunitz/xz

Copyright (c) 2014-2020 Ulrich Kunitz
Licensed under BSD 2-Clause "Simplified" License

19.1.74. go.elastic.co/ecszap

Copyright 2020 Elastic and contributors
Licensed under Apache License 2.0

19.1.75. gopkg.in/check.v1

Copyright (c) 2010-2013 Gustavo Niemeyer <gustavo@niemeyer.net>
Licensed under BSD 2-Clause "Simplified" License

19.1.76. github.com/gopherjs/gopherjs

Copyright (c) 2013 Richard Musiol
Licensed under BSD 2-Clause "Simplified" License

19.1.77. github.com/kr/text

Copyright 2012 Keith Rarick
Licensed under MIT License

19.1.78. Copyright (c) 2016 Mark Bates

github.com/gobuffalo/envy
github.com/gobuffalo/packr
github.com/gobuffalo/packr/v2
Licensed under MIT License

19.1.79. github.com/karrick/godirwalk

Copyright (c) 2017, Karrick McDermott
Licensed under BSD 2-Clause License

19.1.80. github.com/rogpeppe/go-internal

Copyright (c) 2018 The Go Authors
Licensed under BSD 3-Clause "New" License

19.1.81. github.com/sirupsen/logrus

Copyright (c) 2014 Simon Eskildsen
Licensed under MIT License

19.1.82. github.com/Workiva/go-datastructures

(no copyright notes found)
Licensed under Apache License 2.0

19.1.83. github.com/swagger-api/swagger-ui

Copyright 2020 SmartBear Software Inc.
Licensed under Apache License 2.0

19.1.84. github.com/cheggaaa/pb/v3

Copyright (c) 2012-2015, Sergey Cherepanov
Licensed under BSD 3-Clause "New" License

19.1.85. github.com/magefile/mage

Copyright 2017 the Mage authors
Licensed under Apache License 2.0

19.1.86. github.com/secDre4mer/go-parseflags

(no copyright notes found)
Licensed under BSD 3-Clause "New" License

19.1.87. github.com/secDre4mer/go-inject

Copyright (c) 2021 secDre4mer
Licensed under MIT License
Previous

© Copyright 2021, Nextron Systems GmbH. Revision 68995629.

Built with Sphinx using a theme provided by Read the Docs.
Read the Docs v: latest
Versions
latest
Downloads
pdf
html
epub
On Read the Docs
Project Home
Builds