-
-
Notifications
You must be signed in to change notification settings - Fork 0
Usage
c0m4r edited this page Jan 16, 2024
·
12 revisions
usage: paranoya.py [-h] [-p path] [-s kilobyte] [-l LOGFILE] [-a alert-level] [-w warning-level]
[-n notice-level] [-d] [--pidfile PIDFILE] [--listen-host LISTEN_HOST]
[--listen-port LISTEN_PORT] [--auth AUTH] [--disable-yara-files DISABLE_YARA_FILES]
[--alldrives] [--printall] [--allreasons] [--noprocscan] [--nofilescan] [--scriptanalysis]
[--rootkit] [--noindicator] [--dontwait] [--intense] [--csv] [--silent] [--nolog]
[--debug] [--maxworkingset MAXWORKINGSET] [--logfolder log-folder] [--python PYTHON]
[--nolisten] [--excludeprocess EXCLUDEPROCESS] [--force] [--version] [--progress]
[--followlinks] [--custom CUSTOM]
paranoya - Simple IOC Scanner
options:
-h, --help show this help message and exit
-p path Path to scan
-s kilobyte Maximum file size to check in KB (default 5000 KB)
-l LOGFILE, --logfile LOGFILE
-a alert-level Alert score
-w warning-level Warning score
-n notice-level Notice score
-d Run as a daemon
--pidfile PIDFILE Pid file path (default: paranoya.pid)
--listen-host LISTEN_HOST
Listen host for daemon mode (default: localhost)
--listen-port LISTEN_PORT
Listen port for daemon mode (default: 1337)
--auth AUTH Auth key, only in daemon mode
--disable-yara-files DISABLE_YARA_FILES
Comma separated list of yara files to disable
--alldrives Scan all drives (including network drives and removable media)
--printall Print all files that are scanned
--allreasons Print all reasons that caused the score
--noprocscan Skip the process scan
--nofilescan Skip the file scan
--scriptanalysis Statistical analysis for scripts to detect obfuscated code (beta)
--rootkit Skip the rootkit check
--noindicator Do not show a progress indicator
--dontwait Do not wait on exit
--intense Intense scan mode (also scan unknown file types and all extensions)
--csv Write CSV log format to STDOUT (machine processing)
--silent Only print warnings or alerts
--nolog Don't write a local log file
--debug Debug output
--maxworkingset MAXWORKINGSET
Maximum working set size of processes to scan (in MB, default 100 MB)
--logfolder log-folder
Folder to use for logging when log file is not specified
--python PYTHON Override default python path
--nolisten Dot not show listening connections
--excludeprocess EXCLUDEPROCESS
Specify an executable name to exclude from scans, can be used multiple times
--force Force the scan on a certain folder (even if excluded with hard exclude in
paranoya's code
--version Shows welcome text and version of paranoya, then exit
--progress Show a progress bar (experimental)
--followlinks Force paranoya to follow symlinks (be aware: may lead to RAM overflow)
--custom CUSTOM Custom yara ruleset dir, f.e. signature-custom/yara/name (default: signature-
base/yara)
usage: client.py [-h] [-p PATH] [--host HOST] [--port PORT] [--auth AUTHKEY] [--check]
paranoya client
options:
-h, --help show this help message and exit
-p PATH Path to scan (default: None)
--host HOST Target daemon host (default: localhost)
--port PORT Target daemon port (default: 1337)
--auth AUTHKEY Pass authkey if it is required (default: None)
--check Check if path exists before it is sent (default: False)
usage: upgrader.py [-h] [--sigsonly] [--progonly] [--debug] [--force]
paranoya upgrader
options:
-h, --help show this help message and exit
--sigsonly Update the signatures only
--progonly Update the program files only
--debug Debug output
--force Force signature update
Usage: ./build.sh [options]
--with-addons Include addons
--with-signatures Include signature-base
--with-source Include source .py files
--with-test Include test samples