GRR Rapid Response: remote live forensics for incident response

Overview

GRR Rapid Response is an incident response framework focused on remote live forensics.

Build Type Status
Tests Build status
End-to-end Tests Build status
Windows Templates Build status
Linux & MacOS Templates Build Status
Docker Build status

GRR is a python client (agent) that is installed on target systems, and python server infrastructure that can manage and talk to clients.

Documentation

Please visit our documentation website if you want to know more about GRR.

Contact Us

Screenshots

Comments
  • Frontend Performance

    Frontend Performance

    It appears that the frontends are constantly updating metadata:last on aff:/. Is this necessary? Having so many threads trying to hammer the same subject/attribute is causing delays. I haven't been able to find the code to see exactly why it is doing that.

    opened by pidydx 32
  • Config.includes not picked up when client repacking

    Config.includes not picked up when client repacking

    I’m trying to let clients add labels via files. This is part of the config for my frontends that are doing the client repacking:

    Client Context:
      Platform:Darwin:
        Config.includes:
          - build.yaml
          - "/etc/%(Client.name).labels.yaml"
    
      Platform:Linux:
        Config.includes:
          - build.yaml
          - "/etc/%(Client.name).labels.yaml"
    
      Platform:Windows:
        Config.includes:
          - build.yaml
          - "%(Client.install_path)/%(Client.binary_name).labels.yaml"
    

    But when installing the mac .pkg, the Config.includes is never picked up:

    $ cat /usr/local/lib/grr/grr_3.2.4.3_amd64/grr.yaml                                                                                                                                                                                                                                                                      
    Client.arch: amd64
    Client.company_name: GRR Project
    Client.description: '%(name) %(platform) %(arch)'
    Client.foreman_check_frequency: 1800
    Client.install_path: /usr/local/lib/%(Client.name)/%(ClientRepacker.output_basename)
    Client.name: grr
    Client.platform: darwin
    Client.plist_filename: '%(Client.plist_label).plist'
    Client.plist_label: '%(Client.plist_label_prefix).google.code.%(Client.name)'
    Client.plist_label_prefix: com
    Client.plist_path: /Library/LaunchDaemons/%(Client.plist_filename)
    Client.poll_max: 600
    Client.rekall_profile_cache_path: '%(Client.install_path)/rekall_profiles'
    Config.includes:
    - build.yaml
    Config.writeback: /etc/%(Client.name).local.yaml
    Logging.engines: stderr,file,syslog
    Logging.path: /var/log
    Logging.syslog_path: /var/run/syslog
    Logging.verbose: false
    Client.deploy_time: '2018-11-01 07:57:29'
    

    The repacking is using the right contexts and is picking up Config.includes, but I have no idea where /tmp/tmpZFFwpY/grr.yaml is coming from. Maybe it comes from the pre-baked OSX template?

    Repacking template: /usr/share/grr-server/grr-response-templates/templates/grr_3.2.4.3_amd64.xar.zip
    DEBUG:2018-12-28 22:08:18,114 8 MainProcess 140222624716544 MainThread config_lib:682] Applying filter env for CLIENT_INSTALLER_FINGERPRINT.
    Using context: [u'ClientBuilder Context', u'ClientBuilder Context', u'Arch:amd64', u'Platform:Darwin', u'Target:Darwin', u'Target:Darwin'] and labels: []
    DEBUG:2018-12-28 22:08:18,116 8 MainProcess 140222624716544 MainThread config_lib:1160] Loading configuration from /tmp/tmpZFFwpY/grr.yaml
    DEBUG:2018-12-28 22:08:18,117 8 MainProcess 140222624716544 MainThread config_lib:850] Configuration writeback is set to /tmp/tmpZFFwpY/grr.yaml
    ...
    DEBUG:2018-12-28 22:08:18,126 8 MainProcess 140222624716544 MainThread build:321] Copying config option to client: Config.includes
    ...
    INFO:2018-12-28 22:08:18,131 8 MainProcess 140222624716544 MainThread config_lib:501] Writing back configuration to file /tmp/tmpZFFwpY/grr.yaml
    
    opened by OmarDarwish 29
  • User can approve their own hunt

    User can approve their own hunt

    Testing on tracking head. I decided to try to request approval for access from my own account. I received a notification on my account that I had requested access, and was able to approve it.

    approvers.yaml looks like

    label: "example"
    requester_must_be_authorized: True
    num_approvers_required: 1
    users:
      - user1
      - user2
      - jessica
    
    opened by jessicawilsonsc 24
  • Efilter engine import failure during initialize

    Efilter engine import failure during initialize

    Below is a trimmed copy of the error encountered during grr_config_updater initialize portion. Confirmed efilter was latest version with pip. File "/usr/local/lib/python2.7/dist-packages/rekall/entities/init.py", line 3, in from rekall.entities import query File "/usr/local/lib/python2.7/dist-packages/rekall/entities/query/init.py", line 3, in from rekall.entities.query import analyzer File "/usr/local/lib/python2.7/dist-packages/rekall/entities/query/analyzer.py", line 29, in from efilter import engine ImportError: cannot import name engine

    FAILURE RUNNING: grr_config_updater initialize

    Ty.

    opened by mutedmouse 24
  • Changed default behavior of Read to be consistent with normal file objec...

    Changed default behavior of Read to be consistent with normal file objec...

    ...t behavior if no size is provided.

    This causes problems when writing parsers that use external modules that expect a file_object and they call .read().

    opened by pidydx 22
  • Error running AnalyzeClientMemory

    Error running AnalyzeClientMemory "pslist" plugin: Client action u'RekallAction' not known

    Getting this error in the server logs when I try running an AnalyzeClientMemory flow while specifying the pslist plugin:

    ERROR:2016-09-12 18:17:55,761 flow_runner:618] Flow aff4:/C.c6259a0da13eab27/flows/F:8E4F11AB raised Error running plugins: Client action u'RekallAction' not known.
    Traceback (most recent call last):
      File "/home/grr_user/GRR_NEW/local/lib/python2.7/site-packages/grr/lib/flow_runner.py", line 603, in RunStateMethod
        direct_response=direct_response, request=request, responses=responses)
      File "/home/grr_user/GRR_NEW/local/lib/python2.7/site-packages/grr/lib/flow.py", line 303, in Decorated
        res = f(*args[:f.func_code.co_argcount])
      File "/home/grr_user/GRR_NEW/local/lib/python2.7/site-packages/grr/lib/flows/general/memory.py", line 271, in End
        raise flow.FlowError("Error running plugins: %s" % all_errors)
    FlowError: Error running plugins: Client action u'RekallAction' not known
    ERROR:2016-09-12 18:17:55,813 flow_runner:937] Error in flow aff4:/C.c6259a0da13eab27/flows/F:8E4F11AB (aff4:/C.c6259a0da13eab27). Trace: Traceback (most recent call last):
      File "/home/grr_user/GRR_NEW/local/lib/python2.7/site-packages/grr/lib/flow_runner.py", line 603, in RunStateMethod
        direct_response=direct_response, request=request, responses=responses)
      File "/home/grr_user/GRR_NEW/local/lib/python2.7/site-packages/grr/lib/flow.py", line 303, in Decorated
        res = f(*args[:f.func_code.co_argcount])
      File "/home/grr_user/GRR_NEW/local/lib/python2.7/site-packages/grr/lib/flows/general/memory.py", line 271, in End
        raise flow.FlowError("Error running plugins: %s" % all_errors)
    FlowError: Error running plugins: Client action u'RekallAction' not known
    
    opened by zbuc 20
  • Server Load not Loading

    Server Load not Loading

    When I try to check server load for windows greater than 1hr the page never seems to finish loading. Watching the slow queries log on our SQL server seems to indicate it gets responses in a similar timeframe to the 1hr window that loads properly so it appears to be part of the processing to make the graphs.

    bug 
    opened by pidydx 19
  • UpdateClient flow doesn't work on Ubuntu

    UpdateClient flow doesn't work on Ubuntu

    Running UpdateClient from Ubuntu fails as the service restarts in the middle of the dpkg -i, killing all child processes leaving the service stopped and non-functional.

    Jul 02 13:14:56 ubuntu grrd[13119]: (Reading database ... 141574 files and directories currently installed.)
    Jul 02 13:14:56 ubuntu systemd[1]: Stopping grr linux amd64...
    Jul 02 13:14:56 ubuntu systemd[1]: Stopped grr linux amd64.
    
    opened by atkinsj 18
  • Artifact LinuxUserProfiles missing from registry.

    Artifact LinuxUserProfiles missing from registry.

    I am seeing this error on 3.2.3.2 "Artifact LinuxUserProfiles missing from registry. You may need to sync the artifact repo by running make in the artifact directory."

    I dont see a makefile in /grr/artifacts, however.

    opened by cwilsonwoof 18
  • Modified Linux client not working as expected with new functionality

    Modified Linux client not working as expected with new functionality

    From aditya.kichu on January 08, 2014 08:33:38

    What steps will reproduce the problem? 1. Built the linux client from source 2. Repacked it on the server and installed on linux client 3. Flows run on the linux client give runtime errors on new flows, works with existing flows. What is the expected output? What do you see instead? I have attached the output of the linux client build for reference. I want to confirm if the new client functionality has been included in the agent that is built. Also, I would like to know whether the agent has been properly built in the first place or not.

    When I test the new flows that I created on this linux client, I see that the existing flows like Fingerprint File work properly without any errors, whereas the new flows that I added do not work properly even though they work perfectly in windows.

    For example, I updated the Fingerprint files flow with fuzzy hashing, by adding new entries in the Fingerprint Tuple and updating my protobuf. However, when I run this flow it causes a Key error in the client action. Please see the error backtrace below.

    Failed Fingerprint: message GrrStatus { backtrace : u'Traceback (most recent call last):\n File "/usr/local/grr_build/build/grr/out00-PYZ.pyz/grr.client.actions", line 127, in Execute\n File "/usr/local/grr_build/build/grr/out00-PYZ.pyz/grr.client.client_actions.file_fingerprint", line 47, in Run\nKeyError: 3\n' cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u'KeyError(3,): 3' network_bytes_sent : 384 status : GENERIC_ERROR }

    The client side code for the Fingerprint File is the same as the original code except that there is one more hasher in the code that I have. This hasher is not recognized and causes the Key Error.

    Another new flow that I created also does not run properly. How do I check whether the protobuf used in the client is the latest?

    I am using GRR source code version 2.8.1.0 on Ubuntu 12.04 LTS.

    It would be great if someone could help me in identifying the problem.

    Thanks,

    Aditya

    Attachment: linux_client_build.txt

    Original issue: http://code.google.com/p/grr/issues/detail?id=91

    bug Priority-Medium 
    opened by destijl 18
  • GRR MySQL

    GRR MySQL "Max Allowed Packet" Error / Hunt's are not working

    Dear users,

    we have some real performance Issues with GRR at the moment. To give you a better understanding we use GRR Version 3.2.2.0 with MySQL and roughly 4000 Clients.

    The GRR landscape is distributed across multiple servers (Ubuntu 16.04):

    2x HTTP Frontend-server behind NGINX reverse Proxy
    2x Worker Server (With 2 GRR-Worker processes)
    1x UI-Server
    1x MySQL-Datastore (with 2 GRR-Worker processes
    

    At the moment we're not able to schedule any hunt on the system.

    The logs show the following errors: "mysql_advanced_data_store: Operational Error: 1205 Lock wait timeout exceeded. Try restarting transaction. This may be due to an incorrect mysql "max_allowed_packet" setting (try increasing it).

    We've tired values up to 2048MB, but this did not help. Another thing is that on the grr admin server we have a lot of socket in Status "Close_Wait".

    I will add the current GRR-Settings and Mysql-Settings that we're using:

    GRR:

    Threadpool.size = 50
    Worker.queue_shards = 8
    Mysql.conn_pool_max = 50
    Mysql.conn_pool_min = 10
    Mysql.max_connect_wait = 0
    Mysql.max_query_size = 8388608
    Mysql.max_retries = 10
    Mysql.max_values_per_query = 10000
    
    Mysql: max_allowed_packet = 512M
    

    Does anybody in this group have the same problems with the current grr ersion installed from the deb package? Or could you please give us some hints that may help gettimg grr up and running again?

    Thanks for your help, Cheers Sven

    opened by n3x77 17
  • ETA for next release (Ubuntu 20.04LTS or 22.04LTS)

    ETA for next release (Ubuntu 20.04LTS or 22.04LTS)

    Hello,

    With Ubuntu 18.04LTS reaching end of life soon, and people moving to either 20.04 (python 3.8) or 22.04 (python 3.10), do you have any plans/schedules to release new .deb for these distributions?

    Many thanks for that awesome tool, and merry xmas (a bit early)

    -- certxlm

    opened by certxlm 1
  • Bump qs from 6.5.2 to 6.5.3 in /grr/server/grr_response_server/gui/static

    Bump qs from 6.5.2 to 6.5.3 in /grr/server/grr_response_server/gui/static

    Bumps qs from 6.5.2 to 6.5.3.

    Changelog

    Sourced from qs's changelog.

    6.5.3

    • [Fix] parse: ignore __proto__ keys (#428)
    • [Fix] utils.merge`: avoid a crash with a null target and a truthy non-array source
    • [Fix] correctly parse nested arrays
    • [Fix] stringify: fix a crash with strictNullHandling and a custom filter/serializeDate (#279)
    • [Fix] utils: merge: fix crash when source is a truthy primitive & no options are provided
    • [Fix] when parseArrays is false, properly handle keys ending in []
    • [Fix] fix for an impossible situation: when the formatter is called with a non-string value
    • [Fix] utils.merge: avoid a crash with a null target and an array source
    • [Refactor] utils: reduce observable [[Get]]s
    • [Refactor] use cached Array.isArray
    • [Refactor] stringify: Avoid arr = arr.concat(...), push to the existing instance (#269)
    • [Refactor] parse: only need to reassign the var once
    • [Robustness] stringify: avoid relying on a global undefined (#427)
    • [readme] remove travis badge; add github actions/codecov badges; update URLs
    • [Docs] Clean up license text so it’s properly detected as BSD-3-Clause
    • [Docs] Clarify the need for "arrayLimit" option
    • [meta] fix README.md (#399)
    • [meta] add FUNDING.yml
    • [actions] backport actions from main
    • [Tests] always use String(x) over x.toString()
    • [Tests] remove nonexistent tape option
    • [Dev Deps] backport from main
    Commits
    • 298bfa5 v6.5.3
    • ed0f5dc [Fix] parse: ignore __proto__ keys (#428)
    • 691e739 [Robustness] stringify: avoid relying on a global undefined (#427)
    • 1072d57 [readme] remove travis badge; add github actions/codecov badges; update URLs
    • 12ac1c4 [meta] fix README.md (#399)
    • 0338716 [actions] backport actions from main
    • 5639c20 Clean up license text so it’s properly detected as BSD-3-Clause
    • 51b8a0b add FUNDING.yml
    • 45f6759 [Fix] fix for an impossible situation: when the formatter is called with a no...
    • f814a7f [Dev Deps] backport from main
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies javascript 
    opened by dependabot[bot] 0
  • Bump decode-uri-component from 0.2.0 to 0.2.2 in /grr/server/grr_response_server/gui/static

    Bump decode-uri-component from 0.2.0 to 0.2.2 in /grr/server/grr_response_server/gui/static

    Bumps decode-uri-component from 0.2.0 to 0.2.2.

    Release notes

    Sourced from decode-uri-component's releases.

    v0.2.2

    • Prevent overwriting previously decoded tokens 980e0bf

    https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.1...v0.2.2

    v0.2.1

    • Switch to GitHub workflows 76abc93
    • Fix issue where decode throws - fixes #6 746ca5d
    • Update license (#1) 486d7e2
    • Tidelift tasks a650457
    • Meta tweaks 66e1c28

    https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.0...v0.2.1

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies javascript 
    opened by dependabot[bot] 0
  • Bump minimatch from 3.0.4 to 3.1.2 in /grr/server/grr_response_server/gui/static

    Bump minimatch from 3.0.4 to 3.1.2 in /grr/server/grr_response_server/gui/static

    Bumps minimatch from 3.0.4 to 3.1.2.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies javascript 
    opened by dependabot[bot] 0
  • GRR on single port with Docker deployment

    GRR on single port with Docker deployment

    Hi, can I run GRR on single port? I want to use Cloudflare Tunnel but it work just with domain name (so 433 port for https) and does not support other ports. For docker deployment I need to have 8000 and 8080 port so I'd need separate domain for admin or client connection but I don't see this option either.

    opened by Mistic92 1
Releases(v3.4.6.0-release)
  • v3.4.6.0-release(May 30, 2022)

  • v3.4.5.1-release(Aug 23, 2021)

  • v3.4.3.1-release(May 19, 2021)

  • v3.4.2.4-release(Oct 15, 2020)

  • v3.4.2.3-release(Oct 5, 2020)

  • v3.4.2.0-release(Jul 7, 2020)

  • v3.4.0.1(Dec 18, 2019)

  • v3.3.0.8(Oct 9, 2019)

  • v3.3.0.4(Jul 3, 2019)

  • v3.3.0.3(Jul 1, 2019)

  • v3.3.0.2(Jun 28, 2019)

  • v3.3.0.0(May 22, 2019)

  • v3.2.4.6(Dec 20, 2018)

  • v3.2.4.5(Dec 17, 2018)

  • v3.2.3.2(Jun 28, 2018)

  • v3.2.3.0(Jun 25, 2018)

  • v3.2.2.0(Mar 12, 2018)

  • v3.2.1.1(Dec 6, 2017)

  • v3.2.0.1(Sep 5, 2017)

    Download the server deb from here.

    Please read the release notes before upgrading.

    A number of features, bugfixes and improvements have been added since the last release. You can find more details in the release notes. Also note that components are now deprecated, and Rekall has been disabled by default.

    Source code(tar.gz)
    Source code(zip)
  • v3.2.0rc0(Aug 22, 2017)

  • v3.1.0.2(Jun 17, 2016)

    There are significant changes in this release. Be sure to read the release notes carefully before attempting an upgrade.

    New in this release:

    • Powerful API: Anything you can do in the UI you can do with the HTTP API. This enables powerful automatic collection and export possibilities.
    • Chrome desktop notifications. Click a notification to go straight to an approval or flow results.
    • UI refresh: Complete rewrite under-the-hood to AngularJS. Host information view is much more usable and you can see basic machine information without requiring an approval. Recent activity view is the default landing page.
    • Hunt UI: OR conditionals. Now you can target a hunt much more precisely and cut down on situations where you previously had to run multiple hunts.
    • Ability to create a hunt from a flow: test on your machine first, then run it on the fleet
    • Client components: easier client customization and updating without pushing a a whole new client, currently used by rekall and chipsec.
    • Download individual files from a hunt
    • Build system using pip. Much simpler to set up for development or try out new releases, see the install instructions.
    • Rekall: faster acquisition, more linux profiles
    • Approval ACLs: require different approvals based on client labels
    • Bigquery output plugin: fast analysis at scale
    • Lots of bugfixes and perf improvements
    • Tons more forensic artifacts
    Source code(tar.gz)
    Source code(zip)
  • 3.1.0rc2(Apr 15, 2016)

    This is the second release candidate for 3.1.0. There's a bunch of great stuff in here, I talked about most of it in the meetup:

    https://www.youtube.com/watch?v=EJAO9yWprmI#t=344

    But there's even more since then:

    • Ability to create a hunt from a flow: test on your machine first, then run it on the fleet.
    • Chrome desktop notifications.
    • Download individual files from a hunt.

    I've also written some instructions for using pip: https://github.com/google/grr-doc/blob/master/installfrompip.adoc

    which is particularly handy for dev. Setting up client and server dev environments is very fast, and you can develop client or server code on Windows and Mac as well as Linux. Note that linux is still the only supported server platform for production.

    A deb is available here: https://storage.googleapis.com/releases.grr-response.com/grr-server_3.1.0-2_amd64.deb

    We're aware of a few issues that need fixing before we remove the release candidate status, specifically:

    • Download of very large hunt results ties up the admin ui process
    • Some memory collection flows that have been obsoleted by rekall need to be removed
    • Travis, docker, and the easy install script need to be updated

    Once those are done we'll make a final release.

    Source code(tar.gz)
    Source code(zip)
  • v3.1.0rc1(Apr 6, 2016)

    This is the 3.1.0 release candidate. It's a release candidate because we still have some work to do building a debian package and updating install scripts to use the new build system.

    See the release notes for important information about this release.

    New in this release:

    • Components: easier client customization
    • Build system: pip install grr-{server|client}
    • Rekall: faster acquisition, more linux profiles
    • Approval ACLs: require different approvals based on client labels
    • Powerful API: automatic collection and export
    • Bigquery output plugin: fast analysis at scale
    • Lots of bugfixes and perf improvements
    • Hunt UI: OR conditionals
    • Tons more forensic artifacts
    Source code(tar.gz)
    Source code(zip)
  • v0.3.0-6(Apr 17, 2015)

    Hello everyone,

    I just updated the GRR downloads, we are releasing the GRR server 0.3.0-6 today!

    Some of the features in this release (there are many small ones that we can't list here):

    The Rekall integration has been improved a lot since the last release, live memory analysis should be a lot more stable now. Also GRR now uses Rekall version 1.3.1 which means many new plugins and improved analysis methods.

    The have been lots of UI changes:

    • Most of the UI is now written in AngularJS giving us better performance.
    • We have improved hunt logging which helps when you run hunts on thousands on clients.
    • Clients can be labeled in the UI so you can easily hunt on a subset of machines.
    • We improved the client performance indicators so you can better assess the impact of the GRR clients on the machines they are installed on.
    • We also added some server performance monitoring.
    • The UI now also provides an HTTP Api to directly query GRR data.

    This release also comes with new datastores. The SqliteDataStore is a fast, local data store that is very easy to use. It's a good choice for quickly setting up an instance and it's the fastest data store we have but it limits your GRR server to use only a single machine since it stores files locally.

    Also new are two highly scalable data stores, the MySQLAdvancedDataStore and the HTTPDataStore. Both those backends are aimed at hosting rather big GRR instances and should scale well up to thousands of clients.

    There have also been tons of small improvements and bug fixes so we'd highly recommend upgrading to the new server. There are some minor backwards compatibility issues, please have a look at https://github.com/google/grr-doc/blob/master/releasenotes.adoc before upgrading.

    As always, the best way to install / upgrade is to use the install script as described in https://github.com/google/grr-doc/blob/master/quickstart.adoc

    Cheers, -Andy

    Source code(tar.gz)
    Source code(zip)
    grr-server_0.3.0-6_amd64.deb(100.46 MB)
Owner
Google
Google ❤️ Open Source
Google
This repo created for bypassing Widevine L3 DRM and obtaining keys.

First run: Copy headers (with cookies) of POST license request from browser to headers.py like dictionary. pip install -r requirements.txt # if doesn'

Mikhail 263 Jan 07, 2023
A secure password generator written in python

gruvbox-factory 🏭 "The main focus when developing gruvbox is to keep colors easily distinguishable, contrast enough and still pleasant for the eyes"

Paulo Pacitti 430 Dec 27, 2022
A fully automated, accurate, and extensive scanner for finding vulnerable log4j hosts

log4j-scan A fully automated, accurate, and extensive scanner for finding vulnerable log4j hosts Features Support for lists of URLs. Fuzzing for more

Duc Linh Nguyen 4 Aug 08, 2022
Jolokia Exploitation Toolkit (JET) helps exploitation of exposed jolokia endpoints.

jolokia-exploitation-toolkit Jolokia Exploitation Toolkit (JET) helps exploitation of exposed jolokia endpoints. Core concept Jolokia is a protocol br

Laluka 194 Jan 01, 2023
Script to calculate Active Directory Kerberos keys (AES256 and AES128) for an account, using its plaintext password

Script to calculate Active Directory Kerberos keys (AES256 and AES128) for an account, using its plaintext password

Matt Creel 27 Dec 20, 2022
A brute Force tool for Facebook

EliBruter A brute Force tool for Facebook Installing this tool -- $ pkg upgrade && update $ pkg install python $ pkg install python3 $ pkg install gi

Eli Hacks 3 Mar 29, 2022
Ensure secure infrastructure and consistency with the firewall rules

Python Port Scanner This script tries to check if it's possible to make a connection with the specific endpoint port. This is very useful to ensure se

Allan Avelar 7 Feb 26, 2022
Tenssens framework focused on gathering information from free tools or resources. The intention is to help people find free OSINT resources.

Tenssens framework focused on gathering information from free tools or resources. The intention is to help people find free OSINT resources.

Md. Nur habib 31 Oct 21, 2022
Find existing email addresses by nickname using API/SMTP checking methods without user notification. Please, don't hesitate to improve cat's job! 🐱🔎 📬

mailcat The only cat who can find existing email addresses by nickname. Usage First install requirements: pip3 install -r requirements.txt Then just

282 Dec 30, 2022
This program is a WiFi cracker, you can test many passwords for a desired wifi to find the wifi password!

WiFi_Cracker About the Program: This program is a WiFi cracker! Just run code and select a desired wifi to start cracking 💣 Note: you can use this pa

Sina.f 13 Dec 08, 2022
Open Source Intelligence gathering tool aimed at reducing the time spent harvesting information from open sources.

The Recon-ng Framework Recon-ng content now available on Pluralsight! Recon-ng is a full-featured reconnaissance framework designed with the goal of p

2.4k Jan 07, 2023
Industry ready custom API payload with an easy format for building Python APIs (Django/Django Rest Framework)

Industry ready custom API payload with an easy format for building Python APIs (Django/Django Rest Framework) Yosh! If you are a django backend develo

Abram (^o^) 7 Sep 30, 2022
CVE-2021-43798Exp多线程批量验证脚本

Grafana V8.*任意文件读取Exp--多线程批量验证脚本 漏洞描述 Grafana是一个开源的度量分析与可视化套件。经常被用作基础设施的时间序列数据和应用程序分析的可视化,它在其他领域也被广泛的使用包括工业传感器、家庭自动化、天气和过程控制等。其 8.*版本任意文件读取漏洞,该漏洞目前为0d

2 Dec 16, 2021
Get important strings inside [Info.plist] & and Binary file also all output of result it will be saved in [app_binary].json , [app_plist_file].json file

Get important strings inside [Info.plist] & and Binary file also all output of result it will be saved in [app_binary].json , [app_plist_file].json file

12 Sep 28, 2022
Fuck - Multi Brute Force 🚶‍♂

f-mbf Fuck - Multi Brute Force 🚶‍♂ Install Script $ pkg update && pkg upgrade $ pkg install python2 $ pkg install git $ pip2 install requests $ pip2

Yumasaa 1 Dec 03, 2021
Python library to remotely extract credentials on a set of hosts.

Python library to remotely extract credentials on a set of hosts.

Pixis 1.5k Dec 31, 2022
this keylogger is only for pc not for android but it will only work on those pc who have python installed it is made for all linux,windows and macos

Keylogger this keylogger is only for pc not for android but it will only work on those pc who have python installed it is made for all linux,windows a

Titan_Exodous 1 Nov 04, 2021
BoobSnail allows generating Excel 4.0 XLM macro. Its purpose is to support the RedTeam and BlueTeam in XLM macro generation.

Follow us on Twitter! BoobSnail BoobSnail allows generating XLM (Excel 4.0) macro. Its purpose is to support the RedTeam and BlueTeam in XLM macro gen

STM Cyber 232 Nov 21, 2022
VMware vCenter earlier v(7.0.2.00100) unauthorized arbitrary file read

vcenter_fileread_exploit VMware vCenter earlier v(7.0.2.00100) unauthorized arbitrary file read Usage python3 vCenter_fileread.py http(s)://ip Referen

Ashish Kunwar 4 Sep 23, 2022
Scanning for CVE-2021-44228

Filesystem log4j_scanner for windows and Unix. Scanning for CVE-2021-44228, CVE-2021-45046, CVE-2019-17571 Requires a minimum of Python 2.7. Can be ex

Brett England 4 Jan 09, 2022