Newer
Older
This is Coeus-Sec A tool that is designed to check for file changes and report them!
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
To run this program for simply scanning a directory for ccn information:
Usage: " + name + " [options] path [...]"
#Options:"
-r/--recursive: Recursively watch all files and subdirectories inside path"
-m/--monitor: Keep running until killed (e.g. via Ctrl+C)"
-q/--quiet: Do not output information about actions"
-e/--event list: Which events (create, modify, delete, move) to watch, comma-separated. Default: all"
--format format: Format string for output."
--exclude: Do not process any events whose filename matches the specified regex"
--excludei: Ditto, case-insensitive"
#Formats:"
%e : Event name"
%f : File name"
%w : Path name"
%T : Current date and time"
#Special Options
--singlerun This will have the program once and exit.
--ccn This is will have the program search for CCN numbers
--FIM This will perform an MD5 check on each file in a directory and leave a log with all hashes.
--recheck
--scan= Here you can specify a directory to scan. Remember to make all backslashes double. so c:\\users\\your\\home\\ .
--rserver=x.x.x.x Not working at this time. It was supposed to be for faking SYSLOG.
#Cosue-Sec Windows Command Examples:
##Scan a directory for credit card info
Coeus-Sec.exe -m -r --singlerun --ccn --scan=C:\\
##Scan a directory and monitor another:
Coeus-Sec.exe --ccn -m -r C:\\Monitor\\This\\Directory\\TopSecretDir --scan=C:\\Users\\Bob\\source\\repos
##Create recursive MD5 hashes on a directory tree
Coeus-Sec.exe -m -r --singlerun --FIM --scan=C:\\path\\you\\want\\scanned
##Recheck the directory tree of hashes
Coeus-Sec.exe -m -r --singlerun --recheck --scan=C:\\path\\you\\want\\scanned