Scanner/README.md

Scanner : V4

Node.JS based file scanner using YARA rules and OLLAMA (llama3.2:1b) integration for file/code analysis.

Seeking for V3 legacy where we used other methods for scanning and detecting patterns? Check http://lhhomeserver.ddns.net:3000/Lisa_Stuff/Scanner/src/branch/legacy/

Setup

Install axios

npm i axios @automattic/yara

Edit variables in code aiprompt, patterns, pathtoscan, llamaendpoint, etc.

Run code

node scanner.js

If you want to quickly change path use:

node scanner.js --pathtoscan="./your/path/goes/here" 

Extra Options

We have few extra options available.

1. --pathtoscan="./your/path/goes/here" | Scans specific path (can be set through code variable!)
2. --ignorefolders="some,folder,to,ignore,and,not,scan" | Ignores specific folder(s) in that path (CLI ONLY!)
3. --ignorefiles="some,files,to,ignore,and,not,scan" | Ignores specific file(s) in that path (CLI ONLY!)

Known limitations

1. Discord webhook integration will send every file analysis which might appear few times per request of AI, it results in a ratelimit and no messages being sent or an error.
2. If OLLAMA is self hosted there is chance of it being overloaded, if it is being hosted externally and on paid plan there is chance of it eating a lot of money.
3. We do not recommend scanning nodemodules, cache files, etc. Please use --ignorefolders or --ignorefiles tag to exclude them.
4. Compiled files might not be able to get scanned. (NOT TESTED)

Known issues

1. Some OLLAMA models might refuse to analyse file for malware content.

Suggested fix by inxtagram: For the first issue Some OLLAMA models might refuse to analyse file for malware content, you can expect better results by using abliterated model. huihui_ai/llama3.2-abliterate:1b might be suit on your needs

2. Scanning too much files might result in huge console spam and AI/Discord integration errors.

COPYRIGHT CC-BY-SA-4.0, CONTACT: lisahonkay@gmail.com