tags: threat_intelligence ioc_scanner
cmnatic@thm:~$ ./thor-lite-linux-64 -h
Thor Lite
APT Scanner
Version 10.7.3 (2022-07-27 07:33:47)
cc) Nextron Systems GmbH
Lite Version
> Scan Options
-t, --template string Process default scan parameters from this YAML file
-p, --path strings Scan a specific file path. Define multiple paths by specifying this option multiple times. Append ':NOWALK' to the path for non-recursive scanning (default: only the system drive) (default [])
--allhds (Windows Only) Scan all local hard drives (default: only the system drive)
--max_file_size uint Max. file size to check (larger files are ignored). Increasing this limit will also increase memory usage of THOR. (default 30MB)
> Scan Modes
--quick Activate a number of flags to speed up the scan at cost of some detection.
This is equivalent to: --noeventlog --nofirewall --noprofiles --nowebdirscan --nologscan --noevtx --nohotfixes --nomft --lookback 3 --lookback-modules filescan