Skip to content

Nextron-Labs/thor-syntax-highlighting

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

17 Commits
emacs
emacs
 
 
ftdetect
ftdetect
 
 
jetbrains
jetbrains
 
 
samples
samples
 
 
sublime
sublime
 
 
syntax
syntax
 
 
vim
vim
 
 
vscode
vscode
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

THOR Log Syntax Highlighting

Syntax highlighting for THOR APT Scanner text log files across multiple editors.

Supported Editors

Editor Directory Status
Sublime Text sublime/ ✅ Ready
Visual Studio Code vscode/ ✅ Ready
Vim / Neovim vim/ ✅ Ready
Emacs emacs/ ✅ Ready
JetBrains IDEs jetbrains/ ✅ Ready

Each editor directory contains its own README with installation instructions.

Preview

Dark Theme

THOR Log — Dark Theme

Light Theme

THOR Log — Light Theme

Colors adapt to your editor's color scheme. The above are representative examples.

What Is This?

THOR produces text log files during scans. These logs follow a structured format with syslog-style headers and key-value fields:

Jul 10 09:08:47 PROMETHEUS/10.0.2.15 THOR: Alert: MODULE: SHIMCache SCANID: S-r4GhEhEiIRg MESSAGE: Malware name found in Shim Cache Entry ENTRY: C:\Users\neo\Desktop\ncat.exe KEYWORD: \\ncat\.exe

This repository provides syntax definitions that highlight:

  • Timestamps — syslog format (Jul 10 09:08:47) and RFC3339 (2024-03-20T08:22:00Z)
  • Hostnames and IP addressesPROMETHEUS/10.0.2.15
  • Log levels — color-coded: 🔴 Alert / Error, 🟠 Warning, 🔵 Notice, ⚪ Info
  • Field keysMODULE:, MESSAGE:, SCORE:, REASON_1:, PARENT_FILE:, etc.
  • Hashes — MD5 (32 hex), SHA1 (40 hex), SHA256 (64 hex)
  • Scan IDsS-r4GhEhEiIRg
  • Numeric values — scores, file sizes, ports

Field Names

The field name list is derived from the THOR JSON log definitions (textlog struct tags). This ensures comprehensive coverage of all fields THOR can produce, including:

  • Numbered fields: REASON_1, SUBSCORE_2, TAGS_1
  • Relation-prefixed fields: PARENT_FILE, PARENT_MD5
  • Module-specific fields: HIVEFILE, KEYWORD, FIRSTBYTES, LAUNCH_STRING, etc.

Log Format

THOR supports multiple output formats. This project targets the text log format (.txt), which is the default output and aligns with syslog message format.

For structured analysis, consider using the JSON log format (--jsonv2 or THOR 11+), which most editors already highlight natively as JSON.

File Association

The syntax definitions auto-detect files by extension (.thor.log, .thor.txt) and by content (first-line matching). For files with generic names like hostname_thor_2024-03-20.txt, see each editor's README for manual association instructions.

Sample Files

The samples/ directory contains example log lines for testing and previewing the highlighting.

Contributing

Contributions are welcome! If you'd like to add support for another editor (Notepad++, Emacs, JetBrains, etc.), please open a pull request.

License

MIT

About

Syntax highlighting for THOR APT Scanner text log files (Sublime Text, VS Code, Vim, Emacs, JetBrains)

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages