This repository contains documentation, automation scripts, and sample outputs related to THOR Lite, the free forensic scanner from Nextron Systems.

THOR Lite is a free, signature-based incident response scanner using YARA, Sigma, and known IOCs to detect threats and anomalies on Windows, Linux, and macOS systems.

• 🧰 THOR Lite usage examples
• 🖥️ Windows & Linux scan automation scripts
• 📄 Sample reports (HTML, JSON, CSV)
• ⚙️ Integration with timeline and memory tools
• 📑 IOC feed and YARA/Sigma rule integration

1. Download THOR Lite and request a free license.
2. Extract the zip and copy license.txt into your working directory.
3. Run scans using the included scripts below.

thor64-lite.exe --htmlfile report.html
thor64-lite.exe --quick --soft --csvfile scan_results.csv

./thor-linux-lite --htmlfile report.html

for scan large file use:

thor64-lite.exe --quick --soft --htmlfile report.html

• Sample HTML Report
• JSON log for SIEM integration
• CSV output for quick triage

• THOR Lite Official Site
• YARA Rules
• Sigma Rules
• OpenRelik Integration

This repository does not contain the THOR Lite binaries or rules. You must obtain them from Nextron Systems directly.

For questions, contact: kh4sh3i@gmail.com or open an Issue