View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0007994 | Kali Linux | Queued Tool Addition | public | 2022-10-09 23:01 | 2022-11-01 14:35 |
Reporter | mccrypter | Assigned To | |||
Priority | normal | Severity | minor | Reproducibility | N/A |
Status | acknowledged | Resolution | open | ||
Summary | 0007994: yaralyzer is a tool to visually inspect and force decode YARA and regex matches found in both binary and text data. | ||||
Description | [Name] yaralyzer [Description] Visually inspect all of the regex matches (and their sexier, more cloak and dagger cousins, the YARA matches) found in binary data and/or text. See what happens when you force various character encodings upon those matched bytes. With colors. Some screenshots are visible here: https://github.com/michelcrypt4d4mus/yaralyzer#example-output [Dependencies] python 3.9+ [Similar tools] http://www.binaryalert.io/yara-matches.html (sort of - it writes matches to a DB rather than STDOUT, and it doesn't do any encoding detection or force decodes) [Activity] Development started mid summer 2022 originally as an internal engine of a related tool, the pdfalyzer: https://github.com/michelcrypt4d4mus/pdfalyzer. actively being maintained, kind of surprising amount of interest since it was open sourced last week [How to install] Note, using source code to acquire (e.g. git clone/svn checkout) can’t be used - Also downloading from the head. Please use a “tag” or “release” version. Scan against YARA definitions in a file:yaralyze --yara-rules /path/to/malware_rules.yara lacan_buys_the_dip.pdf Scan against an arbitrary YARA compatible regular expression:yaralyze --regex-pattern 'evil.*of\s+\w+byte' the_crypto_archipelago.exe Scan against an arbitrary YARA hex patternyaralyze --hex-pattern 'd0 93 d0 a3 d0 [-] 9b d0 90 d0 93' one_day_in_the_life_of_ivan_cryptosovich.bin [Packaged] - Is the tool already packaged for Debian? | ||||
@kali-team, please could this be packaged up. |
|