This module for Yara is part of the Koodous project https://koodous.com and it integrates static APK analysis with Yara. You can use it to find APKs by package name, permissions or API level, etc. Find the documentation for this module in the Koodous documentation's site: http://docs.koodous.com/yara/androguard/ Preparing compilation: If you want to use this module, first you need to re-compile Yara with the androguard module. To do so, you need to modify some files. Follow the basic steps in the official docs: http://yara.readthedocs.org/en/latest/writingmodules.html#building-our-hello-world Include the file androguard.c in folder libyara/modules. Modify "libyara/modules/module_list" and add "MODULE(androguard)" in the cuckoo block. The file should look like the following: MODULE(pe) MODULE(elf) MODULE(math) #ifdef CUCKOO MODULE(cuckoo) MODULE(androguard) #endif Modify "libyara/Makefile.am" to add androguard module ("MODULES += modules/androguard.c") in the cuckoo block: MODULES = modules/tests.c MODULES += modules/pe.c if CUCKOO MODULES += modules/cuckoo.c MODULES += modules/androguard.c endif Recompile Yara, but enabling cuckoo module.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
A brute-force protection middleware for express routes that rate-limits incoming requests.
APKiD is a tool that identifies compilers, packers, obfuscators, and other weird stuff in APK files.
Grafeas is an API specification for managing and auditing metadata about software resources across the software supply chain.
A plugin for viewing, detecting weak configurations, and generating Content Security Policy headers.
A Nuxt 3 security module that automatically implements OWASP security patterns through HTTP headers, middleware, and various protection mechanisms including CSP, XSS validation, CORS, and CSRF protection.
A technology lookup and lead generation tool that identifies the technology stack of any website and provides features for market research, competitor analysis, and data enrichment.
GuardDog is a CLI tool that identifies malicious PyPI and npm packages using heuristics-based analysis of source code and metadata.
SearchCode is an extensive code search engine that indexes 75 billion lines of code from millions of projects to help developers find coding examples and libraries.
A modular Python tool that obfuscates Android applications by manipulating decompiled smali code, resources, and manifest files without requiring source code access.