base64_substring Logo

base64_substring

0
Free
Visit Website

The base64_substring tool helps malware analysts search through base64-encoded samples by enumerating all possible base64 encodings for a given search term and generating a yara rule that checks those possibilities. To run an example, generate a yara rule that matches a base64-encoded file containing the term 'Application' by using the provided script. Further reading: 'Searching for Content in Base-64 Strings' by Lee Holmes.

FEATURES

ALTERNATIVES

A tool for deep analysis of malicious files using ClamAV and YARA rules, with features like scoring suspect files, building visual tree graphs, and extracting specific patterns.

A tool designed to handle archive file data and augment Yara's capabilities.

A tool for identifying sensitive secrets in public GitHub repositories

A Python-based tool for detecting XSS vulnerabilities

A program to extract IOCs from text files using regular expressions

A blog post discussing INF-SCT fetch and execute techniques for bypass, evasion, and persistence

Python wrapper for the Libemu library for analyzing shellcode.

Blazingly fast Yara queries for malware analysts with an analyst-friendly web GUI.

PINNED