Burp-Yara-Rules is a collection of Yara rules designed for use with the Burp Yara-Scanner extension during web application security assessments. The ruleset includes detection patterns built from malicious code samples found on the Internet and contributions from third-party sources. These rules help identify malicious software commonly hosted on websites and detect signs of infection in web applications. The rules cover multiple file types and code formats: - HTML code analysis for malicious patterns - JavaScript code inspection for suspicious elements - CSS code examination for embedded threats - JAR file detection for infected Java archives - PDF file analysis for malicious content The tool integrates with Burp Suite through the Yara-Scanner extension, allowing security professionals to scan web applications for indicators of compromise during penetration testing and security assessments. The rules aim to identify infected web pages and help assess the security posture of web applications by detecting various forms of malware and malicious code injection.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
Grafeas is an API specification for managing and auditing metadata about software resources across the software supply chain.
A brute-force protection middleware for express routes that rate-limits incoming requests.
QIRA is a competitor to strace and gdb with MIT license, supporting Ubuntu and Docker for wider compatibility.
A plugin for viewing, detecting weak configurations, and generating Content Security Policy headers.
Search engine for open-source Git repositories with advanced features like case sensitivity and regular expressions.
SearchCode is an extensive code search engine that indexes 75 billion lines of code from millions of projects to help developers find coding examples and libraries.
An open-source tool that automates the detection and analysis of DLL hijacking vulnerabilities in Windows applications, providing detailed reports and remediation guidance.
Bearer CLI is a static application security testing tool that scans source code across multiple programming languages to identify and prioritize OWASP Top 10 and CWE Top 25 security vulnerabilities through data flow analysis.
A comprehensive toolkit for web application security testing, offering a range of products and solutions for identifying vulnerabilities and improving security posture.