ida_yara Logo

ida_yara

0
Free
Visit Website

ida_yara is a Python script that can be used to scan data within an IDB using Yara. The code mimics IDA's find_text and find_binary. It creates the Yara signature based off of the search and its search flags. Usage: Same as IDA's find_text and find_binary. Example: ida_yara.yara_find_text(start_ea, y, x, ustr, sflag=0) ida_yara.yara_find_binary(start_ea, ubinstr, radix=16, sflag=0) Search Flags: SEARCH_UP = search up return single match SEARCH_DOWN = search down return single match SEARCH_UP|SEARCH_NEXT = return all up from ea with the order being closest to furthest SEARCH_DOWN|SEARCH_DOWN = return all down from ea SEARCH_DOWN = same as SEARCH_DOWN SEARCH_UNICODE = search for Unicode characters

FEATURES

ALTERNATIVES

A simple JWT token brute force cracker

A Burp extension to check JWT tokens for potential weaknesses

A simple framework for extracting actionable data from Android malware

PINCE is a front-end/reverse engineering tool for the GNU Project Debugger (GDB), focused on games, with CheatEngine-like value type support and memory searching capabilities.

Collection of slides, materials, demos, crackmes, and writeups from r2con-2017 conference.

A blog post discussing INF-SCT fetch and execute techniques for bypass, evasion, and persistence

A semi-automatic tool to generate YARA rules from virus samples.

Yara mode for GNU Emacs to edit Yara related files

CyberSecTools logoCyberSecTools

Explore the largest curated directory of cybersecurity tools and resources to enhance your security practices. Find the right solution for your domain.

Copyright © 2024 - All rights reserved