ida_yara Logo

ida_yara

0
Free
Visit Website

ida_yara is a Python script that can be used to scan data within an IDB using Yara. The code mimics IDA's find_text and find_binary. It creates the Yara signature based off of the search and its search flags. Usage: Same as IDA's find_text and find_binary. Example: ida_yara.yara_find_text(start_ea, y, x, ustr, sflag=0) ida_yara.yara_find_binary(start_ea, ubinstr, radix=16, sflag=0) Search Flags: SEARCH_UP = search up return single match SEARCH_DOWN = search down return single match SEARCH_UP|SEARCH_NEXT = return all up from ea with the order being closest to furthest SEARCH_DOWN|SEARCH_DOWN = return all down from ea SEARCH_DOWN = same as SEARCH_DOWN SEARCH_UNICODE = search for Unicode characters

FEATURES

ALTERNATIVES

OCaml wrapper for YARA matching engine for malware identification

A tool to help exploit XXE vulnerabilities by sending a crafted XML file to the server and parsing it to extract the data.

An advanced cross-platform tool for detecting and exploiting SQL injection security flaws

A PowerShell module for interacting with VirusTotal to analyze suspicious files and URLs.

A native Python cross-version decompiler and fragment decompiler.

Cybersecurity tool merging DarunGrim's analysis algorithms, currently in internal testing for official release.

A fast and simple DOM based XSS vulnerability scanner

A Burp intruder extender for automating and validating XSS vulnerabilities