ida_yara Logo

ida_yara

0
Free
Visit Website

ida_yara is a Python script that can be used to scan data within an IDB using Yara. The code mimics IDA's find_text and find_binary. It creates the Yara signature based off of the search and its search flags. Usage: Same as IDA's find_text and find_binary. Example: ida_yara.yara_find_text(start_ea, y, x, ustr, sflag=0) ida_yara.yara_find_binary(start_ea, ubinstr, radix=16, sflag=0) Search Flags: SEARCH_UP = search up return single match SEARCH_DOWN = search down return single match SEARCH_UP|SEARCH_NEXT = return all up from ea with the order being closest to furthest SEARCH_DOWN|SEARCH_DOWN = return all down from ea SEARCH_DOWN = same as SEARCH_DOWN SEARCH_UNICODE = search for Unicode characters

FEATURES

ALTERNATIVES

Redexer is a reengineering tool for Android app binaries with features like RefineDroid and Dr. Android.

A library of PHP unserialize() payloads and a tool to generate them.

Yara mode for GNU Emacs to edit Yara related files

PINCE is a front-end/reverse engineering tool for the GNU Project Debugger (GDB), focused on games, with CheatEngine-like value type support and memory searching capabilities.

Management portal for LoKi scanner with centralized database for scanning activities.

An advanced cross-platform tool for detecting and exploiting SQL injection security flaws

Command line tool for testing CRLF injection on a list of domains.

Original SmaliHook Java source for Android cracking and reversing.