ida_yara Logo

ida_yara

0
Free
Visit Website

ida_yara is a Python script that can be used to scan data within an IDB using Yara. The code mimics IDA's find_text and find_binary. It creates the Yara signature based off of the search and its search flags. Usage: Same as IDA's find_text and find_binary. Example: ida_yara.yara_find_text(start_ea, y, x, ustr, sflag=0) ida_yara.yara_find_binary(start_ea, ubinstr, radix=16, sflag=0) Search Flags: SEARCH_UP = search up return single match SEARCH_DOWN = search down return single match SEARCH_UP|SEARCH_NEXT = return all up from ea with the order being closest to furthest SEARCH_DOWN|SEARCH_DOWN = return all down from ea SEARCH_DOWN = same as SEARCH_DOWN SEARCH_UNICODE = search for Unicode characters

FEATURES

ALTERNATIVES

YARA extension for Visual Studio Code with code completion and snippets

A tool for searching a Git repository for interesting content

A sandbox for quickly sandboxing known or unknown families of Android Malware

Identifies 137 malicious npm packages and gathers system information to a remote server.

PINCE is a front-end/reverse engineering tool for the GNU Project Debugger (GDB), focused on games, with CheatEngine-like value type support and memory searching capabilities.

A tool for malware analysts to search through base64-encoded samples and generate yara rules.

A powerful tool for identifying and exploiting Cross-Site Scripting (XSS) vulnerabilities.

Malware sandbox for executing malicious files in an isolated environment with advanced features.