yara-parser
yara-parser is a Go library for manipulating YARA rulesets. Its key feature is that it uses the same grammar and lexer files as the original libyara to ensure that lexing and parsing work exactly like YARA. The grammar and lexer files have been modified to fill Go data structures for ruleset manipulation instead of compiling rulesets for data matching. Using yara-parser, one will be able to read YARA rulesets to programatically change metadata, rule names, rule modifiers, tags, strings, and more. The ability to serialize rulesets to JSON for rule manipulation in other languages is provided with the y2j tool. Similarly, j2y provides JSON-to-YARA conversion, but do see Limitations below. Installation For the following go get commands, if you experience any issues, they are likely due to outdated versions of Go. The project uses features introduced in Go 1.10. Installation should proceed normally after an update. To install (or update) everything at once, the following command can be used: go get -u github.com/Northern-Lights/yara-parser/... y2j: YARA to JSON Use the following command to install the y2j command for converting YARA rulesets to JSON. go get -u github.com/Nor
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
A program to manage yara ruleset in a database with support for different databases and configuration options.
Code to prevent a managed .NET debugger/profiler from working.
Intezer is a cloud-based malware analysis platform that detects and classifies malware using genetic code analysis.
A static analysis tool for PE files that detects malicious behavior and provides information for manual analysis.
Joe Sandbox Community provides automated cloud-based malware analysis across multiple OS platforms.
An open source machine code decompiler that converts binary executables into readable C source code across multiple architectures and file formats.
Falcon Sandbox is a malware analysis framework that provides in-depth static and dynamic analysis of files, offering hybrid analysis, behavior indicators, and integrations with various security tools.
Blazingly fast Yara queries for malware analysts with an analyst-friendly web GUI.
PINNED
Proton Pass is a cross-platform password manager that provides encrypted storage, password generation, and security monitoring features with integrated 2FA and dark web monitoring capabilities.
NordVPN is a commercial VPN service that encrypts internet connections and hides IP addresses through a global network of servers, featuring integrated threat protection and multi-device support.
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.