YARALYZER Logo

YARALYZER

0
Free
Visit Website

Visually inspect all of the regex matches (and their sexier, more cloak and dagger cousins, the YARA matches) found in binary data and/or text. See what happens when you force various character encodings upon those matched bytes. With colors. Quick Start: - pipx install yaralyzer - Scan against YARA definitions in a file: yaralyze --yara-rules /secret/vault/sigmunds_malware_rules.yara lacan_buys_the_dip.pdf - Scan against an arbitrary regular expression: yaralyze --regex-pattern 'good and evil.*of\s+\w+byte' the_crypto_archipelago.exe - Scan against an arbitrary YARA hex pattern: yaralyze --hex-pattern 'd0 93 d0 a3 d0 [-] 9b d0 90 d0 93' one_day_in_the_life_of_ivan_cryptosovich.bin What It Do: See the actual bytes your YARA rules are matching. No more digging around copy/pasting the start positions reported by YARA into your favorite hex editor. Displays both the bytes matched by YARA as well as a configurable number of bytes before and after each match in hexadecimal and 'raw' python string representation. Do the same for byte patterns and regular expressions without writing a YARA file. If you're too lazy to write a YARA file but are trying to determine, say, whether the

FEATURES

ALTERNATIVES

A file search and query tool for ops and security experts.

Recover event log entries from an image by heuristically looking for record structures.

A library to access the Extensible Storage Engine (ESE) Database File (EDB) format used in various Windows applications.

A tool that uses graph theory to reveal hidden relationships and attack paths in an Active Directory environment.

A collection of Mac OS X and iOS forensics resources with a focus on artifact collection and collaboration.

A tool for parsing and extracting information from the Master File Table of NTFS file systems.

mXtract is a Linux-based tool for memory analysis and dumping with regex pattern search capabilities.

Windows event log fast forensics timeline generator and threat hunting tool.

PINNED