YARALYZER Logo

YARALYZER

0
Free
Visit Website

Visually inspect all of the regex matches (and their sexier, more cloak and dagger cousins, the YARA matches) found in binary data and/or text. See what happens when you force various character encodings upon those matched bytes. With colors. Quick Start: - pipx install yaralyzer - Scan against YARA definitions in a file: yaralyze --yara-rules /secret/vault/sigmunds_malware_rules.yara lacan_buys_the_dip.pdf - Scan against an arbitrary regular expression: yaralyze --regex-pattern 'good and evil.*of\s+\w+byte' the_crypto_archipelago.exe - Scan against an arbitrary YARA hex pattern: yaralyze --hex-pattern 'd0 93 d0 a3 d0 [-] 9b d0 90 d0 93' one_day_in_the_life_of_ivan_cryptosovich.bin What It Do: See the actual bytes your YARA rules are matching. No more digging around copy/pasting the start positions reported by YARA into your favorite hex editor. Displays both the bytes matched by YARA as well as a configurable number of bytes before and after each match in hexadecimal and 'raw' python string representation. Do the same for byte patterns and regular expressions without writing a YARA file. If you're too lazy to write a YARA file but are trying to determine, say, whether the

FEATURES

ALTERNATIVES

A library to access and parse Windows NT Registry File (REGF) format.

A digital forensic tool for creating forensic images of computer hard drives and analyzing digital evidence.

Educational CTF-styled challenges for Memory Forensics.

A reconnaissance tool for GitHub organizations

A digital artifact extraction framework for extracting data from volatile memory (RAM) samples, providing visibility into the runtime state of a system.

Hindsight is a free tool for analyzing web artifacts from Google Chrome/Chromium browsers and presenting the data in a timeline for forensic analysis.

Open source digital forensics tools for analyzing disk images and recovering files.

A next-generation crawling and spidering framework for extracting data from websites