YARALYZER Logo

YARALYZER

0
Free
Visit Website

Visually inspect all of the regex matches (and their sexier, more cloak and dagger cousins, the YARA matches) found in binary data and/or text. See what happens when you force various character encodings upon those matched bytes. With colors. Quick Start: - pipx install yaralyzer - Scan against YARA definitions in a file: yaralyze --yara-rules /secret/vault/sigmunds_malware_rules.yara lacan_buys_the_dip.pdf - Scan against an arbitrary regular expression: yaralyze --regex-pattern 'good and evil.*of\s+\w+byte' the_crypto_archipelago.exe - Scan against an arbitrary YARA hex pattern: yaralyze --hex-pattern 'd0 93 d0 a3 d0 [-] 9b d0 90 d0 93' one_day_in_the_life_of_ivan_cryptosovich.bin What It Do: See the actual bytes your YARA rules are matching. No more digging around copy/pasting the start positions reported by YARA into your favorite hex editor. Displays both the bytes matched by YARA as well as a configurable number of bytes before and after each match in hexadecimal and 'raw' python string representation. Do the same for byte patterns and regular expressions without writing a YARA file. If you're too lazy to write a YARA file but are trying to determine, say, whether the

FEATURES

ALTERNATIVES

A network forensics toolkit that transforms network traffic data into graph-based representations for interactive analysis and visualization through a web interface.

A script to assist in creating templates for VirtualBox to enhance VM detection evasion.

A collection of tools for extracting and analyzing information from .git repositories

GUI-based memory forensic capture tool for cyber forensics and cyber crime investigation.

A framework/scripting tool to standardize and simplify the process of scripting favorite Live Acquisition utilities for Incident Responders.

A Windows Registry hive extraction library that reads and writes Windows Registry 'hive' binary files.

Free software for extracting Microsoft cabinet files, supporting all features and formats of Microsoft cabinet files and Windows CE installation files.

A library to access and read QEMU Copy-On-Write (QCOW) image file formats with support for zlib compression and AES-CBC encryption.