YARALYZER
Visually inspect all of the regex matches (and their sexier, more cloak and dagger cousins, the YARA matches) found in binary data and/or text. See what happens when you force various character encodings upon those matched bytes. With colors. Quick Start: - pipx install yaralyzer - Scan against YARA definitions in a file: yaralyze --yara-rules /secret/vault/sigmunds_malware_rules.yara lacan_buys_the_dip.pdf - Scan against an arbitrary regular expression: yaralyze --regex-pattern 'good and evil.*of\s+\w+byte' the_crypto_archipelago.exe - Scan against an arbitrary YARA hex pattern: yaralyze --hex-pattern 'd0 93 d0 a3 d0 [-] 9b d0 90 d0 93' one_day_in_the_life_of_ivan_cryptosovich.bin What It Do: See the actual bytes your YARA rules are matching. No more digging around copy/pasting the start positions reported by YARA into your favorite hex editor. Displays both the bytes matched by YARA as well as a configurable number of bytes before and after each match in hexadecimal and 'raw' python string representation. Do the same for byte patterns and regular expressions without writing a YARA file. If you're too lazy to write a YARA file but are trying to determine, say, whether the
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
A library and set of tools for accessing and analyzing storage media devices and partitions for forensic analysis and investigation.
Powerful tool for searching and hunting through Windows forensic artefacts with support for Sigma detection rules and custom Chainsaw detection rules.
A PowerShell-based incident response and live forensic data acquisition tool for Windows hosts.
A command-line utility and Python package for mounting and unmounting various disk image formats with support for different volume systems and filesystems.
Anti-forensics tool for Red Teamers to erase footprints and test incident response capabilities.
A library to access and parse OLE 2 Compound File (OLECF) format files.
Zenduty's platform provides real-time operational health monitoring and incident response orchestration to improve incident response times and build a solid on-call culture.
A modified version of GNU dd with added features like hashing and fast disk wiping.
An anti-forensic kill-switch tool for USB ports to shut down the computer immediately in case of unauthorized access.
PINNED
Mandos
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.