yaraMail
Yara Scanner For IMAP Feeds and saved Streams Reads an smtp formatted email file or connects to IMAP/POP server, reads emails and extracts attachments. Scans attachments with chosen Yara rule file. Writes the results to a Report File. Deletes the tmp dir created. Usage: IMAP Feed: python yaraMail.py -e -o sampleReport.txt -i -u me@you.com -p password -f inbox sample.yar imap.gmail.com POP Feed: python yaraMail.py -e -o sampleReport.txt -w -u you@me.com -p password sample.yar pop3.live.com From File: python yaraMail.py -e -o sampleReport.txt sample.yar SampleMail.txt Reports: Here is an example of the report print out From: Kevin Breen email@email.com Subject: Subject Line Att Name: Name of attatch.ext Matched Rules: Rule_Name1 Rule_Name2 Misc: The Attachement extract also extracts any Body to the EMail in either text/plain or text/HTML format -The text body of the email is typically named as part-001.ksh (this is what python mime guesses the ext as) -The HTML Body of the text is typically named as part-002.html ToDo: -Add verbose output
FEATURES
ALTERNATIVES
A suite for man in the middle attacks, featuring sniffing of live connections, content filtering, and protocol dissection.
NBD is a user-space network protocol for sharing block devices over a network, allowing clients to access block devices on a server as if they were local.
pfSense is a leading open source firewall and network security solution, providing advanced protection and connectivity options.
PFQ v6.2 is a functional framework for Linux optimized for efficient packet capture/transmission and in-kernel processing.
Ensnare is a gem plugin for Ruby on Rails that enables quick deployment of a malicious behavior detection and response scheme using Honey Traps and Trap Responses.
A tool for extracting common indicators of compromise from a block of text.
A complete suite of tools for assessing WiFi network security with capabilities for monitoring, attacking, testing, and cracking.
Impost is a powerful network security auditing tool with honey pot and packet sniffer capabilities.
PINNED
InfoSecHired
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.
Fabric Platform by BlackStork
Fabric Platform is a cybersecurity reporting solution that automates and standardizes report generation, offering a private-cloud platform, open-source tools, and community-supported templates.
Mandos Brief Newsletter
Stay ahead in cybersecurity. Get the week's top cybersecurity news and insights in 8 minutes or less.
System Two Security
An AI-powered platform that automates threat hunting and analysis by processing cyber threat intelligence and generating customized hunt packages for SOC teams.
Aikido Security
Aikido is an all-in-one security platform that combines multiple security scanning and management functions for cloud-native applications and infrastructure.
Permiso
Permiso is an Identity Threat Detection and Response platform that provides comprehensive visibility and protection for identities across multiple cloud environments.
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Adversa AI
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.