yaraMail
Yara Scanner For IMAP Feeds and saved Streams Reads an smtp formatted email file or connects to IMAP/POP server, reads emails and extracts attachments. Scans attachments with chosen Yara rule file. Writes the results to a Report File. Deletes the tmp dir created. Usage: IMAP Feed: python yaraMail.py -e -o sampleReport.txt -i -u me@you.com -p password -f inbox sample.yar imap.gmail.com POP Feed: python yaraMail.py -e -o sampleReport.txt -w -u you@me.com -p password sample.yar pop3.live.com From File: python yaraMail.py -e -o sampleReport.txt sample.yar SampleMail.txt Reports: Here is an example of the report print out From: Kevin Breen email@email.com Subject: Subject Line Att Name: Name of attatch.ext Matched Rules: Rule_Name1 Rule_Name2 Misc: The Attachement extract also extracts any Body to the EMail in either text/plain or text/HTML format -The text body of the email is typically named as part-001.ksh (this is what python mime guesses the ext as) -The HTML Body of the text is typically named as part-002.html ToDo: -Add verbose output
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
A Linux command-line tool that allows you to kill in-progress TCP connections based on a filter expression, useful for libnids-based applications that require a full TCP 3-way handshake for TCB creation.
A blog sharing packet capture files and malware samples for training and analysis, with archived posts and traffic analysis exercises.
A free, open-source network protocol analyzer for capturing and displaying packet-level data.
A free DNS recursive service that blocks malicious host names and protects user privacy.
Suricata offers real-time intrusion detection, intrusion prevention, and network monitoring.
pfSense is a leading open source firewall and network security solution, providing advanced protection and connectivity options.
A TCP-based traceroute implementation that bypasses firewall filters to trace the path to a destination.
Tor Browser is a free and open-source software that allows users to browse the internet anonymously and privately.
WireGuard is a fast, simple, and secure VPN that uses cutting-edge cryptography, designed for ease of use and performance.
PINNED
Proton Pass is a cross-platform password manager that provides encrypted storage, password generation, and security monitoring features with integrated 2FA and dark web monitoring capabilities.
NordVPN is a commercial VPN service that encrypts internet connections and hides IP addresses through a global network of servers, featuring integrated threat protection and multi-device support.
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.