yara_zip_module Logo

yara_zip_module

0
Free
Visit Website

This yara module can be used to search for strings inside a zip (.docx word file format) file. The files inside a zip are compressed and therefore not very well searchable for strings. This yara module unzips a requested file in memory and searches for a given string. Installation: The installation of the module should be pretty simple, but yara has to be built from source. - Clone the yara repository (https://github.com/VirusTotal/yara) - Copy yara_zip_modules files into the libyara folder of the yara clone: yara_zip_module/miniz.c --> yara/libyara/miniz.c yara_zip_module/include/yara/miniz.h --> yara/libyara/include/yara/miniz.h yara_zip_module/modules/zip.c --> yara/libyara/modules/zip.c - Edit the file yara/libyara/Makefile.am and add the module as well as the miniz library: MODULES += modules/zip.c yarainclude_HEADERS = include/yara/miniz.h libyara_la_SOURCES = miniz.c - Add the module to the module_list file in the modules folder: MODULE(zip) Now you can build yara by executing the make command inside the root folder. More information can be found here: https://yara.readthedocs.io/en/v3.7.0/writingmodules.html Usage: The yara zip module has at the moment only one funct

FEATURES

ALTERNATIVES

Collection of Python scripts for automating tasks and enhancing IDA Pro functionality

A wordlist to bruteforce for Local File Inclusion (LFI) vulnerabilities

Dynamic binary analysis library with various analysis and emulation capabilities.

Scan folders and files for crypto patterns, hacking team malware, and malicious documents using PEID signatures.

Automated blind-xss search for Burp Suite

SwishDbgExt is a Microsoft WinDbg debugging extension that enhances debugging capabilities for kernel developers, troubleshooters, and security experts.

Code to prevent a managed .NET debugger/profiler from working.

A simple JWT token brute force cracker