yara_zip_module
This yara module can be used to search for strings inside a zip (.docx word file format) file. The files inside a zip are compressed and therefore not very well searchable for strings. This yara module unzips a requested file in memory and searches for a given string. Installation: The installation of the module should be pretty simple, but yara has to be built from source. - Clone the yara repository (https://github.com/VirusTotal/yara) - Copy yara_zip_modules files into the libyara folder of the yara clone: yara_zip_module/miniz.c --> yara/libyara/miniz.c yara_zip_module/include/yara/miniz.h --> yara/libyara/include/yara/miniz.h yara_zip_module/modules/zip.c --> yara/libyara/modules/zip.c - Edit the file yara/libyara/Makefile.am and add the module as well as the miniz library: MODULES += modules/zip.c yarainclude_HEADERS = include/yara/miniz.h libyara_la_SOURCES = miniz.c - Add the module to the module_list file in the modules folder: MODULE(zip) Now you can build yara by executing the make command inside the root folder. More information can be found here: https://yara.readthedocs.io/en/v3.7.0/writingmodules.html Usage: The yara zip module has at the moment only one funct
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
CAPA is a static analysis tool that detects and reports capabilities in executable files across multiple formats, mapping findings to MITRE ATT&CK tactics and techniques.
An open-source dynamic analysis framework that intercepts and monitors API calls in Android applications using the Android Substrate framework.
Intezer is a cloud-based malware analysis platform that detects and classifies malware using genetic code analysis.
Valkyrie is a sophisticated file verdict system that enhances malware detection through behavioral analysis and extensive file feature examination.
Joe Sandbox Community provides automated cloud-based malware analysis across multiple OS platforms.
yextend extends Yara's functionality by automatically handling archived and compressed content inflation, enabling pattern matching on files buried within multiple layers of archives.
A .NET assembly debugger and editor that enables reverse engineering and dynamic analysis of compiled .NET applications without source code access.
A sandbox for quickly sandboxing known or unknown families of Android Malware
PINNED
Proton Pass is a cross-platform password manager that provides encrypted storage, password generation, and security monitoring features with integrated 2FA and dark web monitoring capabilities.
NordVPN is a commercial VPN service that encrypts internet connections and hides IP addresses through a global network of servers, featuring integrated threat protection and multi-device support.
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.