yara_zip_module
This yara module can be used to search for strings inside a zip (.docx word file format) file. The files inside a zip are compressed and therefore not very well searchable for strings. This yara module unzips a requested file in memory and searches for a given string. Installation: The installation of the module should be pretty simple, but yara has to be built from source. - Clone the yara repository (https://github.com/VirusTotal/yara) - Copy yara_zip_modules files into the libyara folder of the yara clone: yara_zip_module/miniz.c --> yara/libyara/miniz.c yara_zip_module/include/yara/miniz.h --> yara/libyara/include/yara/miniz.h yara_zip_module/modules/zip.c --> yara/libyara/modules/zip.c - Edit the file yara/libyara/Makefile.am and add the module as well as the miniz library: MODULES += modules/zip.c yarainclude_HEADERS = include/yara/miniz.h libyara_la_SOURCES = miniz.c - Add the module to the module_list file in the modules folder: MODULE(zip) Now you can build yara by executing the make command inside the root folder. More information can be found here: https://yara.readthedocs.io/en/v3.7.0/writingmodules.html Usage: The yara zip module has at the moment only one funct
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
Collection of Python scripts for automating tasks and enhancing IDA Pro functionality
YARA module for supporting DCSO format bloom filters with hashlookup capabilities.
Falcon Sandbox is a malware analysis framework that provides in-depth static and dynamic analysis of files, offering hybrid analysis, behavior indicators, and integrations with various security tools.
Explores malware interaction with Windows API and methods for detection and prevention.
Multi-cloud antivirus scanning API with CLAMAV and YARA support for AWS S3, Azure Blob Storage, and GCP Cloud Storage.
Management portal for LoKi scanner with centralized database for scanning activities.
Guide on emulating Raspberry Pi with QEMU and exploring Arm TrustZone research.
PINNED
Mandos
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.