YarG for Yara Logo

YarG for Yara

0
Free
Visit Website

Yet another rule generator for Yara IDAPython plugin for generating whole Yara rules/patterns from x86/x86-64 code. Operation called 'parameterization' applies to selected code/function. This operation finds alternatives for any possible operands and creates a pattern based on that information. Tested on IDA 7.5+. Installation: Copy the plugin to your IDA_HOME/plugins folder and install dependencies using 'pip install capstone tabulate plyara'. According to the Intel manual, an instruction has the following structure: Instruction prefix, Opcode, Mod R/M, SIB, Displacement, Immediate value. The plugin parameterizes the REX prefix as '4?' and creates candidates for Mod R/M positions based on fixed Mod, Reg, and R/M settings. It generates 4 types of patterns: Mod | ??? | ???, Mod | REG | ???, Mod | REG | R/M, Mod | ??? | R/M.

FEATURES

ALTERNATIVES

An API security and monitoring platform that automatically discovers, validates, and protects API endpoints while providing comprehensive management and analytics capabilities.

A tool for dynamic analysis of mobile applications in a controlled environment.

Statistical renaming, Type inference, and Deobfuscation tool for JavaScript code.

WackoPicko is a vulnerable website with known vulnerabilities, now available as a Docker image and included in the OWASP Broken Web Applications Project.

An Application Security Posture Management platform that helps organizations integrate security throughout the software development lifecycle with a focus on vulnerability management and secure coding practices.

A next-generation web scanner that identifies websites and recognizes web technologies, including content management systems, blogging platforms, and more.

A static analysis tool for Android apps that detects malware and other malicious code

A webshell manager via terminal for controlling web servers running PHP or MySQL.

PINNED