YarG for Yara Logo

YarG for Yara

0
Free
Visit Website

Yet another rule generator for Yara IDAPython plugin for generating whole Yara rules/patterns from x86/x86-64 code. Operation called 'parameterization' applies to selected code/function. This operation finds alternatives for any possible operands and creates a pattern based on that information. Tested on IDA 7.5+. Installation: Copy the plugin to your IDA_HOME/plugins folder and install dependencies using 'pip install capstone tabulate plyara'. According to the Intel manual, an instruction has the following structure: Instruction prefix, Opcode, Mod R/M, SIB, Displacement, Immediate value. The plugin parameterizes the REX prefix as '4?' and creates candidates for Mod R/M positions based on fixed Mod, Reg, and R/M settings. It generates 4 types of patterns: Mod | ??? | ???, Mod | REG | ???, Mod | REG | R/M, Mod | ??? | R/M.

FEATURES

ALTERNATIVES

Open Redirection Analyzer

Backslash Security is an application security platform that uses reachability analysis to enhance SAST and SCA, prioritize vulnerabilities, and provide remediation guidance.

Octoscan is a static analysis tool that scans GitHub Actions workflows for security vulnerabilities and misconfigurations.

A web security tool that scans for vulnerabilities and known attacks.

A device security analysis platform that provides comprehensive vulnerability scanning, SBOM management, and supply chain security monitoring for connected devices and their components.

ConDroid performs concolic execution of Android apps to observe 'interesting' behavior in dynamic analysis.

Search engine for open-source Git repositories with advanced features like case sensitivity and regular expressions.

A developer-first, API-driven platform that provides development teams with a suite of tools to improve code quality, security, and engineering performance, seamlessly integrated into their existing development workflows.