awesome-yara - A curated list of awesome YARA rules, tools, and people.

  •        9

A curated list of awesome YARA rules, tools, and resources. Inspired by awesome-python and awesome-php. YARA is an ancronym for: YARA: Another Recursive Ancronym, or Yet Another Ridiculous Acronym. Pick your choice.



Related Projects

yarGen - yarGen is a generator for YARA rules

  •    Python

The main principle is the creation of yara rules from strings found in malware files while removing all strings that also appear in goodware files. Therefore yarGen includes a big goodware strings and opcode database as ZIP archives that have to be extracted before the first use. Since version 0.12.0 yarGen does not completely remove the goodware strings from the analysis process but includes them with a very low score depending on the number of occurences in goodware samples. The rules will be included if no better strings can be found and marked with a comment /* Goodware rule */. Force yarGen to remove all goodware strings with --excludegood. Also since version 0.12.0 yarGen allows to place the "strings.xml" from PEstudio in the program directory in order to apply the blacklist definition during the string analysis process. You'll get better results.

Yara - The pattern matching swiss knife for malware researchers

  •    C

YARA is a tool aimed at (but not limited to) helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families (or whatever you want to describe) based on textual or binary patterns. Each description, a.k.a rule, consists of a set of strings and a boolean expression which determine its logic.

binaryalert - BinaryAlert: Serverless, Real-time & Retroactive Malware Detection

  •    Python

BinaryAlert is an open-source serverless AWS pipeline where any file uploaded to an S3 bucket is immediately scanned with a configurable set of YARA rules. An alert will fire as soon as any match is found, giving an incident response team the ability to quickly contain the threat before it spreads.

rules - Repository of yara rules

  •    Shell

This project covers the need of a group of IT Security Researchers to have a single repository where different Yara signatures are compiled, classified and kept as up to date as possible, and began as an open source community for collecting Yara rules. Our Yara ruleset is under the GNU-GPLv2 license and open to any user or organization, as long as you use it under this license. Yara is becoming increasingly used, but knowledge about the tool and its usage is dispersed across many different places. The Yara Rules project aims to be the meeting point for Yara users by gathering together a ruleset as complete as possible thusly providing users a quick way to get Yara ready for usage.

signature-base - Signature base for my scanner tools

  •    Python

The signature-base repository is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This signature-base is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICLAR PURPOSE. See the GNU General Public License for more details.

multiscanner - Modular file scanning/analysis framework

  •    Javascript

MultiScanner is a file analysis framework that assists the user in evaluating a set of files by automatically running a suite of tools for the user and aggregating the output. Tools can be custom built Python scripts, web APIs, software running on another machine, etc. Tools are incorporated by creating modules that run in the MultiScanner framework. Modules are designed to be quickly written and easily incorporated into the framework. Currently written and maintained modules are related to malware analytics, but the framework is not limited to that scope. For a list of modules you can look in modules/. Descriptions and config options can be found on the Analysis Modules page.

Loki - Loki - Simple IOC and Incident Response Scanner

  •    Python

The Windows binary is compiled with PyInstaller 2.1 and should run as x86 application on both x86 and x64 based systems. Download the latest version of LOKI from the releases section.

php-malware-finder - Detect potentially malicious PHP files

  •    PHP

PHP-malware-finder does its very best to detect obfuscated/dodgy code as well as files using PHP functions often used in malwares/webshells. Of course it's trivial to bypass PMF, but its goal is to catch kiddies and idiots, not people with a working brain. If you report a stupid tailored bypass for PMF, you likely belong to one (or both) category, and should re-read the previous statement.

PasteHunter - Scanning pastebin with yara rules

  •    Python

PasteHunter is a python3 application that is designed to query a collection of sites that host publicliy pasted data. For all the pasts it finds it scans the raw contents against a series of yara rules looking for information that can be used by an org or a researcher. Refer to your email provider to determine which you require.

h4cker - This repository is primarily maintained by Omar Santos and includes resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more

  •    Java

This repository includes thousands of cybersecurity-related references and resources and it is maintained by Omar Santos. This GitHub repository has been created to provide supplemental material to several books, video courses, and live training created by Omar Santos and other co-authors. It provides over 6,000 references, scripts, tools, code, and other resources that help offensive and defensive security professionals learn and develop new skills. This GitHub repository provides guidance on how build your own hacking environment, learn about offensive security (ethical hacking) techniques, vulnerability research, exploit development, reverse engineering, malware analysis, threat intelligence, threat hunting, digital forensics and incident response (DFIR), includes examples of real-life penetration testing reports, and more. These courses serve as comprehensive guide for any network and security professional who is starting a career in ethical hacking and penetration testing. It also can help individuals preparing for the Offensive Security Certified Professional (OSCP), the Certified Ethical Hacker (CEH), CompTIA PenTest+ and any other ethical hacking certification. This course helps any cyber security professional that want to learn the skills required to becoming a professional ethical hacker or that want to learn more about general hacking methodologies and concepts.

MISP - MISP (core software) - Open Source Threat Intelligence Platform (formely known as Malware Information Sharing Platform)

  •    PHP

MISP, is an open source software solution for collecting, storing, distributing and sharing cyber security indicators and threat about cyber security incidents analysis and malware analysis. MISP is designed by and for incident analysts, security and ICT professionals or malware reverser to support their day-to-day operations to share structured informations efficiently. The objective of MISP is to foster the sharing of structured information within the security community and abroad. MISP provides functionalities to support the exchange of information but also the consumption of the information by Network Intrusion Detection System (NIDS), LIDS but also log analysis tools, SIEMs.

Yara: Yet Another RSS Aggregator

  •    C

Yara is a fast, embeddable RSS aggregator and parser. It is written in C++ and exposes a very simple API in C.

Malware-Analysis - List of awesome malware analysis tools and resources


A curated list of awesome malware analysis tools and resources. . Web traffic anonymizers for analysts.

magento-malware-scanner - Scanner, signatures and the largest collection of Magento malware

  •    HTML

Magento is a profitable target for hackers. Since 2015, I have identified more than 40.000 compromised stores. In most cases, malware is inserted that will a) intercept customer data, b) divert payments or c) uses your customers for cryptojacking. This project contains both a fast scanner to quickly find malware, and a collection of Magento malware signatures. They are recommended by Magento and used by the US Department of Homeland Security, the Magento Marketplace, Magereport, the Mage Security Council and many others.

sigma - Generic Signature Format for SIEM Systems

  •    Python

Sigma is a generic and open signature format that allows you to describe relevant log events in a straight forward manner. The rule format is very flexible, easy to write and applicable to any type of log file. The main purpose of this project is to provide a structured form in which researchers or analysts can describe their once developed detection methods and make them shareable with others. Sigma is for log files what Snort is for network traffic and YARA is for files.

awesome-threat-detection - A curated list of awesome threat detection and hunting resources


Contributions welcome! Read the contribution guidelines first. To the extent possible under law, Adel "0x4D31" Karimi has waived all copyright and related or neighboring rights to this work.

syntastic - Syntax checking hacks for vim

  •    Vim

Syntastic is a syntax checking plugin for Vim created by Martin Grenfell. It runs files through external syntax checkers and displays any resulting errors to the user. This can be done on demand, or automatically as files are saved. If syntax errors are detected, the user is notified and is happy because they didn't have to compile their code or execute their script to find them. At the time of this writing, syntastic has checking plugins for ACPI Source Language, ActionScript, Ada, Ansible configurations, API Blueprint, AppleScript, AsciiDoc, Assembly languages, BEMHTML, Bro, Bourne shell, C, C++, C#, Cabal, Chef, CMake, CoffeeScript, Coco, Coq, CSS, Cucumber, CUDA, D, Dart, DocBook, Dockerfile, Dust, Elixir, Erlang, eRuby, Fortran, Gentoo metadata, GLSL, Go, Haml, Haskell, Haxe, Handlebars, HSS, HTML, Java, JavaScript, JSON, JSX, Julia, LESS, Lex, Limbo, LISP, LLVM intermediate language, Lua, Markdown, MATLAB, Mercury, NASM, Nix, Objective-C, Objective-C++, OCaml, Perl, Perl 6, Perl POD, PHP, gettext Portable Object, OS X and iOS property lists, Pug (formerly Jade), Puppet, Python, QML, R, Racket, RDF TriG, RDF Turtle, Relax NG, reStructuredText, RPM spec, Ruby, SASS/SCSS, Scala, Slim, SML, Solidity, Sphinx, SQL, Stylus, Tcl, TeX, Texinfo, Twig, TypeScript, Vala, Verilog, VHDL, Vim help, VimL, Vue.js, xHtml, XML, XSLT, XQuery, YACC, YAML, YANG data models, YARA rules, z80, Zope page templates, and Zsh. See the manual for details about the corresponding supported checkers (:help syntastic-checkers in Vim).

linux.mirai - Leaked Linux.Mirai Source Code for Research/IoC Development Purposes

  •    C

Uploaded for research purposes and so we can develop IoC's and such. See "post.txt" (transcribed in for the post in which it leaks, if you want to know how it is all set up and the likes.

awesome-hacking - Awesome hacking is an awesome collection of hacking tools.

  •    Python

Awesome hacking is a curated list of hacking tools for hackers, pentesters and security researchers. Its goal is to collect, classify and make awesome tools easy to find by humans, creating a toolset you can checkout and update with one command. Every kind of contribution is really appreciated! Follow the :doc:`contribute`.

We have large collection of open source products. Follow the tags from Tag Cloud >>

Open source products are scattered around the web. Please provide information about the open source projects you own / you use. Add Projects.