The Yaralyzer is a new tool for visualizing / force decoding YARA and regular expression matches in binary and text

This page summarizes the projects mentioned and recommended in the original post on /r/Malware

Our great sponsors
  • InfluxDB - Access the most powerful time series database as a service
  • Sonar - Write Clean Python Code. Always.
  • SaaSHub - Software Alternatives and Reviews
  • yaralyzer

    Visually inspect and force decode YARA and regex matches found in both binary and text data. With Colors.

    Long story short I ended up realizing that I could use YARA as a generic backend matching engine to locate these and other byte patterns and a couple of python libraries to try to detect the character encoding and/or force encodings of my choice upon the matched bytes. I ended up extracting the binary regex/YARA match/force decode part of The Pdfalyzer into a new tool that just does the matching/decoding part, which I called The Yaralyzer.

  • pdfalyzer

    Analyze PDFs. With colors. And Yara.

    A few weeks ago I made a post here about a PDF that evaded all malware detection and caused a security breach, almost certainly through PDF instructions hidden inside of an Adobe Type1 Font binary stream embedded within a PDF. At the time I posted a link to a tool I wrote called The Pdfalyzer that diagrams a PDF's internal and scans for various suspect content.

  • InfluxDB

    Access the most powerful time series database as a service. Ingest, store, & analyze all types of time series data in a fully-managed, purpose-built database. Keep data forever with low-cost storage and superior data compression.

  • CyberChef

    The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis

    I think you could do a lot of this with cyberchef

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts