Top 23 Yara Open-Source Projects

• yara

  19 7,632 8.8 C

  The pattern matching swiss knife

  

Project mention: Ask HN: Regex on a File or Stream | news.ycombinator.com | 2024-03-06

• awesome-yara

  7 3,245 5.6

  A curated list of awesome YARA rules, tools, and people.

  

• InfluxDB

  www.influxdata.com sponsored

  Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  

• Loki

  12 3,219 5.7 Python

  Loki - Simple IOC and YARA Scanner (by Neo23x0)

Project mention: My Boss Downloaded and Opened a .lnk File and Installed a Malware in His Device | /r/computerforensics | 2023-06-06

You should run a tool like loki for ioc scanning. This will identify persistence https://github.com/Neo23x0/Loki

• signature-base

  12 2,329 9.2 YARA

  YARA signature and IOC database for my scanners and tools

Project mention: Xzbot: Notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094) | news.ycombinator.com | 2024-04-01

> It doesn't matter.

To understand the exact behavior and extend of the backdoor, this does matter. An end to end proof of how it works is exactly what was needed.

> A way to check if servers are vulnerable is probably by querying the package manager

Yes, this has been know since the initial report + later discovering what exact strings are present for the payload.

https://github.com/Neo23x0/signature-base/blob/master/yara/b...

> Not very sophisticated, but it'll work.

Unfortunately, we live in a world with closed-servers and appliances - being able as a customer or pen tester rule out certain class of security issues without having the source/insights available is usually desirable.

• DIE-engine

  1 2,101 10.0 C++

  DIE engine

• APKiD

  1 1,895 7.4 YARA

  Android Application Identifier for Packers, Protectors, Obfuscators and Oddities - PEiD for Android

  

• malware-ioc

  6 1,503 6.9 YARA

  Indicators of Compromises (IOC) of our various investigations

  

• WorkOS

  workos.com sponsored

  The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

  

• yarGen

  1 1,447 5.5 Python

  yarGen is a generator for YARA rules

• YaraHunter

  3 1,229 9.6 Go

  🔍🔍 Malware scanner for cloud-native, as part of CI/CD and at Runtime 🔍🔍

  

• Ukraine-Cyber-Operations

  10 908 3.4 YARA

  Curated Intelligence is working with analysts from around the world to provide useful information to organisations in Ukraine looking for additional free threat intelligence. Slava Ukraini. Glory to Ukraine.

  

• strelka

  1 796 9.3 Python

  Real-time, container-based file scanning at enterprise scale (by target)

  

• ThreatIngestor

  1 781 7.6 Python

  Extract and aggregate threat intelligence.

  

• reversinglabs-yara-rules

  3 688 5.6 YARA

  ReversingLabs YARA Rules

  

• yara-python

  1 622 6.8 C

  The Python interface for YARA

  

• ImHex-Patterns

  2 532 8.8 Rust

  Hex patterns, include patterns and magic files for the use with the ImHex Hex Editor

• iocextract

  1 485 5.4 Python

  Defanged Indicator of Compromise (IOC) Extractor.

  

• S1EM

  1 385 7.2 Shell

  This project is a SIEM with SIRP and Threat Intel, all in one.

Project mention: Homelab Cybersecurity Idea | /r/homelab | 2023-04-28

Also have an instance of S1EM - https://github.com/V1D1AN/S1EM - running, monitoring my home LAN, firewall etc. It's huge overkill, and your machine may struggle to run it if you ran anything else with it, but might be worth looking at.

• binlex

  1 384 4.3 C++

  A Binary Genetic Traits Lexer Framework

• go-yara

  1 342 5.9 Go

  Go bindings for YARA

Project mention: Best regexp alternative for Go. Benchmarks. Plots. | dev.to | 2023-08-26

go-yara - A tool for identifying and classifying malware samples. Although YARA has functionality for templating and regular expressions, it is very limited, so I will not include this library in the upcoming tests.

• sauron

  1 177 0.0 Rust

  A minimalistic cross-platform malware scanner with non-blocking realtime filesystem monitoring using YARA rules. (by evilsocket)

• YAMA

  2 166 5.6 C++

  Yet Another Memory Analyzer for malware detection

  

Project mention: YAMA: Yet Another Memory Analyzer for malware detection | /r/blueteamsec | 2023-08-14

• fleur

  3 116 0.0 C

  Fleur implements a Bloom Filter library in C that is fully compatible with DCSO's Go and python implementations.

  

• wafaray

  2 106 10.0 Shell

  Enhance your malware detection with WAF + YARA (WAFARAY)

• SaaSHub

  www.saashub.com sponsored

  SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

  

Yara related posts

• Xzbot: Notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094)
  6 projects | news.ycombinator.com | 1 Apr 2024
• Ask HN: Regex on a File or Stream
  2 projects | news.ycombinator.com | 6 Mar 2024
• Who does check linux distros of malware - open source
  5 projects | /r/linux | 10 Dec 2023
• Release YARA v4.4.0-rc1 - lnk module
  1 project | /r/blueteamsec | 20 Sep 2023
• YAMA: Yet Another Memory Analyzer for malware detection
  1 project | /r/blueteamsec | 14 Aug 2023
• My Boss Downloaded and Opened a .lnk File and Installed a Malware in His Device
  1 project | /r/computerforensics | 6 Jun 2023
• Exploit Outlook CVE-2023-23397 Yara - to detect .msg files exploiting CVE-2023-23397 in Microsoft Outlook
  1 project | /r/u_Tsofmetasploit | 16 Mar 2023
• A note from our sponsor - WorkOS
  workos.com | 25 Apr 2024

  The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning. Learn more →

Index

Sponsored

SaaSHub - Software Alternatives and Reviews

SaaSHub helps you find the best software and product alternatives

www.saashub.com