Awesome
About
Often malware analysts require to search through base64-encoded samples with a search term such as Application.Run. base64_substring helps them by enumerating all possible base64 encoding for a given search term and generating a yara rule that checks those possiblities.
How to Run
Example: generating a yara rule that matches base64-encoded file containing Application term.
> python generate_yara_rule.py
> Please enter a rule name
MyRule
> Please enter a text
Application