Awesome

Awesome YARA

A curated list of awesome YARA rules, tools, and resources. Inspired by awesome-python and awesome-php.

• Awesome YARA
  • Rules
  • Tools
  • People
  • Related Awesome Lists
  • Contributing

Rules

• 0day1day Rules - A few signatures from various sources.
• AlienVault Labs Rules - Malware rules from AlienVault Labs.
• BinaryAlert YARA Rules - Rules bundled into AirBnB's BinaryAlert tool.
• Burp YARA Rules - Intended to be used with the Burp Yara-Scanner extension.
• Brian Carter Rules - Rules for Yara. Mostly for use with VirusTotal.
• CAPE Rules - Rules from various authors bundled with the Config And Payload Extraction Cuckoo Sandbox extension.
• CDI Rules - A few rules published by CyberDefenses.
• Citizen Lab Malware Signatures - YARA signatures developed by Citizen Lab.
• Dan Borges Rules - Rules for identifying features of binaries for deeper inspection.
• Didier Stevens Rules - A couple rules published by Didier Stevens.
• GoDaddy Rules - Written for use with ProcFilter.
• h3x2b Rules - A collection of signatures from h3x2b.
• Icewater Rules - Repository of YARA rules generated by a malware classification algorithm, similar to to AI and learning approaches.
• InQuest Rules - A collection of YARA rules we wish to share with the world.
• Kevin Falcoz Rules - Small collection of malware-related rules.
• Malice.IO YARA Plugin Rules - Collected rules rom various authors.
• Patrick Olsen Rules - Miscellaneous YARA rules.
• SpiderLabs Rules - A few malware rules published by SpiderLabs.
• Tenable Rules - A small collection from Tenable Network Security.
• VectraThreatLab Rules - YARA rules for identifying anti-RE malware techniques.
• x64dbg Signatures - A few signatures to possibly be included in x64dbg.
• YARA-FORENSICS - Rules for finding files using magic headers.
• YaraRules Project Official Repo - Large collection of rules constantly updated by the community.

Tools

• AirBnB BinaryAlert - BinaryAlert is an open-source serverless AWS pipeline where any file uploaded to an S3 bucket is immediately scanned with a configurable set of YARA rules. An alert will fire as soon as any match is found, giving an incident response team the ability to quickly contain the threat before it spreads.
• findcrypt-yara - IDA pro plugin to find crypto constants (and more).
• InQuest ThreatKB - Knowledge base workflow management for YARA rules and C2 artifacts (IP, DNS, SSL).
• Laika BOSS - Laika is an object scanner and intrusion detection system that strives to achieve the following goals: Scalable, Flexible, Verbose. (whitepaper)
• MITRE MultiScanner - MultiScanner is a file analysis framework that assists the user in evaluating a set of files by automatically running a suite of tools for the user and aggregating the output. Tools can be custom built python scripts, web APIs, software running on another machine, etc.
• OCYara - The OCyara module performs OCR (Optical Character Recognition) on image files and scans them for matches to YARA rules. OCyara also can process images embedded in PDF files.
• PasteHunter - Scan pastebin.com with YARA rules.
• ProcFilter - Helps create YARA signatures that protect Windows environments against a specific threat.
• stoQ - A modular and highly customizable framework for the creation of data sets from multiple disparate data sources.
• yabin - Creates YARA signatures from executable code within malware.
• YaraGuardian - Django web inerface for managing YARA rules.
• YaraManager - Web based Manager for YARA Rules.
• Yara-Scanner - A Python-based extension that integrates a YARA scanner into Burp Suite. Yara-Scanner allows you perform on-demand YARA scans of websites within the Burp interface, based on custom YARA rules that you write or obtain.
• Yara Python ICAP Server - An ICAP server with YARA scanner.
• Yara-Validator - Validates YARA rules and tries to repair the broken ones.
• yarGen - A YARA rule generator for finding related samples and hunting.
• Yeti - Yeti is a platform meant to organize observables, indicators of compromise, TTPs, and knowledge on threats in a single, unified repository.
• yextend - YARA integrated software to handle archive file data.

People

Related Awesome Lists

• Crawler
• CVE PoC
• Forensics
• Hacking
• Honeypots
• Incident-Response
• Infosec
• IOCs
• Malware Analysis
• ML for Cyber Security
• OSINT
• PCAP Tools
• Pentesting
• Security
• Static Analysis
• Threat Intelligence

Contributing

Pull requests and issues with suggestions are welcome! Please try to keep your changes cleanly formatted and alphabetized. By submitting a PR you agree to release your contributions under the terms of the LICENSE.