static file analysisAnalysis of file (doc, pdf, exe, ...) in deep (emmbedded file(s)) with clamscan and yara rules
apooxmlGenerate YARA rules for OOXML documents.
ThreatKBKnowledge base workflow management for YARA rules and C2 artifacts (IP, DNS, SSL) (ALPHA STATE AT THE MOMENT)
factual-rules-generatorFactual-rules-generator is an open source project which aims to generate YARA rules about installed software from a machine.
FunnelFunnel is a lightweight yara-based feed scraper
HyaraYara rule making tool (IDA Pro & Binary Ninja & Cutter Plugin)
yara-validatorValidates yara rules and tries to repair the broken ones.
YaraSharpC# wrapper around the Yara pattern matching library
detectionDetection in the form of Yara, Snort and ClamAV signatures.
moleYara powered NIDS with high speed packet capture powered by PF_RING
r2yarar2yara - Module for Yara using radare2 information
yara-forensicsSet of Yara rules for finding files using magics headers
yara-parserTools for parsing rulesets using the exact grammar as YARA. Written in Go.
binlexA Binary Genetic Traits Lexer Framework
ImHex-PatternsHex patterns, include patterns and magic files for the use with the ImHex Hex Editor
S1EMThis project is a SIEM with SIRP and Threat Intel, all in one.
threat-intelSignatures and IoCs from public Volexity blog posts.
uzenWebsite crawler with YARA detection
yara-exporterExporting MISP event attributes to yara rules usable with Thor apt scanner
whohkwhohk,linux下一款强大的应急响应工具 在linux下的应急响应往往需要通过繁琐的命令行来查看各个点的情况,有的时候还需要做一些格式处理,这对于linux下命令不是很熟悉的人比较不友好。本工具将linux下应急响应中常用的一些操作给集合了起来,并处理成了较为友好的格式,只需要通过一个参数就能代替繁琐复杂的命令来实现对各个点的检查。
Judge-Jury-and-ExecutableA file system forensics analysis scanner and threat hunting tool. Scans file systems at the MFT and OS level and stores data in SQL, SQLite or CSV. Threats and data can be probed harnessing the power and syntax of SQL.
PEiDYet another implementation of PEiD with yara
pyarascannerA simple many-rules to many-files YARA scanner for incident response or malware zoos.