GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → imp0rtp3 → Yobi

imp0rtp3 / Yobi

Licence: GPL-3.0 License
Yara Based Detection Engine for web browsers

Programming Languages

javascript
184084 projects - #8 most used programming language
HTML
75241 projects
CSS
56736 projects

Labels

firefoxscannermalwaredfirantivirusyaraadd-on

Projects that are alternatives of or similar to Yobi

Loki
Loki - Simple IOC and Incident Response Scanner
Stars: ✭ 2,217 (+5584.62%)
Mutual labels:  scanner, dfir, antivirus, yara
Php Malware Finder
Detect potentially malicious PHP files
Stars: ✭ 1,245 (+3092.31%)
Mutual labels:  malware, antivirus, yara
Malice
VirusTotal Wanna Be - Now with 100% more Hipster
Stars: ✭ 1,253 (+3112.82%)
Mutual labels:  malware, dfir, antivirus
Multiscanner
Modular file scanning/analysis framework
Stars: ✭ 494 (+1166.67%)
Mutual labels:  malware, antivirus, yara
Signature Base
Signature base for my scanner tools
Stars: ✭ 1,212 (+3007.69%)
Mutual labels:  scanner, dfir, yara
Php Antimalware Scanner
AMWScan (PHP Antimalware Scanner) is a free tool to scan php files and analyze your project to find any malicious code inside it.
Stars: ✭ 181 (+364.1%)
Mutual labels:  scanner, malware, antivirus
Judge-Jury-and-Executable
A file system forensics analysis scanner and threat hunting tool. Scans file systems at the MFT and OS level and stores data in SQL, SQLite or CSV. Threats and data can be probed harnessing the power and syntax of SQL.
Stars: ✭ 66 (+69.23%)
Mutual labels:  scanner, antivirus, yara
freki
🐺 Malware analysis platform
Stars: ✭ 327 (+738.46%)
Mutual labels:  malware, yara
Batch-Antivirus
Batch Antivirus, a powerful antivirus suite written in batch with real-time protection and heuristical scanning.
Stars: ✭ 26 (-33.33%)
Mutual labels:  malware, antivirus
Defeat-Defender-V1.2
Powerful batch script to dismantle complete windows defender protection and even bypass tamper protection ..Disable Windows-Defender Permanently....Hack windows. POC
Stars: ✭ 885 (+2169.23%)
Mutual labels:  malware, antivirus
MalwareHashDB
Malware hashes for open source projects.
Stars: ✭ 31 (-20.51%)
Mutual labels:  malware, antivirus
binlex
A Binary Genetic Traits Lexer Framework
Stars: ✭ 303 (+676.92%)
Mutual labels:  malware, yara
JustEvadeBro
JustEvadeBro, a cheat sheet which will aid you through AMSI/AV evasion & bypasses.
Stars: ✭ 63 (+61.54%)
Mutual labels:  malware, antivirus
yara
Malice Yara Plugin
Stars: ✭ 27 (-30.77%)
Mutual labels:  malware, yara
S1EM
This project is a SIEM with SIRP and Threat Intel, all in one.
Stars: ✭ 270 (+592.31%)
Mutual labels:  malware, yara
yara-validator
Validates yara rules and tries to repair the broken ones.
Stars: ✭ 37 (-5.13%)
Mutual labels:  dfir, yara
moneta
Moneta is a live usermode memory analysis tool for Windows with the capability to detect malware IOCs
Stars: ✭ 384 (+884.62%)
Mutual labels:  scanner, malware
r2yara
r2yara - Module for Yara using radare2 information
Stars: ✭ 30 (-23.08%)
Mutual labels:  malware, yara
HomebrewOverlay
Browser extension adware (showHomebrewOverlayOuter)
Stars: ✭ 52 (+33.33%)
Mutual labels:  firefox, malware
apooxml
Generate YARA rules for OOXML documents.
Stars: ✭ 34 (-12.82%)
Mutual labels:  malware, yara
View All Similar Projects ➔

Yobi

drawing

Install Yobi Here

Yara Based Detection for web browsers

Yobi is a basic firefox extension which allows to run public or private YARA rules on all scripts and pages rendered by the browser. Yobi saves files that trigger its rules and allows further inspection of them.

Yobi is completly serverless - no telemtry or other information is collected.

Manual Installation

  1. clone the repo.
  2. Go to about:debugging in firefox or other Gecko based browser, click "This Firefox"-> Load Temporary Add on and select manifest.json.
  3. Done!

What can Yobi do?

  1. Capture any file requested by the web browser and identified as malicious by a YARA rule.
  2. Use custom YARA rules.
  3. Download the malicious files (as zip, default password is "infected").
  4. Query the file hash in VirusTotal.

YARA rules

YARA rules are fetched from a repository of JS rules I created: js-yara-rules. The repo consists of free JS rules I found on the internet and some I wrote myself. Feel free to create pull requests for additional rellevant rules.

You can change the yara rules the extension uses under Add-ons->Yobi->Preferences

Right now, YARA version 4.0.5 is used. libyara-wasm will be updated shortly and Yobi will then run the latest YARA verions.

Yobi's Inner Workings

Execution Flow

Yobi uses the Gecko webrequests feature browser.webRequest.onBeforeRequest which enables it to intercept any request and response. Yobi saves the buffer and forward it. The YARA rules run asynchronously to that and alert whether a match is found.

Dependencies

Yobi Depends on the following libraries:

  1. libyara-wasm - A porting of the whole YARA engine to wasm
  2. SJCL - JS encryption library used for calculating sha256.
  3. jszip - A compact JS library to create zip files. used PR 6969 that added the option to encrypt the archive.
  4. Bootstrap
  5. jQuery

Why doesn't Yobi block the malicious scripts?

Preventing any script to run before running YARA rules on it would create a significant delay for the user.=

Continuing Development

This version is still very basic and should serve as a prototype only. Please open issues and pull request for new features or bugs you encounter.

Contact and Feedback

Contact me via twitter - @imp0rtp3

Screenshots

Yobi alerts Dashboard Closed

Yobi alerts Dashboard Opened

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].