Simple yara rule manager

Last update: Nov 17, 2022

Overview

Yara Manager

A simple program to manage your yara ruleset in a (sqlite) database.

Todos

Search rules and descriptions
Cluster rules in rulesets
Enforce configurable default set of meta fields
Implement backup and sharing possibilities

Installation

pip install yaramanager

Features

Asciinema (out of date)

Store your Yara rules in a DB locally and manage them.

Usage

$ ym
Usage: ym [OPTIONS] COMMAND [ARGS]...

Options:
  --help  Show this message and exit.

Commands:
  add      Add a new rule to the database.
  config   Review and change yaramanager configuration.
  db       Manage your databases
  del      Delete a rule by its ID or name.
  edit     Edits a rule with your default editor.
  export   Export rules from the database.
  get      Get rules from the database.
  help     Displays help about commands
  list     Lists rules available in DB.
  parse    Parses rule files.
  read     Read rules from stdin.
  scan     Scan files using your rulesets.
  search   Searches through your rules.
  stats    Prints stats about the database contents.
  tags     Show tags and the number of tagged rules
  version  Displays the current version.

Comments

Filter rules by tags - exclusion

Hello @3c7 - I wanted to apply some extra filtering conditions using a SQLAlchemy query, but didn't succeeded yet. Here is a question where i described most of the issue, and I was wondering if you may have a better idea maybe? Much appreciated. Thanks

opened by silvian-io 4
nocase error

If a rule has nocase like:

strings: $x00 = "test" ascii wide nocase

results in below is saved to db: $x00 = "test" ascii wide

You lose nocase

opened by mrJingl3s 1
Bump mako from 1.1.6 to 1.2.2
Bumps mako from 1.1.6 to 1.2.2.

Release notes

Sourced from mako's releases.

1.2.2

Released: Mon Aug 29 2022

bug

[bug] [lexer] Fixed issue in lexer where the regexp used to match tags would not correctly interpret quoted sections individually. While this parsing issue still produced the same expected tag structure later on, the mis-handling of quoted sections was also subject to a regexp crash if a tag had a large number of quotes within its quoted sections.

References: #366

1.2.1

Released: Thu Jun 30 2022

bug

[bug] [tests] Various fixes to the test suite in the area of exception message rendering to accommodate for variability in Python versions as well as Pygments.

References: #360

misc

[performance] Optimized some codepaths within the lexer/Python code generation process, improving performance for generation of templates prior to their being cached. Pull request courtesy Takuto Ikuta.

References: #361

1.2.0

Released: Thu Mar 10 2022

changed

[changed] [py3k] Corrected "universal wheel" directive in setup.cfg so that building a wheel does not target Python 2.

References: #351

[changed] [py3k] The bytestring_passthrough template argument is removed, as this flag only applied to Python 2.

... (truncated)

Commits

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 1
Bump setuptools from 65.5.0 to 65.5.1
Bumps setuptools from 65.5.0 to 65.5.1.

Changelog

Sourced from setuptools's changelog.

v65.5.1

Misc ^^^^

#3638: Drop a test dependency on the mock package, always use :external+python:py:mod:unittest.mock -- by :user:hroncok

#3659: Fixed REDoS vector in package_index.

Commits

a462cb5 Bump version: 65.5.0 → 65.5.1

de35d8b Merge pull request #3656 from bmorris3/typos

58e23de Update changelog. Ref #3659.

43a9c9b Limit the amount of whitespace to search/backtrack. Fixes #3659.

5791343 Add test capturing failed expectation. Ref #3659.

1f97905 ⚫ Fade to black.

6254567 Remove workaround for emacs.

729b180 ⚫ Fade to black.

c068081 Typo corrections

f777a40 Suppress deprecation warning in --rsyncdir. Workaround for #3655.

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 0
Bump certifi from 2022.9.24 to 2022.12.7
Bumps certifi from 2022.9.24 to 2022.12.7.

Commits

9e9e840 2022.12.07

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 0

Releases(v0.2.1)

v0.2.1(Nov 2, 2022)

Source code(tar.gz)
Source code(zip)
yaramanager-0.2.1-py3-none-any.whl(37.59 KB)
yaramanager-0.2.1.tar.gz(25.41 KB)
yaramanager-v0.2.1-linux.zip(24.82 MB)
yaramanager-v0.2.1-macos.zip(12.04 MB)
yaramanager-v0.2.1-windows.zip(13.87 MB)
v0.2.0(Nov 2, 2022)
Release for DB update

Adding missing string modifiers

Updating dependencies

Source code(tar.gz)
Source code(zip)
yaramanager-0.2.0-py3-none-any.whl(37.59 KB)
yaramanager-0.2.0.tar.gz(25.41 KB)
yaramanager-v0.2.0-linux.zip(24.82 MB)
yaramanager-v0.2.0-macos.zip(12.04 MB)
yaramanager-v0.2.0-windows.zip(13.87 MB)
v0.2.0-rc1(Feb 21, 2022)

This release introduces a change in the DB schema. It's possible now to use MySQL/MariaDB and Postgres as database.
Source code(tar.gz)
Source code(zip)
yaramanager-0.2.0rc1-py3-none-any.whl(37.55 KB)
yaramanager-0.2.0rc1.tar.gz(25.78 KB)
yaramanager-v0.2.0-rc1-linux.zip(23.21 MB)
yaramanager-v0.2.0-rc1-macos.zip(11.77 MB)
yaramanager-v0.2.0-rc1-windows.zip(13.34 MB)
v0.1.16(Feb 21, 2022)
Updated dependencies

Added externals parameter to yara-python calls, so the filename parameter can be used within yara rules

Added --ruleset, -R switch to the add command, so multiple rules within a rule file will be added to a ruleset, based on the filename of the given rule file

Source code(tar.gz)
Source code(zip)
yaramanager-0.1.16-py3-none-any.whl(36.65 KB)
yaramanager-0.1.16.tar.gz(24.88 KB)
yaramanager-v0.1.16-linux.zip(23.21 MB)
yaramanager-v0.1.16-macos.zip(11.77 MB)
yaramanager-v0.1.16-windows.zip(13.34 MB)
v0.1.15(Oct 11, 2021)
Filter for and exclude multiple tags via export, list and scan command using parameters -t/--tag and -T/--exclude-tag

Source code(tar.gz)
Source code(zip)
yaramanager-0.1.15-py3-none-any.whl(36.25 KB)
yaramanager-0.1.15.tar.gz(24.50 KB)
yaramanager-v0.1.15-linux.zip(23.09 MB)
yaramanager-v0.1.15-macos.zip(11.54 MB)
yaramanager-v0.1.15-windows.zip(13.25 MB)
v0.1.14(Oct 5, 2021)
Added export functionality for rulesets (@slv008)

Refactored general rule export functionality into a YaraBuilder subclass

Source code(tar.gz)
Source code(zip)
yaramanager-0.1.14-py3-none-any.whl(35.98 KB)
yaramanager-0.1.14.tar.gz(24.35 KB)
v0.1.13(Oct 3, 2021)
Added compiled export functionality: ym export -sc test.yar

Source code(tar.gz)
Source code(zip)
yaramanager-0.1.13-py3-none-any.whl(35.08 KB)
yaramanager-0.1.13.tar.gz(23.83 KB)
0.1.12(Jun 12, 2021)
Implemented recursive scans via
$ ym scan -r /path/to/dir

Source code(tar.gz)
Source code(zip)
yaramanager-0.1.12-linux.zip(21.74 MB)
yaramanager-0.1.12-macos.zip(11.52 MB)
yaramanager-0.1.12-py3-none-any.whl(34.92 KB)
yaramanager-0.1.12-windows.zip(13.21 MB)
yaramanager-0.1.12.tar.gz(23.74 KB)
0.1.11(Apr 29, 2021)
Updated yarabuilder and yara-python

Fixes commit hash display for packaged yaramanager

Source code(tar.gz)
Source code(zip)
yaramanager-0.1.11-linux.zip(21.72 MB)
yaramanager-0.1.11-macos.zip(11.50 MB)
yaramanager-0.1.11-py3-none-any.whl(34.74 KB)
yaramanager-0.1.11-windows.zip(13.19 MB)
yaramanager-0.1.11.tar.gz(23.55 KB)
0.1.10(Apr 9, 2021)
Added prebuilt binaries using Github Actions - I'm new to this, so handle with care.

Added new command to create new rules directly with ym.

Prebuilt binaries include commit hash

Updated readme

Added YM_PATH and YM_CONFIG env variables to overwrite general path and config path.

Source code(tar.gz)
Source code(zip)
yaramanager-0.1.10-linux.zip(21.61 MB)
yaramanager-0.1.10-macos.zip(11.48 MB)
yaramanager-0.1.10-py3-none-any.whl(34.73 KB)
yaramanager-0.1.10-windows.zip(12.29 MB)
yaramanager-0.1.10.tar.gz(23.51 KB)
0.1.8(Apr 5, 2021)
Added debug output for some commands

Platform specific paths (Linux, MacOS, Win)

Added Rulesets (ym ruleset, which meta attribute is responsible for assigning rules to a ruleset is configurable)

Fixed alembic migrations, some files were incorrectly added to pyproject file.

Source code(tar.gz)
Source code(zip)
yaramanager-0.1.8-py3-none-any.whl(32.58 KB)
yaramanager-0.1.8.tar.gz(21.05 KB)
0.1.6(Apr 1, 2021)
--ensure/-e switch ensures specific meta fields and tags in list command. These can be configured:

[yaramanager.ensure] ensure_meta = [ "author", "tlp", "description" ] ensure_tag = true

Added search rule command which searches through rule names and description meta fields

Fixes rule editing: because of a misunderstanding of how SQLAlchemy handles new objects with relations, editing rules could lead to exceptions

Fixes custom editor usage: previously the custom editor was only applied to config edits, but not to rule edits

Source code(tar.gz)
Source code(zip)
yaramanager-0.1.6-py3-none-any.whl(25.45 KB)
yaramanager-0.1.6.tar.gz(18.52 KB)
0.1.5(Mar 30, 2021)
Implemented alembic migrations via db upgrade command

Removed db init command

Added Scan capability

New help command

Some refactoring :)

Source code(tar.gz)
Source code(zip)
yaramanager-0.1.5-py3-none-any.whl(24.70 KB)
yaramanager-0.1.5.tar.gz(17.74 KB)
0.1.4(Mar 29, 2021)
Fixed bug that prevented edit rule tags and crashed the edit process

Added tags command

Source code(tar.gz)
Source code(zip)
yaramanager-0.1.4-py3-none-any.whl(21.39 KB)
yaramanager-0.1.4.tar.gz(13.25 KB)
0.1.3(Mar 28, 2021)
Added export command

Customize meta fields in table outputs (list command) - needs config update, e.g.:

[yaramanager.meta] # ColumnTitle = metafield Author = "author" TLP = "tlp" Created = "created" Modified = "modified" # ...

Added optional version check to version command via -c switch

Source code(tar.gz)
Source code(zip)
yaramanager-0.1.3-py3-none-any.whl(20.65 KB)
yaramanager-0.1.3.tar.gz(12.98 KB)
0.1.2(Mar 27, 2021)
Fixes bug which resulted in unnecessarily nested config

Source code(tar.gz)
Source code(zip)
yaramanager-0.1.2-py3-none-any.whl(19.32 KB)
yaramanager-0.1.2.tar.gz(12.24 KB)
0.1.1(Mar 27, 2021)
Updated yarabuilder to v0.0.5

Added get command for retrieving single rules from the database

Added read command for adding rules via stdin

Read and update rules modified by edit command

Added version command

Source code(tar.gz)
Source code(zip)
yaramanager-0.1.1-py3-none-any.whl(19.30 KB)
yaramanager-0.1.1.tar.gz(12.20 KB)
0.1.0(Mar 27, 2021)

Initial release
Source code(tar.gz)
Source code(zip)
yaramanager-0.1.0-py3-none-any.whl(17.62 KB)
yaramanager-0.1.0.tar.gz(11.40 KB)

Owner

Nils Kuhnert

TI, RE, DFIR stuff. Everything you find on this profile is the reason why I'm not a developer.

GitHub Repository

Vulnerability Exploitation Code Collection Repository

Introduction expbox is an exploit code collection repository List CVE-2021-41349 Exchange XSS PoC = Exchange 2013 update 23 = Exchange 2016 update 2

263 Feb 14, 2022

To explore creating an application that detects available connections at once from wifi and bluetooth

Signalum A Linux Package to detect and analyze existing connections from wifi and bluetooth. Also checkout the Desktop Application. Signalum Installat

56 Mar 03, 2021

Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞利用功能

2.8k Dec 29, 2022

Unsafe Twig processing of static pages leading to RCE in Grav CMS 1.7.10

CVE-2021-29440 Unsafe Twig processing of static pages leading to RCE in Grav CMS 1.7.10 Grav is a file based Web-platform. Twig processing of static p

6 Oct 10, 2022

CVE-2022-22963 PoC

CVE-2022-22963 CVE-2022-22963 PoC Slight modified for English translation and detection of https://github.com/chaosec2021/Spring-cloud-function-SpEL-R

104 Dec 08, 2022

HTTP security headers for Flask

Talisman: HTTP security headers for Flask Talisman is a small Flask extension that handles setting HTTP headers that can help protect against a few co

854 Dec 30, 2022

Lite version of my Gatekeeper backdoor for public use.

Gatekeeper Lite Backdoor Fully functioning bind-type backdoor This backdoor is a fully functioning bind shell and lite version of my full functioning

56 Mar 25, 2022

Hadoop Yan ResourceManager unauthorized RCE

Vuln Impact There was an unauthorized access vulnerability in Hadoop yarn ResourceManager. This vulnerability existed in Hadoop yarn, the core compone

25 Nov 24, 2022

A windows post exploitation tool that contains a lot of features for information gathering and more.

Crowbar - A windows post exploitation tool Status - ✔️ This project is now considered finished. Any updates from now on will most likely be new script

29 Nov 20, 2022

CVE-2022-22965 - CVE-2010-1622 redux

CVE-2022-22965 - vulnerable app and PoC Trial & error $ docker rm -f rce; docker build -t rce:latest . && docker run -d -p 8080:8080 --name rce rce:la

20 Aug 25, 2022

An easy-to-use wrapper for NTFS-3G on macOS

ezNTFS ezNTFS is an easy-to-use wrapper for NTFS-3G on macOS. ezNTFS can be used as a menu bar app, or via the CLI in the terminal. Installation To us

34 Dec 01, 2022

Static Token And Credential Scanner

Static Token And Credential Scanner What is it? STACS is a YARA powered static credential scanner which suports binary file formats, analysis of neste

81 Dec 27, 2022

Python implementation for CVE-2021-42278 (Active Directory Privilege Escalation)

Pachine Python implementation for CVE-2021-42278 (Active Directory Privilege Escalation). Installtion $ pip3 install impacket Usage Impacket v0.9.23 -

250 Dec 31, 2022

Automated tool to find & created Exploit Poc for Clickjacking Vulnerability

ClickJackPoc This tool will help you automate finding Clickjacking Vulnerability by just passing a file containing list of Targets . Once the Target i

24 Dec 19, 2022

A simple linux keylogger project.

The project This project is a simple linux keylogger. When activated, it registers all the actions made with the keyboard. The log files are registere

1 Oct 24, 2021

Fat-Stealer is a stealer that allows you to grab the Discord token from a user and open a backdoor in his machine.

21 Jan 01, 2023

Burp Suite extension for encoding/decoding EVM calldata

unblocker Burp Suite extension for encoding/decoding EVM calldata 0x00_prerequisites Burp Suite Java 8+ Python 2.7 0x01_installation clone this reposi

16 Aug 30, 2022

Gmail Accounts Hacking

gmail-hack Gmail Accounts Hacking Gemail-Hack python script for Hack gmail account brute force What is brute force attack? In brute force attack,scrip

25 Nov 10, 2022

Yet another web fuzzer

yafuzz Yet another web fuzzer Usage This script can run in two modes of operation. Supplying a wordlist -W argument will initiate a multithreaded fuzz

5 Feb 02, 2022

This python script will automate the testing for the Log4J vulnerability for HTTP and HTTPS connections.

Log4J-Huntress-Automate-Script This python script will automate the testing for the Log4J vulnerability for HTTP and HTTPS connections. Pre-Requisits

1 Dec 16, 2021

Simple yara rule manager

Related tags

Overview

Yara Manager

Todos

Installation

Features

Asciinema (out of date)

Usage

Comments

Filter rules by tags - exclusion

nocase error

Bump mako from 1.1.6 to 1.2.2

1.2.2

bug

1.2.1

bug

misc

1.2.0

changed

Bump setuptools from 65.5.0 to 65.5.1

v65.5.1

Bump certifi from 2022.9.24 to 2022.12.7

Releases(v0.2.1)

v0.2.1(Nov 2, 2022)

v0.2.0(Nov 2, 2022)

v0.2.0-rc1(Feb 21, 2022)

v0.1.16(Feb 21, 2022)

v0.1.15(Oct 11, 2021)

v0.1.14(Oct 5, 2021)

v0.1.13(Oct 3, 2021)

0.1.12(Jun 12, 2021)

0.1.11(Apr 29, 2021)

0.1.10(Apr 9, 2021)

0.1.8(Apr 5, 2021)

0.1.6(Apr 1, 2021)

0.1.5(Mar 30, 2021)

0.1.4(Mar 29, 2021)

0.1.3(Mar 28, 2021)

0.1.2(Mar 27, 2021)

0.1.1(Mar 27, 2021)

0.1.0(Mar 27, 2021)