Simple yara rule manager

Last update: Nov 17, 2022

Overview

Yara Manager

A simple program to manage your yara ruleset in a (sqlite) database.

Todos

Search rules and descriptions
Cluster rules in rulesets
Enforce configurable default set of meta fields
Implement backup and sharing possibilities

Installation

pip install yaramanager

Features

Asciinema (out of date)

Store your Yara rules in a DB locally and manage them.

Usage

$ ym
Usage: ym [OPTIONS] COMMAND [ARGS]...

Options:
  --help  Show this message and exit.

Commands:
  add      Add a new rule to the database.
  config   Review and change yaramanager configuration.
  db       Manage your databases
  del      Delete a rule by its ID or name.
  edit     Edits a rule with your default editor.
  export   Export rules from the database.
  get      Get rules from the database.
  help     Displays help about commands
  list     Lists rules available in DB.
  parse    Parses rule files.
  read     Read rules from stdin.
  scan     Scan files using your rulesets.
  search   Searches through your rules.
  stats    Prints stats about the database contents.
  tags     Show tags and the number of tagged rules
  version  Displays the current version.

Comments

Filter rules by tags - exclusion

Hello @3c7 - I wanted to apply some extra filtering conditions using a SQLAlchemy query, but didn't succeeded yet. Here is a question where i described most of the issue, and I was wondering if you may have a better idea maybe? Much appreciated. Thanks

opened by silvian-io 4
nocase error

If a rule has nocase like:

strings: $x00 = "test" ascii wide nocase

results in below is saved to db: $x00 = "test" ascii wide

You lose nocase

opened by mrJingl3s 1
Bump mako from 1.1.6 to 1.2.2
Bumps mako from 1.1.6 to 1.2.2.

Release notes

Sourced from mako's releases.

1.2.2

Released: Mon Aug 29 2022

bug

[bug] [lexer] Fixed issue in lexer where the regexp used to match tags would not correctly interpret quoted sections individually. While this parsing issue still produced the same expected tag structure later on, the mis-handling of quoted sections was also subject to a regexp crash if a tag had a large number of quotes within its quoted sections.

References: #366

1.2.1

Released: Thu Jun 30 2022

bug

[bug] [tests] Various fixes to the test suite in the area of exception message rendering to accommodate for variability in Python versions as well as Pygments.

References: #360

misc

[performance] Optimized some codepaths within the lexer/Python code generation process, improving performance for generation of templates prior to their being cached. Pull request courtesy Takuto Ikuta.

References: #361

1.2.0

Released: Thu Mar 10 2022

changed

[changed] [py3k] Corrected "universal wheel" directive in setup.cfg so that building a wheel does not target Python 2.

References: #351

[changed] [py3k] The bytestring_passthrough template argument is removed, as this flag only applied to Python 2.

... (truncated)

Commits

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 1
Bump setuptools from 65.5.0 to 65.5.1
Bumps setuptools from 65.5.0 to 65.5.1.

Changelog

Sourced from setuptools's changelog.

v65.5.1

Misc ^^^^

#3638: Drop a test dependency on the mock package, always use :external+python:py:mod:unittest.mock -- by :user:hroncok

#3659: Fixed REDoS vector in package_index.

Commits

a462cb5 Bump version: 65.5.0 → 65.5.1

de35d8b Merge pull request #3656 from bmorris3/typos

58e23de Update changelog. Ref #3659.

43a9c9b Limit the amount of whitespace to search/backtrack. Fixes #3659.

5791343 Add test capturing failed expectation. Ref #3659.

1f97905 ⚫ Fade to black.

6254567 Remove workaround for emacs.

729b180 ⚫ Fade to black.

c068081 Typo corrections

f777a40 Suppress deprecation warning in --rsyncdir. Workaround for #3655.

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 0
Bump certifi from 2022.9.24 to 2022.12.7
Bumps certifi from 2022.9.24 to 2022.12.7.

Commits

9e9e840 2022.12.07

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 0

Releases(v0.2.1)

v0.2.1(Nov 2, 2022)

Source code(tar.gz)
Source code(zip)
yaramanager-0.2.1-py3-none-any.whl(37.59 KB)
yaramanager-0.2.1.tar.gz(25.41 KB)
yaramanager-v0.2.1-linux.zip(24.82 MB)
yaramanager-v0.2.1-macos.zip(12.04 MB)
yaramanager-v0.2.1-windows.zip(13.87 MB)
v0.2.0(Nov 2, 2022)
Release for DB update

Adding missing string modifiers

Updating dependencies

Source code(tar.gz)
Source code(zip)
yaramanager-0.2.0-py3-none-any.whl(37.59 KB)
yaramanager-0.2.0.tar.gz(25.41 KB)
yaramanager-v0.2.0-linux.zip(24.82 MB)
yaramanager-v0.2.0-macos.zip(12.04 MB)
yaramanager-v0.2.0-windows.zip(13.87 MB)
v0.2.0-rc1(Feb 21, 2022)

This release introduces a change in the DB schema. It's possible now to use MySQL/MariaDB and Postgres as database.
Source code(tar.gz)
Source code(zip)
yaramanager-0.2.0rc1-py3-none-any.whl(37.55 KB)
yaramanager-0.2.0rc1.tar.gz(25.78 KB)
yaramanager-v0.2.0-rc1-linux.zip(23.21 MB)
yaramanager-v0.2.0-rc1-macos.zip(11.77 MB)
yaramanager-v0.2.0-rc1-windows.zip(13.34 MB)
v0.1.16(Feb 21, 2022)
Updated dependencies

Added externals parameter to yara-python calls, so the filename parameter can be used within yara rules

Added --ruleset, -R switch to the add command, so multiple rules within a rule file will be added to a ruleset, based on the filename of the given rule file

Source code(tar.gz)
Source code(zip)
yaramanager-0.1.16-py3-none-any.whl(36.65 KB)
yaramanager-0.1.16.tar.gz(24.88 KB)
yaramanager-v0.1.16-linux.zip(23.21 MB)
yaramanager-v0.1.16-macos.zip(11.77 MB)
yaramanager-v0.1.16-windows.zip(13.34 MB)
v0.1.15(Oct 11, 2021)
Filter for and exclude multiple tags via export, list and scan command using parameters -t/--tag and -T/--exclude-tag

Source code(tar.gz)
Source code(zip)
yaramanager-0.1.15-py3-none-any.whl(36.25 KB)
yaramanager-0.1.15.tar.gz(24.50 KB)
yaramanager-v0.1.15-linux.zip(23.09 MB)
yaramanager-v0.1.15-macos.zip(11.54 MB)
yaramanager-v0.1.15-windows.zip(13.25 MB)
v0.1.14(Oct 5, 2021)
Added export functionality for rulesets (@slv008)

Refactored general rule export functionality into a YaraBuilder subclass

Source code(tar.gz)
Source code(zip)
yaramanager-0.1.14-py3-none-any.whl(35.98 KB)
yaramanager-0.1.14.tar.gz(24.35 KB)
v0.1.13(Oct 3, 2021)
Added compiled export functionality: ym export -sc test.yar

Source code(tar.gz)
Source code(zip)
yaramanager-0.1.13-py3-none-any.whl(35.08 KB)
yaramanager-0.1.13.tar.gz(23.83 KB)
0.1.12(Jun 12, 2021)
Implemented recursive scans via
$ ym scan -r /path/to/dir

Source code(tar.gz)
Source code(zip)
yaramanager-0.1.12-linux.zip(21.74 MB)
yaramanager-0.1.12-macos.zip(11.52 MB)
yaramanager-0.1.12-py3-none-any.whl(34.92 KB)
yaramanager-0.1.12-windows.zip(13.21 MB)
yaramanager-0.1.12.tar.gz(23.74 KB)
0.1.11(Apr 29, 2021)
Updated yarabuilder and yara-python

Fixes commit hash display for packaged yaramanager

Source code(tar.gz)
Source code(zip)
yaramanager-0.1.11-linux.zip(21.72 MB)
yaramanager-0.1.11-macos.zip(11.50 MB)
yaramanager-0.1.11-py3-none-any.whl(34.74 KB)
yaramanager-0.1.11-windows.zip(13.19 MB)
yaramanager-0.1.11.tar.gz(23.55 KB)
0.1.10(Apr 9, 2021)
Added prebuilt binaries using Github Actions - I'm new to this, so handle with care.

Added new command to create new rules directly with ym.

Prebuilt binaries include commit hash

Updated readme

Added YM_PATH and YM_CONFIG env variables to overwrite general path and config path.

Source code(tar.gz)
Source code(zip)
yaramanager-0.1.10-linux.zip(21.61 MB)
yaramanager-0.1.10-macos.zip(11.48 MB)
yaramanager-0.1.10-py3-none-any.whl(34.73 KB)
yaramanager-0.1.10-windows.zip(12.29 MB)
yaramanager-0.1.10.tar.gz(23.51 KB)
0.1.8(Apr 5, 2021)
Added debug output for some commands

Platform specific paths (Linux, MacOS, Win)

Added Rulesets (ym ruleset, which meta attribute is responsible for assigning rules to a ruleset is configurable)

Fixed alembic migrations, some files were incorrectly added to pyproject file.

Source code(tar.gz)
Source code(zip)
yaramanager-0.1.8-py3-none-any.whl(32.58 KB)
yaramanager-0.1.8.tar.gz(21.05 KB)
0.1.6(Apr 1, 2021)
--ensure/-e switch ensures specific meta fields and tags in list command. These can be configured:

[yaramanager.ensure] ensure_meta = [ "author", "tlp", "description" ] ensure_tag = true

Added search rule command which searches through rule names and description meta fields

Fixes rule editing: because of a misunderstanding of how SQLAlchemy handles new objects with relations, editing rules could lead to exceptions

Fixes custom editor usage: previously the custom editor was only applied to config edits, but not to rule edits

Source code(tar.gz)
Source code(zip)
yaramanager-0.1.6-py3-none-any.whl(25.45 KB)
yaramanager-0.1.6.tar.gz(18.52 KB)
0.1.5(Mar 30, 2021)
Implemented alembic migrations via db upgrade command

Removed db init command

Added Scan capability

New help command

Some refactoring :)

Source code(tar.gz)
Source code(zip)
yaramanager-0.1.5-py3-none-any.whl(24.70 KB)
yaramanager-0.1.5.tar.gz(17.74 KB)
0.1.4(Mar 29, 2021)
Fixed bug that prevented edit rule tags and crashed the edit process

Added tags command

Source code(tar.gz)
Source code(zip)
yaramanager-0.1.4-py3-none-any.whl(21.39 KB)
yaramanager-0.1.4.tar.gz(13.25 KB)
0.1.3(Mar 28, 2021)
Added export command

Customize meta fields in table outputs (list command) - needs config update, e.g.:

[yaramanager.meta] # ColumnTitle = metafield Author = "author" TLP = "tlp" Created = "created" Modified = "modified" # ...

Added optional version check to version command via -c switch

Source code(tar.gz)
Source code(zip)
yaramanager-0.1.3-py3-none-any.whl(20.65 KB)
yaramanager-0.1.3.tar.gz(12.98 KB)
0.1.2(Mar 27, 2021)
Fixes bug which resulted in unnecessarily nested config

Source code(tar.gz)
Source code(zip)
yaramanager-0.1.2-py3-none-any.whl(19.32 KB)
yaramanager-0.1.2.tar.gz(12.24 KB)
0.1.1(Mar 27, 2021)
Updated yarabuilder to v0.0.5

Added get command for retrieving single rules from the database

Added read command for adding rules via stdin

Read and update rules modified by edit command

Added version command

Source code(tar.gz)
Source code(zip)
yaramanager-0.1.1-py3-none-any.whl(19.30 KB)
yaramanager-0.1.1.tar.gz(12.20 KB)
0.1.0(Mar 27, 2021)

Initial release
Source code(tar.gz)
Source code(zip)
yaramanager-0.1.0-py3-none-any.whl(17.62 KB)
yaramanager-0.1.0.tar.gz(11.40 KB)

Owner

Nils Kuhnert

TI, RE, DFIR stuff. Everything you find on this profile is the reason why I'm not a developer.

GitHub Repository

Kriecher is a simple Web Scanner which will run it's own checks for the OWASP

Kriecher is a simple Web Scanner which will run it's own checks for the OWASP top 10 https://owasp.org/www-project-top-ten/# as well as run a

1 Nov 12, 2021

Ingest GreyNoise.io malicious feed for CVE-2021-44228 and apply null routes

log4j-nullroute Quick script to ingest IP feed from greynoise.io for log4j (CVE-2021-44228) and null route bad addresses. Works w/Cisco IOS-XE and Ari

5 Sep 12, 2022

Receive notifications/alerts on the most recent disclosed CVE's.

Receive notifications on the most recent disclosed CVE's.

7 Nov 24, 2022

Mass Shortlink Bypass Merupakan Tools Yang Akan Bypass Shortlink Ke Tujuan Asli, Dibuat Dengan Python 3

Shortlink-Bypass Mass Shortlink Bypass Merupakan Tools Yang Akan Bypass Shortlink Ke Tujuan Asli, Dibuat Dengan Python 3 Support Shortlink tii.ai/tei.

6 Oct 24, 2022

Metasploit Multi Purpose Exploiting Toolkit For Termux

MSF-EXPLOIT MSF-ANDRO is a Metasploit Multi Purpose Exploiting Toolkit For Termux . Only a Basic Script , Still in Development . FEATURES : Install Me

22 Dec 29, 2022

Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URL with multithreading

log4j-detect Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URL with multithreading The script

187 Jan 03, 2023

Proof of concept for CVE-2021-24086, a NULL dereference in tcpip.sys triggered remotely.

CVE-2021-24086 This is a proof of concept for CVE-2021-24086 ("Windows TCP/IP Denial of Service Vulnerability "), a NULL dereference in tcpip.sys patc

220 Dec 14, 2022

macOS persistence tool

PoisonApple Command-line tool to perform various persistence mechanism techniques on macOS. This tool was designed to be used by threat hunters for cy

212 Dec 29, 2022

DependConfusion-X Tool is written in Python3 that scans and monitors list of hosts for Dependency Confusion

DependConfusion-X Tool is written in Python3 which allows security researcher/bug bounty hunter to scan and monitor list of hosts for Dependency Confusion.

4 Dec 21, 2021

WinRemoteEnum is a module-based collection of operations achievable by a low-privileged domain user.

WinRemoteEnum WinRemoteEnum is a module-based collection of operations achievable by a low-privileged domain user, sharing the goal of remotely gather

9 Nov 09, 2022

A OSINT tool coded in python

Argus Welcome to Argus, a OSINT tool coded in python. Disclaimer I Am not responsible what you do with the information that is given to you by my tool

2 Mar 20, 2022

Grafana-POC(CVE-2021-43798)

Grafana-Poc 此工具请勿用于违法用途。一、使用方法：python3 grafana_hole.py 在domain.txt中填入ip:port 二、漏洞影响范围影响版本： Grafana 8.0.0 - 8.3.0 安全版本： Grafana 8.3.1, 8.2.7, 8.1.8,

8 Jan 03, 2023

对naabu的端口扫描结果，调用nmap进行指纹识别

naabu2nmap 对naabu的端口扫描结果，调用nmap进行指纹识别

12 Nov 22, 2022

Linus-png.github.io - Versionsverwaltung & Open Source Hausaufgabe

Let's Git - Versionsverwaltung & Open Source Hausaufgabe Herzlich Willkommen zu

1 Jan 24, 2022

Better-rtti-parser - IDA script to parse RTTI information in executable

RTTI parser Parses RTTI information from executable. Example HexRays decompiler view Before: After: Functions window Before: After: Structs window Ins

101 Jan 04, 2023

USSR-Scanner - USSR Scanner with python

Purposes ? Hey there is abosolutely no need to do this we do it only to irritate

2 Jan 24, 2022

FIVE, Vulnerability Scanner And Mass Exploiter, made for pentesting.

$ FIVE - FIVE is a Pentesting Framework to Test the Security & Integrity of a Website, or Multiple Websites. $ Info FIVE Was Made After Vulnnr to Prod

24 Dec 10, 2021

A script to extract SNESticle from Fight Night Round 2

fn22snesticle.py A script for producing a SNESticle ISO from a Fight Night Round 2 ISO and any SNES ROM. Background Fight Night Round 2 is a boxing ga

57 Nov 22, 2022

Trainspotting - Python Dependency Injector based on interface binding

Choose dependency injection Friendly with MyPy Supports lazy injections Supports

3 Jan 26, 2022

Privacy-respecting metasearch engine

Privacy-respecting, hackable metasearch engine / pronunciation səːks. If you are looking for running instances, ready to use, then visit searx.space.

12.4k Jan 08, 2023

Simple yara rule manager

Related tags

Overview

Yara Manager

Todos

Installation

Features

Asciinema (out of date)

Usage

Comments

Filter rules by tags - exclusion

nocase error

Bump mako from 1.1.6 to 1.2.2

1.2.2

bug

1.2.1

bug

misc

1.2.0

changed

Bump setuptools from 65.5.0 to 65.5.1

v65.5.1

Bump certifi from 2022.9.24 to 2022.12.7

Releases(v0.2.1)

v0.2.1(Nov 2, 2022)

v0.2.0(Nov 2, 2022)

v0.2.0-rc1(Feb 21, 2022)

v0.1.16(Feb 21, 2022)

v0.1.15(Oct 11, 2021)

v0.1.14(Oct 5, 2021)

v0.1.13(Oct 3, 2021)

0.1.12(Jun 12, 2021)

0.1.11(Apr 29, 2021)

0.1.10(Apr 9, 2021)

0.1.8(Apr 5, 2021)

0.1.6(Apr 1, 2021)

0.1.5(Mar 30, 2021)

0.1.4(Mar 29, 2021)

0.1.3(Mar 28, 2021)

0.1.2(Mar 27, 2021)

0.1.1(Mar 27, 2021)

0.1.0(Mar 27, 2021)