Simple yara rule manager

Last update: Nov 17, 2022

Overview

Yara Manager

A simple program to manage your yara ruleset in a (sqlite) database.

Todos

Search rules and descriptions
Cluster rules in rulesets
Enforce configurable default set of meta fields
Implement backup and sharing possibilities

Installation

pip install yaramanager

Features

Asciinema (out of date)

Store your Yara rules in a DB locally and manage them.

Usage

$ ym
Usage: ym [OPTIONS] COMMAND [ARGS]...

Options:
  --help  Show this message and exit.

Commands:
  add      Add a new rule to the database.
  config   Review and change yaramanager configuration.
  db       Manage your databases
  del      Delete a rule by its ID or name.
  edit     Edits a rule with your default editor.
  export   Export rules from the database.
  get      Get rules from the database.
  help     Displays help about commands
  list     Lists rules available in DB.
  parse    Parses rule files.
  read     Read rules from stdin.
  scan     Scan files using your rulesets.
  search   Searches through your rules.
  stats    Prints stats about the database contents.
  tags     Show tags and the number of tagged rules
  version  Displays the current version.

Comments

Filter rules by tags - exclusion

Hello @3c7 - I wanted to apply some extra filtering conditions using a SQLAlchemy query, but didn't succeeded yet. Here is a question where i described most of the issue, and I was wondering if you may have a better idea maybe? Much appreciated. Thanks

opened by silvian-io 4
nocase error

If a rule has nocase like:

strings: $x00 = "test" ascii wide nocase

results in below is saved to db: $x00 = "test" ascii wide

You lose nocase

opened by mrJingl3s 1
Bump mako from 1.1.6 to 1.2.2
Bumps mako from 1.1.6 to 1.2.2.

Release notes

Sourced from mako's releases.

1.2.2

Released: Mon Aug 29 2022

bug

[bug] [lexer] Fixed issue in lexer where the regexp used to match tags would not correctly interpret quoted sections individually. While this parsing issue still produced the same expected tag structure later on, the mis-handling of quoted sections was also subject to a regexp crash if a tag had a large number of quotes within its quoted sections.

References: #366

1.2.1

Released: Thu Jun 30 2022

bug

[bug] [tests] Various fixes to the test suite in the area of exception message rendering to accommodate for variability in Python versions as well as Pygments.

References: #360

misc

[performance] Optimized some codepaths within the lexer/Python code generation process, improving performance for generation of templates prior to their being cached. Pull request courtesy Takuto Ikuta.

References: #361

1.2.0

Released: Thu Mar 10 2022

changed

[changed] [py3k] Corrected "universal wheel" directive in setup.cfg so that building a wheel does not target Python 2.

References: #351

[changed] [py3k] The bytestring_passthrough template argument is removed, as this flag only applied to Python 2.

... (truncated)

Commits

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 1
Bump setuptools from 65.5.0 to 65.5.1
Bumps setuptools from 65.5.0 to 65.5.1.

Changelog

Sourced from setuptools's changelog.

v65.5.1

Misc ^^^^

#3638: Drop a test dependency on the mock package, always use :external+python:py:mod:unittest.mock -- by :user:hroncok

#3659: Fixed REDoS vector in package_index.

Commits

a462cb5 Bump version: 65.5.0 → 65.5.1

de35d8b Merge pull request #3656 from bmorris3/typos

58e23de Update changelog. Ref #3659.

43a9c9b Limit the amount of whitespace to search/backtrack. Fixes #3659.

5791343 Add test capturing failed expectation. Ref #3659.

1f97905 ⚫ Fade to black.

6254567 Remove workaround for emacs.

729b180 ⚫ Fade to black.

c068081 Typo corrections

f777a40 Suppress deprecation warning in --rsyncdir. Workaround for #3655.

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 0
Bump certifi from 2022.9.24 to 2022.12.7
Bumps certifi from 2022.9.24 to 2022.12.7.

Commits

9e9e840 2022.12.07

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 0

Releases(v0.2.1)

v0.2.1(Nov 2, 2022)

Source code(tar.gz)
Source code(zip)
yaramanager-0.2.1-py3-none-any.whl(37.59 KB)
yaramanager-0.2.1.tar.gz(25.41 KB)
yaramanager-v0.2.1-linux.zip(24.82 MB)
yaramanager-v0.2.1-macos.zip(12.04 MB)
yaramanager-v0.2.1-windows.zip(13.87 MB)
v0.2.0(Nov 2, 2022)
Release for DB update

Adding missing string modifiers

Updating dependencies

Source code(tar.gz)
Source code(zip)
yaramanager-0.2.0-py3-none-any.whl(37.59 KB)
yaramanager-0.2.0.tar.gz(25.41 KB)
yaramanager-v0.2.0-linux.zip(24.82 MB)
yaramanager-v0.2.0-macos.zip(12.04 MB)
yaramanager-v0.2.0-windows.zip(13.87 MB)
v0.2.0-rc1(Feb 21, 2022)

This release introduces a change in the DB schema. It's possible now to use MySQL/MariaDB and Postgres as database.
Source code(tar.gz)
Source code(zip)
yaramanager-0.2.0rc1-py3-none-any.whl(37.55 KB)
yaramanager-0.2.0rc1.tar.gz(25.78 KB)
yaramanager-v0.2.0-rc1-linux.zip(23.21 MB)
yaramanager-v0.2.0-rc1-macos.zip(11.77 MB)
yaramanager-v0.2.0-rc1-windows.zip(13.34 MB)
v0.1.16(Feb 21, 2022)
Updated dependencies

Added externals parameter to yara-python calls, so the filename parameter can be used within yara rules

Added --ruleset, -R switch to the add command, so multiple rules within a rule file will be added to a ruleset, based on the filename of the given rule file

Source code(tar.gz)
Source code(zip)
yaramanager-0.1.16-py3-none-any.whl(36.65 KB)
yaramanager-0.1.16.tar.gz(24.88 KB)
yaramanager-v0.1.16-linux.zip(23.21 MB)
yaramanager-v0.1.16-macos.zip(11.77 MB)
yaramanager-v0.1.16-windows.zip(13.34 MB)
v0.1.15(Oct 11, 2021)
Filter for and exclude multiple tags via export, list and scan command using parameters -t/--tag and -T/--exclude-tag

Source code(tar.gz)
Source code(zip)
yaramanager-0.1.15-py3-none-any.whl(36.25 KB)
yaramanager-0.1.15.tar.gz(24.50 KB)
yaramanager-v0.1.15-linux.zip(23.09 MB)
yaramanager-v0.1.15-macos.zip(11.54 MB)
yaramanager-v0.1.15-windows.zip(13.25 MB)
v0.1.14(Oct 5, 2021)
Added export functionality for rulesets (@slv008)

Refactored general rule export functionality into a YaraBuilder subclass

Source code(tar.gz)
Source code(zip)
yaramanager-0.1.14-py3-none-any.whl(35.98 KB)
yaramanager-0.1.14.tar.gz(24.35 KB)
v0.1.13(Oct 3, 2021)
Added compiled export functionality: ym export -sc test.yar

Source code(tar.gz)
Source code(zip)
yaramanager-0.1.13-py3-none-any.whl(35.08 KB)
yaramanager-0.1.13.tar.gz(23.83 KB)
0.1.12(Jun 12, 2021)
Implemented recursive scans via
$ ym scan -r /path/to/dir

Source code(tar.gz)
Source code(zip)
yaramanager-0.1.12-linux.zip(21.74 MB)
yaramanager-0.1.12-macos.zip(11.52 MB)
yaramanager-0.1.12-py3-none-any.whl(34.92 KB)
yaramanager-0.1.12-windows.zip(13.21 MB)
yaramanager-0.1.12.tar.gz(23.74 KB)
0.1.11(Apr 29, 2021)
Updated yarabuilder and yara-python

Fixes commit hash display for packaged yaramanager

Source code(tar.gz)
Source code(zip)
yaramanager-0.1.11-linux.zip(21.72 MB)
yaramanager-0.1.11-macos.zip(11.50 MB)
yaramanager-0.1.11-py3-none-any.whl(34.74 KB)
yaramanager-0.1.11-windows.zip(13.19 MB)
yaramanager-0.1.11.tar.gz(23.55 KB)
0.1.10(Apr 9, 2021)
Added prebuilt binaries using Github Actions - I'm new to this, so handle with care.

Added new command to create new rules directly with ym.

Prebuilt binaries include commit hash

Updated readme

Added YM_PATH and YM_CONFIG env variables to overwrite general path and config path.

Source code(tar.gz)
Source code(zip)
yaramanager-0.1.10-linux.zip(21.61 MB)
yaramanager-0.1.10-macos.zip(11.48 MB)
yaramanager-0.1.10-py3-none-any.whl(34.73 KB)
yaramanager-0.1.10-windows.zip(12.29 MB)
yaramanager-0.1.10.tar.gz(23.51 KB)
0.1.8(Apr 5, 2021)
Added debug output for some commands

Platform specific paths (Linux, MacOS, Win)

Added Rulesets (ym ruleset, which meta attribute is responsible for assigning rules to a ruleset is configurable)

Fixed alembic migrations, some files were incorrectly added to pyproject file.

Source code(tar.gz)
Source code(zip)
yaramanager-0.1.8-py3-none-any.whl(32.58 KB)
yaramanager-0.1.8.tar.gz(21.05 KB)
0.1.6(Apr 1, 2021)
--ensure/-e switch ensures specific meta fields and tags in list command. These can be configured:

[yaramanager.ensure] ensure_meta = [ "author", "tlp", "description" ] ensure_tag = true

Added search rule command which searches through rule names and description meta fields

Fixes rule editing: because of a misunderstanding of how SQLAlchemy handles new objects with relations, editing rules could lead to exceptions

Fixes custom editor usage: previously the custom editor was only applied to config edits, but not to rule edits

Source code(tar.gz)
Source code(zip)
yaramanager-0.1.6-py3-none-any.whl(25.45 KB)
yaramanager-0.1.6.tar.gz(18.52 KB)
0.1.5(Mar 30, 2021)
Implemented alembic migrations via db upgrade command

Removed db init command

Added Scan capability

New help command

Some refactoring :)

Source code(tar.gz)
Source code(zip)
yaramanager-0.1.5-py3-none-any.whl(24.70 KB)
yaramanager-0.1.5.tar.gz(17.74 KB)
0.1.4(Mar 29, 2021)
Fixed bug that prevented edit rule tags and crashed the edit process

Added tags command

Source code(tar.gz)
Source code(zip)
yaramanager-0.1.4-py3-none-any.whl(21.39 KB)
yaramanager-0.1.4.tar.gz(13.25 KB)
0.1.3(Mar 28, 2021)
Added export command

Customize meta fields in table outputs (list command) - needs config update, e.g.:

[yaramanager.meta] # ColumnTitle = metafield Author = "author" TLP = "tlp" Created = "created" Modified = "modified" # ...

Added optional version check to version command via -c switch

Source code(tar.gz)
Source code(zip)
yaramanager-0.1.3-py3-none-any.whl(20.65 KB)
yaramanager-0.1.3.tar.gz(12.98 KB)
0.1.2(Mar 27, 2021)
Fixes bug which resulted in unnecessarily nested config

Source code(tar.gz)
Source code(zip)
yaramanager-0.1.2-py3-none-any.whl(19.32 KB)
yaramanager-0.1.2.tar.gz(12.24 KB)
0.1.1(Mar 27, 2021)
Updated yarabuilder to v0.0.5

Added get command for retrieving single rules from the database

Added read command for adding rules via stdin

Read and update rules modified by edit command

Added version command

Source code(tar.gz)
Source code(zip)
yaramanager-0.1.1-py3-none-any.whl(19.30 KB)
yaramanager-0.1.1.tar.gz(12.20 KB)
0.1.0(Mar 27, 2021)

Initial release
Source code(tar.gz)
Source code(zip)
yaramanager-0.1.0-py3-none-any.whl(17.62 KB)
yaramanager-0.1.0.tar.gz(11.40 KB)

Owner

Nils Kuhnert

TI, RE, DFIR stuff. Everything you find on this profile is the reason why I'm not a developer.

GitHub Repository

Abusing Microsoft 365 OAuth Authorization Flow for Phishing Attack

O365DevicePhish Microsoft365_devicePhish Abusing Microsoft 365 OAuth Authorization Flow for Phishing Attack This is a simple proof-of-concept script t

4 Sep 23, 2022

Delta Sharing: An Open Protocol for Secure Data Sharing

Delta Sharing: An Open Protocol for Secure Data Sharing Delta Sharing is an open protocol for secure real-time exchange of large datasets, which enabl

497 Jan 02, 2023

A scanner and a proof of sample exploit for log4j RCE CVE-2021-44228

1.Create a Sample Vulnerable Application . 2.Start a netcat listner . 3.Run the exploit . 5.Use jdk1.8.0_20 for better results . Exploit-db - https://

7 Aug 06, 2022

Sample exploits for Zephyr CVE-2021-3625

CVE-2021-3625 This repository contains a few example exploits for CVE-2021-3625. All Zephyr-based usb devices up to (and including) version 2.5.0 suff

7 Nov 10, 2022

A powerful password generator utility which utilizes the slot technique to generate strong passwords of required length having combinations of lower and upper characters, digits and symbols.

Bitpass Password Generator Installation Make sure Python 3+ is installed

6 Feb 02, 2022

DependConfusion-X Tool is written in Python3 that scans and monitors list of hosts for Dependency Confusion

DependConfusion-X Tool is written in Python3 which allows security researcher/bug bounty hunter to scan and monitor list of hosts for Dependency Confusion.

4 Dec 21, 2021

Use scrapli to retrieve security zone information from a Juniper SRX firewall

Get Security Zones with Scrapli Overview This example will show how to retrieve security zone information on Juniper's SRX firewalls. In addition to t

2 Jun 19, 2022

A traceroute tool that also displays IP information

infotr A traceroute tool that also displays IP information. This tool has only been tested on Linux. Quick Start First, install this tool from PyPI. p

10 Oct 29, 2022

NIVOS is a hacking tool that allows you to scan deeply , crack wifi, see people on your network

NIVOS is a hacking tool that allows you to scan deeply , crack wifi, see people on your network. It applies to all linux operating systems. And it is improving every day, new packages are added. Than

263 Jan 01, 2023

Brute-Force-Connected

Brute-Force-Connected Guess the password for Connected accounts the use : Create a new file and put usernames and passwords in it Example : joker:1234

4 Jun 05, 2022

This program will brute force any Instagram account you send it its way given a list of proxies.

Instagram Bruter This program will brute force any Instagram account you send it its way given a list of proxies. NOTICE I'm no longer maintaining thi

1 Nov 15, 2021

Automatically fetch, measure, and merge subscription links on the network, use Github Action

Free Node Merge Introduction Modified from alanbobs999/TopFreeProxies It measures the speed of free nodes on the network and import the stable and hig

52 Jul 16, 2022

Log4j2 CVE-2021-44228 revshell

Log4j2-CVE-2021-44228-revshell Usage For reverse shell: $~ python3 Log4j2-revshell.py -M rev -u http://www.victimLog4j.xyz:8080 -l [AttackerIP] -p [At

16 Mar 24, 2022

Hack any account sending fake nitro QR code (only for educational purpose)

DISCORD_ACCOUNT_HACKING_TOOL ( EDUCATIONAL PURPOSE ) Hack any account sending fake nitro QR code (only for educational purpose) Start my program token

7 Jan 07, 2022

DoSer.py - Simple DoSer in Python

DoSer.py - Simple DoSer in Python What is DoSer? DoSer is basically an HTTP Denial of Service attack that affects threaded servers. It works like this

1 Oct 12, 2021

Meterpreter Reverse shell over TOR network using hidden services

Poiana Reverse shell over TOR network using hidden services Features - Create a hidden service - Generate non-staged payload (python/meterpreter_rev

80 Dec 21, 2022

Signatures and IoCs from public Volexity blog posts.

threat-intel This repository contains IoCs related to Volexity public threat intelligence blog posts. They are organised by year, and within each year

130 Dec 29, 2022

Obfuscate your python code into a string of integers. De-obfuscate also supported.

int-obfuscator Obfuscate your python code into a string of integers. De-obfuscate also supported. How it works: Each printable character gets replaced

6 Nov 13, 2022

Guess the password for Tik Tok accounts

Guess the password for Tik Tok accounts Tool features : You don't need proxies There is no captcha Running on a private api Combo T

32 Dec 25, 2022

Web-eyes - OSINT tools for website research

WEB-EYES V1.0 web-eyes: OSINT tools for website research, 14 research methods ar

8 Nov 10, 2022

Simple yara rule manager

Related tags

Overview

Yara Manager

Todos

Installation

Features

Asciinema (out of date)

Usage

Comments

Filter rules by tags - exclusion

nocase error

Bump mako from 1.1.6 to 1.2.2

1.2.2

bug

1.2.1

bug

misc

1.2.0

changed

Bump setuptools from 65.5.0 to 65.5.1

v65.5.1

Bump certifi from 2022.9.24 to 2022.12.7

Releases(v0.2.1)

v0.2.1(Nov 2, 2022)

v0.2.0(Nov 2, 2022)

v0.2.0-rc1(Feb 21, 2022)

v0.1.16(Feb 21, 2022)

v0.1.15(Oct 11, 2021)

v0.1.14(Oct 5, 2021)

v0.1.13(Oct 3, 2021)

0.1.12(Jun 12, 2021)

0.1.11(Apr 29, 2021)

0.1.10(Apr 9, 2021)

0.1.8(Apr 5, 2021)

0.1.6(Apr 1, 2021)

0.1.5(Mar 30, 2021)

0.1.4(Mar 29, 2021)

0.1.3(Mar 28, 2021)

0.1.2(Mar 27, 2021)

0.1.1(Mar 27, 2021)

0.1.0(Mar 27, 2021)