Simple yara rule manager

Last update: Nov 17, 2022

Overview

Yara Manager

A simple program to manage your yara ruleset in a (sqlite) database.

Todos

Search rules and descriptions
Cluster rules in rulesets
Enforce configurable default set of meta fields
Implement backup and sharing possibilities

Installation

pip install yaramanager

Features

Asciinema (out of date)

Store your Yara rules in a DB locally and manage them.

Usage

$ ym
Usage: ym [OPTIONS] COMMAND [ARGS]...

Options:
  --help  Show this message and exit.

Commands:
  add      Add a new rule to the database.
  config   Review and change yaramanager configuration.
  db       Manage your databases
  del      Delete a rule by its ID or name.
  edit     Edits a rule with your default editor.
  export   Export rules from the database.
  get      Get rules from the database.
  help     Displays help about commands
  list     Lists rules available in DB.
  parse    Parses rule files.
  read     Read rules from stdin.
  scan     Scan files using your rulesets.
  search   Searches through your rules.
  stats    Prints stats about the database contents.
  tags     Show tags and the number of tagged rules
  version  Displays the current version.

Comments

Filter rules by tags - exclusion

Hello @3c7 - I wanted to apply some extra filtering conditions using a SQLAlchemy query, but didn't succeeded yet. Here is a question where i described most of the issue, and I was wondering if you may have a better idea maybe? Much appreciated. Thanks

opened by silvian-io 4
nocase error

If a rule has nocase like:

strings: $x00 = "test" ascii wide nocase

results in below is saved to db: $x00 = "test" ascii wide

You lose nocase

opened by mrJingl3s 1
Bump mako from 1.1.6 to 1.2.2
Bumps mako from 1.1.6 to 1.2.2.

Release notes

Sourced from mako's releases.

1.2.2

Released: Mon Aug 29 2022

bug

[bug] [lexer] Fixed issue in lexer where the regexp used to match tags would not correctly interpret quoted sections individually. While this parsing issue still produced the same expected tag structure later on, the mis-handling of quoted sections was also subject to a regexp crash if a tag had a large number of quotes within its quoted sections.

References: #366

1.2.1

Released: Thu Jun 30 2022

bug

[bug] [tests] Various fixes to the test suite in the area of exception message rendering to accommodate for variability in Python versions as well as Pygments.

References: #360

misc

[performance] Optimized some codepaths within the lexer/Python code generation process, improving performance for generation of templates prior to their being cached. Pull request courtesy Takuto Ikuta.

References: #361

1.2.0

Released: Thu Mar 10 2022

changed

[changed] [py3k] Corrected "universal wheel" directive in setup.cfg so that building a wheel does not target Python 2.

References: #351

[changed] [py3k] The bytestring_passthrough template argument is removed, as this flag only applied to Python 2.

... (truncated)

Commits

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 1
Bump setuptools from 65.5.0 to 65.5.1
Bumps setuptools from 65.5.0 to 65.5.1.

Changelog

Sourced from setuptools's changelog.

v65.5.1

Misc ^^^^

#3638: Drop a test dependency on the mock package, always use :external+python:py:mod:unittest.mock -- by :user:hroncok

#3659: Fixed REDoS vector in package_index.

Commits

a462cb5 Bump version: 65.5.0 → 65.5.1

de35d8b Merge pull request #3656 from bmorris3/typos

58e23de Update changelog. Ref #3659.

43a9c9b Limit the amount of whitespace to search/backtrack. Fixes #3659.

5791343 Add test capturing failed expectation. Ref #3659.

1f97905 ⚫ Fade to black.

6254567 Remove workaround for emacs.

729b180 ⚫ Fade to black.

c068081 Typo corrections

f777a40 Suppress deprecation warning in --rsyncdir. Workaround for #3655.

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 0
Bump certifi from 2022.9.24 to 2022.12.7
Bumps certifi from 2022.9.24 to 2022.12.7.

Commits

9e9e840 2022.12.07

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 0

Releases(v0.2.1)

v0.2.1(Nov 2, 2022)

Source code(tar.gz)
Source code(zip)
yaramanager-0.2.1-py3-none-any.whl(37.59 KB)
yaramanager-0.2.1.tar.gz(25.41 KB)
yaramanager-v0.2.1-linux.zip(24.82 MB)
yaramanager-v0.2.1-macos.zip(12.04 MB)
yaramanager-v0.2.1-windows.zip(13.87 MB)
v0.2.0(Nov 2, 2022)
Release for DB update

Adding missing string modifiers

Updating dependencies

Source code(tar.gz)
Source code(zip)
yaramanager-0.2.0-py3-none-any.whl(37.59 KB)
yaramanager-0.2.0.tar.gz(25.41 KB)
yaramanager-v0.2.0-linux.zip(24.82 MB)
yaramanager-v0.2.0-macos.zip(12.04 MB)
yaramanager-v0.2.0-windows.zip(13.87 MB)
v0.2.0-rc1(Feb 21, 2022)

This release introduces a change in the DB schema. It's possible now to use MySQL/MariaDB and Postgres as database.
Source code(tar.gz)
Source code(zip)
yaramanager-0.2.0rc1-py3-none-any.whl(37.55 KB)
yaramanager-0.2.0rc1.tar.gz(25.78 KB)
yaramanager-v0.2.0-rc1-linux.zip(23.21 MB)
yaramanager-v0.2.0-rc1-macos.zip(11.77 MB)
yaramanager-v0.2.0-rc1-windows.zip(13.34 MB)
v0.1.16(Feb 21, 2022)
Updated dependencies

Added externals parameter to yara-python calls, so the filename parameter can be used within yara rules

Added --ruleset, -R switch to the add command, so multiple rules within a rule file will be added to a ruleset, based on the filename of the given rule file

Source code(tar.gz)
Source code(zip)
yaramanager-0.1.16-py3-none-any.whl(36.65 KB)
yaramanager-0.1.16.tar.gz(24.88 KB)
yaramanager-v0.1.16-linux.zip(23.21 MB)
yaramanager-v0.1.16-macos.zip(11.77 MB)
yaramanager-v0.1.16-windows.zip(13.34 MB)
v0.1.15(Oct 11, 2021)
Filter for and exclude multiple tags via export, list and scan command using parameters -t/--tag and -T/--exclude-tag

Source code(tar.gz)
Source code(zip)
yaramanager-0.1.15-py3-none-any.whl(36.25 KB)
yaramanager-0.1.15.tar.gz(24.50 KB)
yaramanager-v0.1.15-linux.zip(23.09 MB)
yaramanager-v0.1.15-macos.zip(11.54 MB)
yaramanager-v0.1.15-windows.zip(13.25 MB)
v0.1.14(Oct 5, 2021)
Added export functionality for rulesets (@slv008)

Refactored general rule export functionality into a YaraBuilder subclass

Source code(tar.gz)
Source code(zip)
yaramanager-0.1.14-py3-none-any.whl(35.98 KB)
yaramanager-0.1.14.tar.gz(24.35 KB)
v0.1.13(Oct 3, 2021)
Added compiled export functionality: ym export -sc test.yar

Source code(tar.gz)
Source code(zip)
yaramanager-0.1.13-py3-none-any.whl(35.08 KB)
yaramanager-0.1.13.tar.gz(23.83 KB)
0.1.12(Jun 12, 2021)
Implemented recursive scans via
$ ym scan -r /path/to/dir

Source code(tar.gz)
Source code(zip)
yaramanager-0.1.12-linux.zip(21.74 MB)
yaramanager-0.1.12-macos.zip(11.52 MB)
yaramanager-0.1.12-py3-none-any.whl(34.92 KB)
yaramanager-0.1.12-windows.zip(13.21 MB)
yaramanager-0.1.12.tar.gz(23.74 KB)
0.1.11(Apr 29, 2021)
Updated yarabuilder and yara-python

Fixes commit hash display for packaged yaramanager

Source code(tar.gz)
Source code(zip)
yaramanager-0.1.11-linux.zip(21.72 MB)
yaramanager-0.1.11-macos.zip(11.50 MB)
yaramanager-0.1.11-py3-none-any.whl(34.74 KB)
yaramanager-0.1.11-windows.zip(13.19 MB)
yaramanager-0.1.11.tar.gz(23.55 KB)
0.1.10(Apr 9, 2021)
Added prebuilt binaries using Github Actions - I'm new to this, so handle with care.

Added new command to create new rules directly with ym.

Prebuilt binaries include commit hash

Updated readme

Added YM_PATH and YM_CONFIG env variables to overwrite general path and config path.

Source code(tar.gz)
Source code(zip)
yaramanager-0.1.10-linux.zip(21.61 MB)
yaramanager-0.1.10-macos.zip(11.48 MB)
yaramanager-0.1.10-py3-none-any.whl(34.73 KB)
yaramanager-0.1.10-windows.zip(12.29 MB)
yaramanager-0.1.10.tar.gz(23.51 KB)
0.1.8(Apr 5, 2021)
Added debug output for some commands

Platform specific paths (Linux, MacOS, Win)

Added Rulesets (ym ruleset, which meta attribute is responsible for assigning rules to a ruleset is configurable)

Fixed alembic migrations, some files were incorrectly added to pyproject file.

Source code(tar.gz)
Source code(zip)
yaramanager-0.1.8-py3-none-any.whl(32.58 KB)
yaramanager-0.1.8.tar.gz(21.05 KB)
0.1.6(Apr 1, 2021)
--ensure/-e switch ensures specific meta fields and tags in list command. These can be configured:

[yaramanager.ensure] ensure_meta = [ "author", "tlp", "description" ] ensure_tag = true

Added search rule command which searches through rule names and description meta fields

Fixes rule editing: because of a misunderstanding of how SQLAlchemy handles new objects with relations, editing rules could lead to exceptions

Fixes custom editor usage: previously the custom editor was only applied to config edits, but not to rule edits

Source code(tar.gz)
Source code(zip)
yaramanager-0.1.6-py3-none-any.whl(25.45 KB)
yaramanager-0.1.6.tar.gz(18.52 KB)
0.1.5(Mar 30, 2021)
Implemented alembic migrations via db upgrade command

Removed db init command

Added Scan capability

New help command

Some refactoring :)

Source code(tar.gz)
Source code(zip)
yaramanager-0.1.5-py3-none-any.whl(24.70 KB)
yaramanager-0.1.5.tar.gz(17.74 KB)
0.1.4(Mar 29, 2021)
Fixed bug that prevented edit rule tags and crashed the edit process

Added tags command

Source code(tar.gz)
Source code(zip)
yaramanager-0.1.4-py3-none-any.whl(21.39 KB)
yaramanager-0.1.4.tar.gz(13.25 KB)
0.1.3(Mar 28, 2021)
Added export command

Customize meta fields in table outputs (list command) - needs config update, e.g.:

[yaramanager.meta] # ColumnTitle = metafield Author = "author" TLP = "tlp" Created = "created" Modified = "modified" # ...

Added optional version check to version command via -c switch

Source code(tar.gz)
Source code(zip)
yaramanager-0.1.3-py3-none-any.whl(20.65 KB)
yaramanager-0.1.3.tar.gz(12.98 KB)
0.1.2(Mar 27, 2021)
Fixes bug which resulted in unnecessarily nested config

Source code(tar.gz)
Source code(zip)
yaramanager-0.1.2-py3-none-any.whl(19.32 KB)
yaramanager-0.1.2.tar.gz(12.24 KB)
0.1.1(Mar 27, 2021)
Updated yarabuilder to v0.0.5

Added get command for retrieving single rules from the database

Added read command for adding rules via stdin

Read and update rules modified by edit command

Added version command

Source code(tar.gz)
Source code(zip)
yaramanager-0.1.1-py3-none-any.whl(19.30 KB)
yaramanager-0.1.1.tar.gz(12.20 KB)
0.1.0(Mar 27, 2021)

Initial release
Source code(tar.gz)
Source code(zip)
yaramanager-0.1.0-py3-none-any.whl(17.62 KB)
yaramanager-0.1.0.tar.gz(11.40 KB)

Owner

Nils Kuhnert

TI, RE, DFIR stuff. Everything you find on this profile is the reason why I'm not a developer.

GitHub Repository

Generates password lists/dictionaries based on keywords written in python3.

dicbyru Introduction Generates password lists/dictionaries based on keywords. It uses the keywords and adds capital letters, numbers and special chara

2 Oct 31, 2022

Sqli-Scanner is a python3 script written to scan websites for SQL injection vulnerabilities

Sqli-Scanner is a python3 script written to scan websites for SQL injection vulnerabilities Features 1 Scan one website 2 Scan multiple websites Insta

9 Dec 30, 2022

Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user

About Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user Changed from sam-the-admin. Usage SAM THE ADMIN CVE-202

500 Jan 06, 2023

This tool was created in order to automate some basic OSINT tasks for penetration testing assingments.

This tool was created in order to automate some basic OSINT tasks for penetration testing assingments. The main feature that I haven't seen much anywhere is the downloadd google dork function where t

5 May 31, 2022

A collection of intelligence about Log4Shell and its exploitation activity

Log4Shell-IOCs Members of the Curated Intelligence Trust Group have compiled a list of IOC feeds and threat reports focused on the recent Log4Shell ex

172 Nov 17, 2022

CVE-2021-22005 - VMWare vCenter Server File Upload to RCE

CVE-2021-22005 - VMWare vCenter Server File Upload to RCE Analyze Usage ------------------------------------------------------------- [*] CVE-2021-220

224 Aug 05, 2022

evtx-hunter helps to quickly spot interesting security-related activity in Windows Event Viewer (EVTX) files.

Introduction evtx-hunter helps to quickly spot interesting security-related activity in Windows Event Viewer (EVTX) files. It can process a high numbe

116 Dec 29, 2022

Brute-Force-Connected

Brute-Force-Connected Guess the password for Connected accounts the use : Create a new file and put usernames and passwords in it Example : joker:1234

4 Jun 05, 2022

A Superfast SMS & Call bomber for Linux And Termux !

15 Feb 21, 2022

Log4Shell RCE Exploit - fully independent exploit does not require any 3rd party binaries.

Log4Shell RCE Exploit fully independent exploit does not require any 3rd party binaries. The exploit spraying the payload to all possible logged HTTP

258 Jan 02, 2023

orfipy is a tool written in python/cython to extract ORFs in an extremely and fast and flexible manner

Introduction orfipy is a tool written in python/cython to extract ORFs in an extremely and fast and flexible manner. Other popular ORF searching tools

34 Nov 21, 2022

Python lib to automate basic QFT calculations like Wick-contractions.

QFTools Python lib to automate basic QFT calculations like Wick-contractions. Features Wick contractions for real scalar fields Wick contractions for

2 Aug 21, 2022

Archive-Crack - A Tools for crack file archive

Install In TERMUX apt update && apt upgrade -y pkg install python git unrar

10 Oct 06, 2022

A small Python Script To get all levels of subdomains from a list

getlevels A small Python Script To get all levels of subdomains Easily get 1st level, 2nd level, 3rd level, 4th level .... nth level subdomains Usag

9 Feb 15, 2022

WinRemoteEnum is a module-based collection of operations achievable by a low-privileged domain user.

WinRemoteEnum WinRemoteEnum is a module-based collection of operations achievable by a low-privileged domain user, sharing the goal of remotely gather

9 Nov 09, 2022

Pass2Pwn: a simple python3 tool created to assist penetration testers generate possible passwords for a targeted system based solely on the organization's name

Pass2Pwn is a simple python3 tool created to assist penetration testers generate possible passwords for a targeted system based solely on the organization's name

10 Oct 15, 2022

Simple yara rule manager

Related tags

Overview

Yara Manager

Todos

Installation

Features

Asciinema (out of date)

Usage

Comments

Filter rules by tags - exclusion

nocase error

Bump mako from 1.1.6 to 1.2.2

1.2.2

bug

1.2.1

bug

misc

1.2.0

changed

Bump setuptools from 65.5.0 to 65.5.1

v65.5.1

Bump certifi from 2022.9.24 to 2022.12.7

Releases(v0.2.1)

v0.2.1(Nov 2, 2022)

v0.2.0(Nov 2, 2022)

v0.2.0-rc1(Feb 21, 2022)

v0.1.16(Feb 21, 2022)

v0.1.15(Oct 11, 2021)

v0.1.14(Oct 5, 2021)

v0.1.13(Oct 3, 2021)

0.1.12(Jun 12, 2021)

0.1.11(Apr 29, 2021)

0.1.10(Apr 9, 2021)

0.1.8(Apr 5, 2021)

0.1.6(Apr 1, 2021)

0.1.5(Mar 30, 2021)

0.1.4(Mar 29, 2021)

0.1.3(Mar 28, 2021)

0.1.2(Mar 27, 2021)

0.1.1(Mar 27, 2021)

0.1.0(Mar 27, 2021)