Androguard module for Yara
#Application Protection#Application Security
An application security testing platform that combines automated scanning, AI assistance, and manual expert testing to provide continuous security assessment throughout the software development lifecycle.
Yara Module Overview
This Yara module is a component of the Koodous project (https://koodous.com) and integrates static APK analysis with Yara. It allows you to find APKs based on various criteria, including package name, permissions, API level, and more. For detailed documentation regarding this module, please visit the Koodous documentation site: http://docs.koodous.com/yara/androguard/
Preparing for Compilation:
To utilize this module, you need to recompile Yara with the androguard module first. This process requires you to modify specific files. Please adhere to the basic steps provided in the official documentation: http://yara.readthedocs.org/en/latest/writingmodules.html#building-our-hello-world. Make sure to include the file androguard.c in the libyara/modules folder. Additionally, you will need to modify the necessary files.
The file should appear as follows with modifications
MODULE(pe)
MODULE(elf)
MODULE(math)
#ifdef CUCKOO
MODULE(cuckoo)
MODULE(androguard)
#endif
To include the androguard module, you need to modify the "libyara/Makefile.am" file by adding it to the cuckoo block:
MODULES = modules/tests.c
MODULES += modules/pe.c
if CUCKOO
MODULES += modules/cuckoo.c
MODULES += modules/androguard.c
endif
After making these changes, recompile Yara to enable the cuckoo module.
