YARALYZER

Visually inspect all regex matches, along with their more sophisticated counterparts, the YARA matches, found within binary data and/or text. Observe the effects of applying various character encodings to those matched bytes, and enjoy the visualizations in color. Quick Start: - Install yaralyzer using pipx: pipx install yaralyzer - To scan against YARA definitions in a file, use: yaralyze --yara-rules /secret/vault/sigmunds_malware_rules.yara lacan_buys_the_dip.pdf - To scan against a specific regular expression, use: yaralyze --regex-pattern 'good and evil.*of\s+\w+byte' the_crypto_archipelago.exe - To scan against a specific YARA hex pattern, use: yaralyze --hex-pattern 'd0 93 d0 a3 d0 [-] 9b d0 90 d0 93' one_day_in_the_life_of_ivan_cryptosovich.bin

View the actual bytes that your YARA rules are matching. No longer do you need to search through and copy/paste the starting positions reported by YARA into your preferred hex editor. This tool displays both the bytes matched by YARA and a customizable number of bytes before and after each match, presented in both hexadecimal format and as 'raw' Python string representation. You can also perform the same analysis for byte patterns and regular expressions without the need to create a YARA file. If you find it cumbersome to write a YARA file but want to check, for example, whether the...