awesome-yara

A curated list of awesome YARA rules, tools, and people.

GitHub
4k stars
172 watching
486 forks
last commit: about 1 month ago
Linked from 9 awesome lists

awesomeawesome-listawesome-yaraiocmalware-analysismalware-detectionmalware-researchmalware-rulesthreat-huntingyarayara-manageryara-rulesyara-scanneryara-signatures

Awesome YARA / Guides
Yara Performance Guidelines 123 over 1 year ago
YARA-Style-Guide 34 8 months ago

Awesome YARA / Rules
AlienVault Labs Rules 509 almost 3 years ago

Awesome YARA / Rules / AlienVault Labs Rules
AlienVault Labs Collection of tools, signatures, and rules from the researchers at . Search the repo for .yar and .yara extensions to find about two dozen rules ranging from APT detection to generic sandbox / VM detection. Last updated in January of 2016

Awesome YARA / Rules
anyrun rules 10 3 months ago
Apple OSX
bartblaze YARA rules 323 about 2 months ago
BinaryAlert YARA Rules 1,405 10 months ago
Burp YARA Rules 43 over 2 years ago
BinSequencer 74 almost 3 years ago
CAPE Rules 1,905 8 days ago
CDI Rules 19 about 1 year ago

Awesome YARA / Rules / CDI Rules
CyberDefenses Collection of YARA rules released by for public use. Built from information in intelligence profiles, dossiers and file work

Awesome YARA / Rules
Citizen Lab Malware Signatures 132 almost 8 years ago
ConventionEngine Rules 37 over 1 year ago
Deadbits Rules 42 11 months ago

Awesome YARA / Rules / Deadbits Rules
Adam Swanda A collection of YARA rules made public by , Splunk's Principal Threat Intel. Analyst, from his own recent malware research

Awesome YARA / Rules
Delivr.to Detections 57 about 1 month ago
Didier Stevens Rules 1,971 27 days ago

Awesome YARA / Rules / Didier Stevens Rules
NVISO Labs Blog Collection of rules from Didier Stevens, author of a suite of tools for inspecting OLE/RTF/PDF. Didier's rules are worth scrutinizing and are generally written purposed towards hunting. New rules are frequently announced through the

Awesome YARA / Rules
Ditekshen Rules 201 12 days ago
Elastic Security YARA Rules 1,003 17 days ago
ESET IOCs 1,606 25 days ago

Awesome YARA / Rules / ESET IOCs
ESET WeLiveSecurity Blog Collection of YARA and Snort rules from IOCs collected by ESET researchers. There's about a dozen YARA Rules to glean from in this repo, search for file extension .yar. This repository is seemingly updated on a roughly monthly interval. New IOCs are often mentioned on the

Awesome YARA / Rules
Fidelis Rules
Filescan.io Rules 5 about 1 month ago
FireEye 2,644 7 months ago
Florian Roth Rules 2,449 8 days ago
Florian Roth's IDDQD Rule
f0wl yara_rules 10 over 2 years ago

Awesome YARA / Rules / f0wl yara_rules
https://dissectingmalwa.re/ A collection of Yara rules from blog posts

Awesome YARA / Rules
Frank Boldewin's Rules 61 over 1 year ago

Awesome YARA / Rules / Frank Boldewin's Rules
@r3c0nst A collection of YARA Rules from

Awesome YARA / Rules
FSF Rules 286 about 3 years ago
GoDaddy ProcFilter Rules 84 about 7 years ago
Google Cloud Threat Intelligence(GCTI) Rules 524 10 months ago
h3x2b Rules 23 about 1 month ago
HydraDragonAntivirus 35 8 days ago
Icewater Rules 379 over 5 years ago
imp0rtp3's Rules 18 almost 3 years ago
Intezer Rules 122 almost 3 years ago
InQuest Rules 362 over 2 years ago

Awesome YARA / Rules / InQuest Rules
InQuest Blog YARA rules published by InQuest researchers mostly geared towards threat hunting on Virus Total. Rules are updated as new samples are collected and novel pivots are discovered. The will often discuss new findings

Awesome YARA / Rules
jeFF0Falltrades Rules 29 15 days ago
kevthehermit Rules 51 over 8 years ago
Loginsoft Rules
lw-yara 102 over 3 years ago
ndaal_YARA_passwords_default
ndaal_YARA_passwords_weak
NCC Group Rules 474 almost 3 years ago
MalGamy's YARA_Rules 64 over 1 year ago
Malice.IO YARA Plugin Rules 30 about 5 years ago
Malpedia Auto Generated Rules
Malpedia Auto Generated Rules Repo 112 10 months ago
McAfee Advanced Threat Research IOCs 79 about 3 years ago
McAfee Advanced Threat Research Yara-Rules 563 10 months ago
mikesxrs YARA Rules Collection 329 6 months ago
Public YARA Rules 11 over 5 years ago
QuickSand Lite Rules 125 about 1 year ago
Rapid7-Labs 40 2 months ago
Rastrea2r 235 about 3 years ago
ReversingLabs YARA Rules 749 25 days ago
Securitymagic's YARA Rules 11 10 months ago
Sophos AI YaraML Rules 209 about 1 year ago
SpiderLabs Rules 243 about 8 years ago
StrangeRealIntel's Daily IOCs 310 10 months ago
t4d's PhishingKit-Yara-Rules 204 13 days ago
Telekom Security Malare Analysis Repository 110 10 months ago
Tenable Rules 60 almost 2 years ago
ThreatHunting-Keywords-yara-rules 77 15 days ago
TjadaNel Rules 9 over 5 years ago
VectraThreatLab Rules 19 almost 9 years ago
Volexity - Threat-Intel 312 2 months ago
x64dbg Signatures 84 over 5 years ago
YAIDS 21 almost 2 years ago
YARA-FORENSICS 135 about 4 years ago
YARA Forge
yara4pentesters 124 over 6 years ago
YaraRules Project Official Repo 4,129 6 months ago
Yara-Unprotect 25 almost 4 years ago

Awesome YARA / Rules / Yara-Unprotect
Unprotect Project

Awesome YARA / Tools
AirBnB BinaryAlert 1,405 10 months ago
alterix 15 16 days ago
androguard-yara 6 about 9 years ago
a-ray-grass 14 about 2 years ago

Awesome YARA / Tools / a-ray-grass
hashlookup.io YARA module that provides support for bloom filters in yara. In the context of , it allows to quickly discard known files before any further analysis

Awesome YARA / Tools
Arya- The Reverse YARA 239 almost 2 years ago
Audit Node Modules With YARA Rules 20 over 3 years ago
AutoYara 59 over 3 years ago
base64_substring 40 about 6 years ago
bincapz 406 12 days ago
CAPE: Config And Payload Extraction 1,905 8 days ago
CCCS-Yara 95 about 1 month ago
clara 32 5 months ago
Cloudina Security Hawk 20 about 1 month ago
CrowdStrike Feed Management System 129 almost 6 years ago
CSE-CST AssemblyLine

Awesome YARA / Tools / CSE-CST AssemblyLine
AssemblyLine The Canadian Communications Security Establishment (CSE) open sourced , a platform for analyzing malicious files. The component linked here provides an interface to YARA

Awesome YARA / Tools
decompressingyara 7 over 1 year ago
dnYara 36 over 1 year ago
ELAT 29 about 8 years ago
Emerson File Scanning Framework (FSF) 286 about 3 years ago
ExchangeFilter 20 about 3 years ago
factual-rules-generator 75 over 2 years ago
Fadavvi YARA collection script 26 about 1 year ago
FARA 48 9 months ago
Fastfinder 231 over 2 years ago
findcrypt-yara 1,321 5 months ago and
Fibratus

Awesome YARA / Tools / Fibratus
support for YARA A modern tool for Windows kernel exploration and observability with a focus on security and

Awesome YARA / Tools
Fnord 296 over 2 years ago
GoDaddy ProcFilter 397 over 4 years ago
go-yara 356 2 months ago
halogen 208 over 2 years ago
Hyara 222 6 months ago
IDA_scripts 12 almost 7 years ago
ida_yara 22 about 6 years ago
ida-yara-processor 28 over 5 years ago
InQuest ThreatKB 95 4 months ago
iocextract 498 about 1 month ago
Invoke-Yara
java2yara 3 over 2 years ago
KLara 695 2 months ago
Laika BOSS 734 over 1 year ago

Awesome YARA / Tools / Laika BOSS
Whitepaper 734 over 1 year ago

Awesome YARA / Tools
libyara.NET 49 about 2 months ago
Malcat
MalConfScan 481 10 months ago
malscan 12 over 6 years ago
Manalyzer Yara Validator
MISP Threat Sharing 5,281 8 days ago
MITRE MultiScanner 616 almost 5 years ago
mkYARA 200 almost 3 years ago
mquery 409 11 days ago
ndaal YARA ruleset checker

Awesome YARA / Tools / Nextron Systems OSS and Commercial Tools (Florian Roth: @Neo23x0)
Loki 3,353 7 months ago IOC and YARA rule scanner implemented in Python. Open source and free
THOR Lite IOC and YARA rule scanner implemented in Go. Closed source, free, but registration required

Awesome YARA / Tools
node-yara 13 over 3 years ago
ocaml-yara 5 about 2 months ago
OCYara 40 almost 6 years ago
osquery
PasteHunter 1,059 4 months ago
plast 17 about 4 years ago
plyara 173 3 months ago
Polichombr 373 over 5 years ago
PwC Cyber Threat Operations rtfsig 29 8 months ago
VirusTotalTools 34 over 6 years ago
shotgunyara 9 about 2 years ago
spyre 163 about 1 month ago
static_file_analysis 49 about 1 year ago
stoQ 394 over 2 years ago
Strelka 859 30 days ago
Sysmon EDR 217 over 3 years ago
SwishDbgExt 367 almost 6 years ago
ThreatIngestor 821 8 months ago
UXProtect
VTCodeSimilarity-YaraGen 96 almost 4 years ago

Awesome YARA / Tools / VTCodeSimilarity-YaraGen
@arieljt Yara rule generator using VirusTotal code similarity feature written by

Awesome YARA / Tools
Vxsig 257 8 months ago
yabin 156 about 2 years ago
yaml2yara 22 over 4 years ago
YARA-CI
yaradbg-backend 24 9 months ago
yaradbg-frontend 37 8 months ago
yara-endpoint 104 over 6 years ago
YaraFileCheckerLib 2 over 2 years ago
YaraGenerator 329 over 8 years ago
YaraGen 35 about 7 years ago and
YaraGuardian 190 about 6 years ago
YaraHunter 1,236 24 days ago
yara-java 23 4 months ago
yaralyzer 102 6 months ago
yaramail
yaraMail 28 almost 5 years ago
Yara Malware Quick menu scanner 35 over 8 years ago
YaraManager 57 over 4 years ago
Yaramanager 65 almost 2 years ago ( )
yaramod 119 5 days ago
yarAnalyzer 358 over 1 year ago
yara-ocaml 11 almost 5 years ago
yara-parser 81 almost 2 years ago
yaraparser 8 about 4 years ago
yaraPCAP 99 about 11 years ago
yara-procdump-python 10 almost 7 years ago
yara-rust 75 9 days ago
yara-signator 153 about 2 years ago
YARA-sort 12 9 days ago

Awesome YARA / Tools / YARA-sort
blog Aggregate files into collections basd on YARA rules

Awesome YARA / Tools
Yara Python ICAP Server 57 about 3 years ago
yarasafe 100 over 4 years ago
Yara-Scanner 46 over 8 years ago
yarascanner 27 about 7 years ago
YaraSharp 35 over 2 years ago
Yara Toolkit
YaraStation 35 over 2 years ago
yara_tools 71 over 5 years ago
Yara-Validator 39 about 4 years ago
yaraVT 5 almost 7 years ago
yara_zip_module 13 almost 2 years ago
yarg 25 about 4 years ago
yarGen 1,537 4 months ago
Yara Scanner 18 almost 2 years ago
Yarasilly2 28 4 months ago
yaya 261 9 months ago
YaYaGen 61 almost 6 years ago
Yeti 1,717 9 days ago
yextend 297 over 2 years ago
yaraZeekAlert 60 10 months ago
yaraScanParser 11 over 3 years ago

Awesome YARA / Tools / yaraScanParser
Yara Scan Service Parsing tool for 's JSON output file

Awesome YARA / Tools
YARI 87 5 months ago
YLS 68 6 months ago
YMCA 3 over 2 years ago
Yobi 48 about 3 years ago
statiStrings 12 about 3 years ago

Awesome YARA / Services
Hybrid Analysis YARA Search
InQuest Labs
Koodous
MalShare
MalwareConfig
YaraEditor (Web)
YARAify
Yara Scan Service

Awesome YARA / Syntax Highlighters
language-yara 24 about 3 years ago Atom:
yara-mode 7 about 2 years ago Emacs:
GtkSourceView-YARA 3 over 4 years ago GTK-based editors, like gedit and xed:
userDefinedLanguages 582 about 1 month ago Notepad++:
YaraSyntax 19 almost 2 years ago Sublime Text:
vim-yara 14 over 3 years ago Vim: ,
vscode-yara 60 9 months ago Visual Studio Code:

Awesome YARA / Videos and Talks
Finding Evil with YARA
SAS2018: Finding aliens, star weapons and ponies with YARA
Costin Raiu - Combining code similarity with Yara to find goodies
YARA Rule Processing Sessions - Florian Roth
Upping the APT hunting game: learn the best YARA practices from Kaspersky
Star-Gazing | Using a Full Galaxy of YARA Methods to Pursue an Apex Actor | By Greg Lesnewich
Lightweight Binary Similarity - YARA Using PE Features for Quick Wins 4 almost 3 years ago
DEF CON 26 - Andrea Marcelli - Looking for the perfect signature an automatic YARA rules
Crawler 6,405 4 months ago
CVE PoC 3,299 almost 3 years ago
Forensics 3,902 3 days ago
Hacking 12,929 4 months ago
HackwithGithub 83,436 about 1 month ago
Honeypots 8,497 about 2 months ago
Incident-Response 7,561 3 months ago
Infosec 5,154 7 months ago
IOCs 789 3 months ago
Malware Analysis 11,673 4 months ago
ML for Cyber Security 7,193 about 2 months ago
OSINT 18,495 15 days ago
PCAP Tools 3,106 5 months ago
Pentesting 21,508 11 days ago
Reversing 4,047 about 1 year ago
Security 12,288 2 months ago
Static Analysis 13,242 6 days ago
Threat Detection 3,621 3 months ago
Threat Intelligence 7,914 about 2 months ago

Backlinks from these awesome lists: