awesome-yara
A curated list of awesome YARA rules, tools, and people.
4k stars
171 watching
486 forks
last commit: about 2 months ago
Linked from 9 awesome lists
awesomeawesome-listawesome-yaraiocmalware-analysismalware-detectionmalware-researchmalware-rulesthreat-huntingyarayara-manageryara-rulesyara-scanneryara-signatures
Awesome YARA / Guides | |||
Yara Performance Guidelines | 124 | over 1 year ago | |
YARA-Style-Guide | 35 | 8 months ago | |
Awesome YARA / Rules | |||
AlienVault Labs Rules | 509 | almost 3 years ago | |
Awesome YARA / Rules / AlienVault Labs Rules | |||
AlienVault Labs | Collection of tools, signatures, and rules from the researchers at . Search the repo for .yar and .yara extensions to find about two dozen rules ranging from APT detection to generic sandbox / VM detection. Last updated in January of 2016 | ||
Awesome YARA / Rules | |||
anyrun rules | 11 | 11 days ago | |
Apple OSX | |||
bartblaze YARA rules | 323 | about 2 months ago | |
BinaryAlert YARA Rules | 1,405 | 10 months ago | |
Burp YARA Rules | 43 | over 2 years ago | |
BinSequencer | 74 | almost 3 years ago | |
CAPE Rules | 1,924 | 1 day ago | |
CDI Rules | 19 | about 1 year ago | |
Awesome YARA / Rules / CDI Rules | |||
CyberDefenses | Collection of YARA rules released by for public use. Built from information in intelligence profiles, dossiers and file work | ||
Awesome YARA / Rules | |||
Citizen Lab Malware Signatures | 132 | almost 8 years ago | |
ConventionEngine Rules | 37 | over 1 year ago | |
Deadbits Rules | 42 | 11 months ago | |
Awesome YARA / Rules / Deadbits Rules | |||
Adam Swanda | A collection of YARA rules made public by , Splunk's Principal Threat Intel. Analyst, from his own recent malware research | ||
Awesome YARA / Rules | |||
Delivr.to Detections | 58 | about 1 month ago | |
Didier Stevens Rules | 1,979 | about 1 month ago | |
Awesome YARA / Rules / Didier Stevens Rules | |||
NVISO Labs Blog | Collection of rules from Didier Stevens, author of a suite of tools for inspecting OLE/RTF/PDF. Didier's rules are worth scrutinizing and are generally written purposed towards hunting. New rules are frequently announced through the | ||
Awesome YARA / Rules | |||
Ditekshen Rules | 202 | 8 days ago | |
Elastic Security YARA Rules | 1,007 | 9 days ago | |
ESET IOCs | 1,614 | 5 days ago | |
Awesome YARA / Rules / ESET IOCs | |||
ESET WeLiveSecurity Blog | Collection of YARA and Snort rules from IOCs collected by ESET researchers. There's about a dozen YARA Rules to glean from in this repo, search for file extension .yar. This repository is seemingly updated on a roughly monthly interval. New IOCs are often mentioned on the | ||
Awesome YARA / Rules | |||
Fidelis Rules | |||
Filescan.io Rules | 7 | 3 days ago | ✨ |
FireEye | 2,645 | 7 months ago | |
Florian Roth Rules | 2,457 | 3 days ago | |
Florian Roth's IDDQD Rule | |||
f0wl yara_rules | 10 | over 2 years ago | |
Awesome YARA / Rules / f0wl yara_rules | |||
https://dissectingmalwa.re/ | A collection of Yara rules from blog posts | ||
Awesome YARA / Rules | |||
Frank Boldewin's Rules | 61 | over 1 year ago | |
Awesome YARA / Rules / Frank Boldewin's Rules | |||
@r3c0nst | A collection of YARA Rules from | ||
Awesome YARA / Rules | |||
FSF Rules | 287 | about 3 years ago | |
GoDaddy ProcFilter Rules | 84 | about 7 years ago | |
Google Cloud Threat Intelligence(GCTI) Rules | 525 | 10 months ago | |
h3x2b Rules | 23 | about 1 month ago | |
HydraDragonAntivirus | 37 | 7 days ago | |
Icewater Rules | 379 | over 5 years ago | |
imp0rtp3's Rules | 18 | almost 3 years ago | |
Intezer Rules | 122 | almost 3 years ago | |
InQuest Rules | 363 | over 2 years ago | |
Awesome YARA / Rules / InQuest Rules | |||
InQuest Blog | YARA rules published by InQuest researchers mostly geared towards threat hunting on Virus Total. Rules are updated as new samples are collected and novel pivots are discovered. The will often discuss new findings | ||
Awesome YARA / Rules | |||
jeFF0Falltrades Rules | 29 | 23 days ago | |
kevthehermit Rules | 51 | over 8 years ago | |
Loginsoft Rules | |||
lw-yara | 102 | over 3 years ago | |
ndaal_YARA_passwords_default | |||
ndaal_YARA_passwords_weak | |||
NCC Group Rules | 474 | almost 3 years ago | |
MalGamy's YARA_Rules | 64 | over 1 year ago | |
Malice.IO YARA Plugin Rules | 30 | about 5 years ago | |
Malpedia Auto Generated Rules | |||
Malpedia Auto Generated Rules Repo | 112 | 10 months ago | |
McAfee Advanced Threat Research IOCs | 79 | about 3 years ago | |
McAfee Advanced Threat Research Yara-Rules | 563 | 10 months ago | |
mikesxrs YARA Rules Collection | 330 | 6 months ago | |
Public YARA Rules | 11 | over 5 years ago | |
QuickSand Lite Rules | 126 | about 1 year ago | |
Rapid7-Labs | 42 | 2 months ago | |
Rastrea2r | 236 | about 3 years ago | |
ReversingLabs YARA Rules | 756 | 3 days ago | |
Securitymagic's YARA Rules | 11 | 10 months ago | |
Sophos AI YaraML Rules | 209 | over 1 year ago | |
SpiderLabs Rules | 244 | about 8 years ago | |
StrangeRealIntel's Daily IOCs | 310 | 10 months ago | |
t4d's PhishingKit-Yara-Rules | 205 | 6 days ago | |
Telekom Security Malare Analysis Repository | 110 | 10 months ago | |
Tenable Rules | 60 | almost 2 years ago | |
ThreatHunting-Keywords-yara-rules | 77 | 23 days ago | |
TjadaNel Rules | 9 | over 5 years ago | |
VectraThreatLab Rules | 19 | almost 9 years ago | |
Volexity - Threat-Intel | 313 | 2 months ago | |
x64dbg Signatures | 84 | over 5 years ago | |
YAIDS | 21 | almost 2 years ago | |
YARA-FORENSICS | 135 | about 4 years ago | |
YARA Forge | |||
yara4pentesters | 124 | over 6 years ago | |
YaraRules Project Official Repo | 4,146 | 6 months ago | |
Yara-Unprotect | 25 | almost 4 years ago | |
Awesome YARA / Rules / Yara-Unprotect | |||
Unprotect Project | |||
Awesome YARA / Tools | |||
AirBnB BinaryAlert | 1,405 | 10 months ago | |
alterix | 15 | 23 days ago | |
androguard-yara | 6 | about 9 years ago | |
a-ray-grass | 14 | about 2 years ago | |
Awesome YARA / Tools / a-ray-grass | |||
hashlookup.io | YARA module that provides support for bloom filters in yara. In the context of , it allows to quickly discard known files before any further analysis | ||
Awesome YARA / Tools | |||
Arya- The Reverse YARA | 240 | almost 2 years ago | |
Audit Node Modules With YARA Rules | 20 | over 3 years ago | |
AutoYara | 59 | over 3 years ago | |
base64_substring | 40 | about 6 years ago | |
bincapz | 407 | 4 days ago | |
CAPE: Config And Payload Extraction | 1,924 | 1 day ago | |
CCCS-Yara | 96 | about 1 month ago | |
clara | 32 | 5 months ago | |
Cloudina Security Hawk | 20 | about 1 month ago | |
CrowdStrike Feed Management System | 129 | almost 6 years ago | |
CSE-CST AssemblyLine | |||
Awesome YARA / Tools / CSE-CST AssemblyLine | |||
AssemblyLine | The Canadian Communications Security Establishment (CSE) open sourced , a platform for analyzing malicious files. The component linked here provides an interface to YARA | ||
Awesome YARA / Tools | |||
decompressingyara | 7 | over 1 year ago | |
dnYara | 36 | over 1 year ago | |
ELAT | 29 | about 8 years ago | |
Emerson File Scanning Framework (FSF) | 287 | about 3 years ago | |
ExchangeFilter | 20 | about 3 years ago | |
factual-rules-generator | 75 | over 2 years ago | |
Fadavvi YARA collection script | 26 | about 1 year ago | |
FARA | 48 | 9 months ago | |
Fastfinder | 230 | over 2 years ago | |
findcrypt-yara | 1,330 | 5 months ago | and |
Fibratus | |||
Awesome YARA / Tools / Fibratus | |||
support for YARA | A modern tool for Windows kernel exploration and observability with a focus on security and | ||
Awesome YARA / Tools | |||
Fnord | 296 | over 2 years ago | |
GoDaddy ProcFilter | 397 | over 4 years ago | |
go-yara | 356 | 3 months ago | |
halogen | 208 | over 2 years ago | |
Hyara | 222 | 6 months ago | |
IDA_scripts | 12 | almost 7 years ago | |
ida_yara | 22 | about 6 years ago | |
ida-yara-processor | 28 | over 5 years ago | |
InQuest ThreatKB | 95 | 4 months ago | |
iocextract | 500 | about 1 month ago | |
Invoke-Yara | |||
java2yara | 3 | over 2 years ago | |
KLara | 695 | 3 months ago | |
Laika BOSS | 736 | over 1 year ago | |
Awesome YARA / Tools / Laika BOSS | |||
Whitepaper | 736 | over 1 year ago | |
Awesome YARA / Tools | |||
libyara.NET | 51 | 2 months ago | |
Malcat | |||
MalConfScan | 481 | 10 months ago | |
malscan | 12 | over 6 years ago | |
Manalyzer Yara Validator | |||
MISP Threat Sharing | 5,309 | 1 day ago | |
MITRE MultiScanner | 617 | about 5 years ago | |
mkYARA | 201 | about 3 years ago | |
mquery | 411 | 4 days ago | |
ndaal YARA ruleset checker | |||
Awesome YARA / Tools / Nextron Systems OSS and Commercial Tools (Florian Roth: @Neo23x0) | |||
Loki | 3,364 | 7 months ago | IOC and YARA rule scanner implemented in Python. Open source and free |
THOR Lite | IOC and YARA rule scanner implemented in Go. Closed source, free, but registration required | ||
Awesome YARA / Tools | |||
node-yara | 13 | over 3 years ago | |
ocaml-yara | 5 | 2 months ago | |
OCYara | 40 | almost 6 years ago | |
osquery | |||
PasteHunter | 1,060 | 4 months ago | |
plast | 17 | about 4 years ago | |
plyara | 173 | 4 months ago | |
Polichombr | 374 | over 5 years ago | |
PwC Cyber Threat Operations rtfsig | 29 | 9 months ago | |
VirusTotalTools | 35 | over 6 years ago | |
shotgunyara | 9 | about 2 years ago | |
spyre | 163 | about 2 months ago | |
static_file_analysis | 49 | about 1 year ago | |
stoQ | 394 | over 2 years ago | |
Strelka | 863 | about 1 month ago | |
Sysmon EDR | 217 | over 3 years ago | |
SwishDbgExt | 367 | almost 6 years ago | |
ThreatIngestor | 823 | 8 months ago | |
UXProtect | |||
VTCodeSimilarity-YaraGen | 96 | about 4 years ago | |
Awesome YARA / Tools / VTCodeSimilarity-YaraGen | |||
@arieljt | Yara rule generator using VirusTotal code similarity feature written by | ||
Awesome YARA / Tools | |||
Vxsig | 257 | 8 months ago | |
yabin | 156 | about 2 years ago | |
yaml2yara | 22 | over 4 years ago | |
YARA-CI | |||
yaradbg-backend | 24 | 9 months ago | |
yaradbg-frontend | 37 | 9 months ago | |
yara-endpoint | 104 | over 6 years ago | |
YaraFileCheckerLib | 2 | over 2 years ago | |
YaraGenerator | 329 | over 8 years ago | |
YaraGen | 35 | about 7 years ago | and |
YaraGuardian | 190 | about 6 years ago | |
YaraHunter | 1,236 | 5 days ago | |
yara-java | 23 | 4 months ago | |
yaralyzer | 103 | 7 months ago | |
yaramail | |||
yaraMail | 28 | almost 5 years ago | |
Yara Malware Quick menu scanner | 35 | over 8 years ago | |
YaraManager | 57 | over 4 years ago | |
Yaramanager | 65 | almost 2 years ago | ( ) |
yaramod | 119 | 12 days ago | |
yarAnalyzer | 358 | over 1 year ago | |
yara-ocaml | 11 | almost 5 years ago | |
yara-parser | 81 | almost 2 years ago | |
yaraparser | 8 | about 4 years ago | |
yaraPCAP | 100 | about 11 years ago | |
yara-procdump-python | 10 | almost 7 years ago | |
yara-rust | 76 | 16 days ago | |
yara-signator | 153 | about 2 years ago | |
YARA-sort | 12 | 1 day ago | |
Awesome YARA / Tools / YARA-sort | |||
blog | Aggregate files into collections basd on YARA rules | ||
Awesome YARA / Tools | |||
Yara Python ICAP Server | 57 | about 3 years ago | |
yarasafe | 100 | over 4 years ago | |
Yara-Scanner | 46 | over 8 years ago | |
yarascanner | 27 | over 7 years ago | |
YaraSharp | 35 | over 2 years ago | |
Yara Toolkit | |||
YaraStation | 35 | over 2 years ago | |
yara_tools | 71 | almost 6 years ago | |
Yara-Validator | 39 | about 4 years ago | |
yaraVT | 5 | almost 7 years ago | |
yara_zip_module | 13 | almost 2 years ago | |
yarg | 25 | about 4 years ago | |
yarGen | 1,543 | 4 months ago | |
Yara Scanner | 18 | almost 2 years ago | |
Yarasilly2 | 28 | 4 months ago | |
yaya | 261 | 10 months ago | |
YaYaGen | 61 | about 6 years ago | |
Yeti | 1,724 | 1 day ago | |
yextend | 297 | over 2 years ago | |
yaraZeekAlert | 60 | 10 months ago | |
yaraScanParser | 11 | over 3 years ago | |
Awesome YARA / Tools / yaraScanParser | |||
Yara Scan Service | Parsing tool for 's JSON output file | ||
Awesome YARA / Tools | |||
YARI | 87 | 5 months ago | |
YLS | 68 | 6 months ago | |
YMCA | 3 | over 2 years ago | |
Yobi | 47 | about 3 years ago | |
statiStrings | 12 | about 3 years ago | |
Awesome YARA / Services | |||
Hybrid Analysis YARA Search | |||
InQuest Labs | |||
Koodous | |||
MalShare | |||
MalwareConfig | |||
YaraEditor (Web) | |||
YARAify | |||
Yara Scan Service | |||
Awesome YARA / Syntax Highlighters | |||
language-yara | 24 | about 3 years ago | Atom: |
yara-mode | 7 | about 2 years ago | Emacs: |
GtkSourceView-YARA | 3 | over 4 years ago | GTK-based editors, like gedit and xed: |
userDefinedLanguages | 583 | 5 days ago | Notepad++: |
YaraSyntax | 19 | almost 2 years ago | Sublime Text: |
vim-yara | 14 | over 3 years ago | Vim: , |
vscode-yara | 60 | 9 months ago | Visual Studio Code: |
Awesome YARA / Videos and Talks | |||
Finding Evil with YARA | |||
SAS2018: Finding aliens, star weapons and ponies with YARA | |||
Costin Raiu - Combining code similarity with Yara to find goodies | |||
YARA Rule Processing Sessions - Florian Roth | |||
Upping the APT hunting game: learn the best YARA practices from Kaspersky | |||
Star-Gazing | Using a Full Galaxy of YARA Methods to Pursue an Apex Actor | By Greg Lesnewich | |||
Lightweight Binary Similarity - YARA Using PE Features for Quick Wins | 4 | about 3 years ago | |
DEF CON 26 - Andrea Marcelli - Looking for the perfect signature an automatic YARA rules | |||
Awesome YARA / Related Awesome Lists | |||
Crawler | 6,418 | 4 months ago | |
CVE PoC | 3,304 | almost 3 years ago | |
Forensics | 3,927 | about 19 hours ago | |
Hacking | 12,967 | 4 months ago | |
HackwithGithub | 83,778 | about 2 months ago | |
Honeypots | 8,520 | about 2 months ago | |
Incident-Response | 7,584 | 3 months ago | |
Infosec | 5,165 | 8 months ago | |
IOCs | 794 | 5 days ago | |
Malware Analysis | 11,701 | 4 months ago | |
ML for Cyber Security | 7,202 | about 2 months ago | |
OSINT | 18,626 | 23 days ago | |
PCAP Tools | 3,116 | 5 months ago | |
Pentesting | 21,566 | about 23 hours ago | |
Reversing | 4,052 | about 1 year ago | |
Security | 12,322 | 3 months ago | |
Static Analysis | 13,266 | 4 days ago | |
Threat Detection | 3,644 | 3 months ago | |
Threat Intelligence | 7,958 | about 2 months ago |