awesome-yara
YARA library
A curated collection of YARA rules and tools for malware analysis and threat detection.
A curated list of awesome YARA rules, tools, and people.
4k stars
175 watching
495 forks
last commit: 2 months ago
Linked from 9 awesome lists
awesomeawesome-listawesome-yaraiocmalware-analysismalware-detectionmalware-researchmalware-rulesthreat-huntingyarayara-manageryara-rulesyara-scanneryara-signatures
Awesome YARA / Guides | |||
| Yara Performance Guidelines | 126 | almost 2 years ago | |
| YARA-Style-Guide | 39 | 11 months ago | |
Awesome YARA / Rules | |||
| AlienVault Labs Rules | 515 | about 3 years ago | |
Awesome YARA / Rules / AlienVault Labs Rules | |||
| AlienVault Labs | Collection of tools, signatures, and rules from the researchers at . Search the repo for .yar and .yara extensions to find about two dozen rules ranging from APT detection to generic sandbox / VM detection. Last updated in January of 2016 | ||
Awesome YARA / Rules | |||
| anyrun rules | 15 | about 2 months ago | |
| Apple OSX | |||
| bartblaze YARA rules | 336 | 2 months ago | |
| BinaryAlert YARA Rules | 1,415 | about 1 year ago | |
| Burp YARA Rules | 44 | almost 3 years ago | |
| BinSequencer | 74 | about 3 years ago | |
| CAPE Rules | 2,043 | about 1 month ago | |
| CDI Rules | 19 | over 1 year ago | |
Awesome YARA / Rules / CDI Rules | |||
| CyberDefenses | Collection of YARA rules released by for public use. Built from information in intelligence profiles, dossiers and file work | ||
Awesome YARA / Rules | |||
| Citizen Lab Malware Signatures | 134 | about 8 years ago | |
| ConventionEngine Rules | 37 | almost 2 years ago | |
| Deadbits Rules | 43 | about 1 year ago | |
Awesome YARA / Rules / Deadbits Rules | |||
| Adam Swanda | A collection of YARA rules made public by , Splunk's Principal Threat Intel. Analyst, from his own recent malware research | ||
Awesome YARA / Rules | |||
| Delivr.to Detections | 63 | about 1 month ago | |
| Didier Stevens Rules | 2,051 | about 2 months ago | |
Awesome YARA / Rules / Didier Stevens Rules | |||
| NVISO Labs Blog | Collection of rules from Didier Stevens, author of a suite of tools for inspecting OLE/RTF/PDF. Didier's rules are worth scrutinizing and are generally written purposed towards hunting. New rules are frequently announced through the | ||
Awesome YARA / Rules | |||
| Ditekshen Rules | 213 | 3 months ago | |
| Elastic Security YARA Rules | 1,074 | about 1 month ago | |
| ESET IOCs | 1,698 | about 2 months ago | |
Awesome YARA / Rules / ESET IOCs | |||
| ESET WeLiveSecurity Blog | Collection of YARA and Snort rules from IOCs collected by ESET researchers. There's about a dozen YARA Rules to glean from in this repo, search for file extension .yar. This repository is seemingly updated on a roughly monthly interval. New IOCs are often mentioned on the | ||
Awesome YARA / Rules | |||
| Fidelis Rules | |||
| Filescan.io Rules | 9 | about 1 month ago | ✨ |
| FireEye | 2,652 | 11 months ago | |
| Florian Roth Rules | 2,509 | about 1 month ago | |
| Florian Roth's IDDQD Rule | |||
| f0wl yara_rules | 10 | almost 3 years ago | |
Awesome YARA / Rules / f0wl yara_rules | |||
| https://dissectingmalwa.re/ | A collection of Yara rules from blog posts | ||
Awesome YARA / Rules | |||
| Frank Boldewin's Rules | 62 | almost 2 years ago | |
Awesome YARA / Rules / Frank Boldewin's Rules | |||
| @r3c0nst | A collection of YARA Rules from | ||
Awesome YARA / Rules | |||
| FSF Rules | 290 | over 3 years ago | |
| GoDaddy ProcFilter Rules | 84 | over 7 years ago | |
| Google Cloud Threat Intelligence(GCTI) Rules | 533 | about 1 year ago | |
| h3x2b Rules | 23 | 5 months ago | |
| HydraDragonAntivirus | 41 | about 1 month ago | |
| Icewater Rules | 382 | over 5 years ago | |
| imp0rtp3's Rules | 18 | about 3 years ago | |
| Intezer Rules | 126 | about 3 years ago | |
| InQuest Rules | 368 | over 2 years ago | |
Awesome YARA / Rules / InQuest Rules | |||
| InQuest Blog | YARA rules published by InQuest researchers mostly geared towards threat hunting on Virus Total. Rules are updated as new samples are collected and novel pivots are discovered. The will often discuss new findings | ||
Awesome YARA / Rules | |||
| jeFF0Falltrades Rules | 29 | 4 months ago | |
| kevthehermit Rules | 52 | almost 9 years ago | |
| Loginsoft Rules | |||
| lw-yara | 102 | almost 4 years ago | |
| ndaal_YARA_passwords_default | |||
| ndaal_YARA_passwords_weak | |||
| NCC Group Rules | 475 | about 3 years ago | |
| MalGamy's YARA_Rules | 64 | almost 2 years ago | |
| Malice.IO YARA Plugin Rules | 30 | over 5 years ago | |
| Malpedia Auto Generated Rules | |||
| Malpedia Auto Generated Rules Repo | 116 | 2 months ago | |
| McAfee Advanced Threat Research IOCs | 79 | over 3 years ago | |
| McAfee Advanced Threat Research Yara-Rules | 573 | about 1 year ago | |
| mikesxrs YARA Rules Collection | 334 | 9 months ago | |
| Public YARA Rules | 11 | over 5 years ago | |
| QuickSand Lite Rules | 126 | over 1 year ago | |
| Rapid7-Labs | 54 | about 1 month ago | |
| Rastrea2r | 236 | over 3 years ago | |
| ReversingLabs YARA Rules | 776 | about 2 months ago | |
| Securitymagic's YARA Rules | 11 | about 1 year ago | |
| Sophos AI YaraML Rules | 214 | over 1 year ago | |
| SpiderLabs Rules | 245 | over 8 years ago | |
| StrangeRealIntel's Daily IOCs | 312 | about 1 year ago | |
| t4d's PhishingKit-Yara-Rules | 207 | about 1 month ago | |
| Telekom Security Malare Analysis Repository | 110 | about 1 year ago | |
| Tenable Rules | 60 | about 2 years ago | |
| ThreatHunting-Keywords-yara-rules | 90 | about 1 month ago | |
| TjadaNel Rules | 9 | over 5 years ago | |
| VectraThreatLab Rules | 19 | about 9 years ago | |
| Volexity - Threat-Intel | 342 | about 2 months ago | |
| x64dbg Signatures | 86 | over 5 years ago | |
| YAIDS | 22 | about 2 years ago | |
| YARA-FORENSICS | 135 | over 4 years ago | |
| YARA Forge | |||
| yara4pentesters | 125 | almost 7 years ago | |
| YaraRules Project Official Repo | 4,215 | 9 months ago | |
| Yara-Unprotect | 25 | about 4 years ago | |
Awesome YARA / Rules / Yara-Unprotect | |||
| Unprotect Project | |||
Awesome YARA / Tools | |||
| AirBnB BinaryAlert | 1,415 | about 1 year ago | |
| alterix | 15 | 4 months ago | |
| androguard-yara | 6 | over 9 years ago | |
| a-ray-grass | 14 | over 2 years ago | |
Awesome YARA / Tools / a-ray-grass | |||
| hashlookup.io | YARA module that provides support for bloom filters in yara. In the context of , it allows to quickly discard known files before any further analysis | ||
Awesome YARA / Tools | |||
| Arya- The Reverse YARA | 242 | about 2 years ago | |
| Audit Node Modules With YARA Rules | 20 | almost 4 years ago | |
| AutoYara | 61 | over 3 years ago | |
| base64_substring | 41 | over 6 years ago | |
| bincapz | 468 | about 1 month ago | |
| CAPE: Config And Payload Extraction | 2,043 | about 1 month ago | |
| CCCS-Yara | 100 | 5 months ago | |
| clara | 32 | 8 months ago | |
| Cloudina Security Hawk | 23 | 5 months ago | |
| CrowdStrike Feed Management System | 129 | about 6 years ago | |
| CSE-CST AssemblyLine | |||
Awesome YARA / Tools / CSE-CST AssemblyLine | |||
| AssemblyLine | The Canadian Communications Security Establishment (CSE) open sourced , a platform for analyzing malicious files. The component linked here provides an interface to YARA | ||
Awesome YARA / Tools | |||
| decompressingyara | 7 | over 1 year ago | |
| dnYara | 38 | over 1 year ago | |
| ELAT | 29 | over 8 years ago | |
| Emerson File Scanning Framework (FSF) | 290 | over 3 years ago | |
| ExchangeFilter | 20 | over 3 years ago | |
| factual-rules-generator | 76 | almost 3 years ago | |
| Fadavvi YARA collection script | 26 | over 1 year ago | |
| FARA | 49 | about 1 year ago | |
| Fastfinder | 234 | over 2 years ago | |
| findcrypt-yara | 1,376 | about 2 months ago | and |
| Fibratus | |||
Awesome YARA / Tools / Fibratus | |||
| support for YARA | A modern tool for Windows kernel exploration and observability with a focus on security and | ||
Awesome YARA / Tools | |||
| Fnord | 297 | almost 3 years ago | |
| GoDaddy ProcFilter | 396 | almost 5 years ago | |
| GhidraYara | 1 | 3 months ago | A Ghidra extension providing direct integration of YARA through an analyzer, as well as rule generation from code listings and management in the Ghidra UI. Supports an extensive library of cryptographic constants, CRC tables, etc |
| go-yara | 361 | 6 months ago | |
| halogen | 208 | over 2 years ago | |
| Hyara | 224 | 3 months ago | |
| IDA_scripts | 12 | about 7 years ago | |
| ida_yara | 22 | over 6 years ago | |
| ida-yara-processor | 29 | almost 6 years ago | |
| InQuest ThreatKB | 96 | 8 months ago | |
| iocextract | 513 | 5 months ago | |
| Invoke-Yara | |||
| java2yara | 3 | over 2 years ago | |
| KLara | 698 | 6 months ago | |
| Laika BOSS | 743 | about 1 month ago | |
Awesome YARA / Tools / Laika BOSS | |||
| Whitepaper | 743 | about 1 month ago | |
Awesome YARA / Tools | |||
| libyara.NET | 52 | 5 months ago | |
| Malcat | |||
| MalConfScan | 483 | about 1 year ago | |
| malscan | 12 | over 6 years ago | |
| Manalyzer Yara Validator | |||
| MISP Threat Sharing | 5,435 | about 1 month ago | |
| MITRE MultiScanner | 618 | over 5 years ago | |
| mkYARA | 205 | over 3 years ago | |
| mquery | 417 | about 1 month ago | |
| ndaal YARA ruleset checker | |||
Awesome YARA / Tools / Nextron Systems OSS and Commercial Tools (Florian Roth: @Neo23x0) | |||
| Loki | 3,419 | about 2 months ago | IOC and YARA rule scanner implemented in Python. Open source and free |
| THOR Lite | IOC and YARA rule scanner implemented in Go. Closed source, free, but registration required | ||
Awesome YARA / Tools | |||
| node-yara | 13 | over 3 years ago | |
| ocaml-yara | 5 | 5 months ago | |
| OCYara | 40 | about 6 years ago | |
| osquery | |||
| PasteHunter | 1,069 | 7 months ago | |
| plast | 17 | over 4 years ago | |
| plyara | 175 | about 1 month ago | |
| Polichombr | 376 | almost 6 years ago | |
| PwC Cyber Threat Operations rtfsig | 29 | 12 months ago | |
| VirusTotalTools | 35 | almost 7 years ago | |
| shotgunyara | 9 | over 2 years ago | |
| spyre | 164 | about 2 months ago | |
| static_file_analysis | 49 | over 1 year ago | |
| stoQ | 395 | over 2 years ago | |
| Strelka | 886 | about 1 month ago | |
| Sysmon EDR | 218 | over 3 years ago | |
| SwishDbgExt | 373 | about 6 years ago | |
| ThreatIngestor | 836 | 12 months ago | |
| UXProtect | |||
| VTCodeSimilarity-YaraGen | 96 | over 4 years ago | |
Awesome YARA / Tools / VTCodeSimilarity-YaraGen | |||
| @arieljt | Yara rule generator using VirusTotal code similarity feature written by | ||
Awesome YARA / Tools | |||
| Vxsig | 261 | about 1 month ago | |
| yabin | 158 | over 2 years ago | |
| yaml2yara | 22 | almost 5 years ago | |
| YARA-CI | |||
| yaradbg-backend | 24 | about 1 year ago | |
| yaradbg-frontend | 37 | 12 months ago | |
| yara-endpoint | 104 | almost 7 years ago | |
| YaraFileCheckerLib | 2 | almost 3 years ago | |
| YaraGenerator | 332 | almost 9 years ago | |
| YaraGen | 35 | over 7 years ago | and |
| YaraGuardian | 191 | over 6 years ago | |
| YaraHunter | 1,275 | about 1 month ago | |
| yara-java | 2 | 3 months ago | |
Awesome YARA / Tools / yara-java | |||
| old bindings | 23 | 8 months ago | Java bindings for YARA (Subreption fork, maintained as of 2024, ) |
Awesome YARA / Tools | |||
| yaralyzer | 109 | about 1 month ago | |
| yaramail | |||
| yaraMail | 28 | about 5 years ago | |
| Yara Malware Quick menu scanner | 35 | almost 9 years ago | |
| YaraManager | 57 | almost 5 years ago | |
| Yaramanager | 65 | about 2 years ago | ( ) |
| yaramod | 120 | about 1 month ago | |
| yarAnalyzer | 362 | almost 2 years ago | |
| yara-ocaml | 11 | about 5 years ago | |
| yara-parser | 82 | about 2 years ago | |
| yaraparser | 8 | over 4 years ago | |
| yaraPCAP | 101 | over 11 years ago | |
| yara-procdump-python | 11 | about 7 years ago | |
| yara-rust | 77 | 4 months ago | |
| yara-signator | 157 | over 2 years ago | |
| YARA-sort | 12 | about 1 month ago | |
Awesome YARA / Tools / YARA-sort | |||
| blog | Aggregate files into collections basd on YARA rules | ||
Awesome YARA / Tools | |||
| Yara Python ICAP Server | 57 | over 3 years ago | |
| yarasafe | 100 | almost 5 years ago | |
| Yara-Scanner | 46 | over 8 years ago | |
| yarascanner | 27 | over 7 years ago | |
| YaraSharp | 36 | almost 3 years ago | |
| Yara Toolkit | |||
| YaraStation | 36 | almost 3 years ago | |
| yara_tools | 72 | about 6 years ago | |
| Yara-Validator | 39 | over 4 years ago | |
| yaraVT | 5 | about 7 years ago | |
| yara_zip_module | 13 | about 2 years ago | |
| yarg | 25 | over 4 years ago | |
| yarGen | 1,569 | 7 months ago | |
| Yara Scanner | 18 | about 2 years ago | |
| Yarasilly2 | 28 | 8 months ago | |
| yaya | 269 | about 1 year ago | |
| YaYaGen | 62 | over 6 years ago | |
| Yeti | 1,766 | about 1 month ago | |
| yextend | 301 | over 2 years ago | |
| yaraZeekAlert | 60 | about 1 year ago | |
| yaraScanParser | 11 | over 3 years ago | |
Awesome YARA / Tools / yaraScanParser | |||
| Yara Scan Service | Parsing tool for 's JSON output file | ||
Awesome YARA / Tools | |||
| YARI | 88 | about 1 month ago | |
| YLS | 69 | about 1 month ago | |
| YMCA | 3 | almost 3 years ago | |
| Yobi | 48 | over 3 years ago | |
| statiStrings | 12 | over 3 years ago | |
Awesome YARA / Services | |||
| Hybrid Analysis YARA Search | |||
| InQuest Labs | |||
| Koodous | |||
| MalShare | |||
| MalwareConfig | |||
| YaraEditor (Web) | |||
| YARAify | |||
| Yara Scan Service | |||
Awesome YARA / Syntax Highlighters | |||
| language-yara | 25 | over 3 years ago | Atom: |
| yara-mode | 7 | over 2 years ago | Emacs: |
| GtkSourceView-YARA | 3 | over 4 years ago | GTK-based editors, like gedit and xed: |
| userDefinedLanguages | 606 | about 2 months ago | Notepad++: |
| YaraSyntax | 19 | about 2 years ago | Sublime Text: |
| vim-yara | 14 | almost 4 years ago | Vim: , |
| vscode-yara | 63 | about 1 year ago | Visual Studio Code: |
Awesome YARA / Videos and Talks | |||
| Finding Evil with YARA | |||
| SAS2018: Finding aliens, star weapons and ponies with YARA | |||
| Costin Raiu - Combining code similarity with Yara to find goodies | |||
| YARA Rule Processing Sessions - Florian Roth | |||
| Upping the APT hunting game: learn the best YARA practices from Kaspersky | |||
| Star-Gazing | Using a Full Galaxy of YARA Methods to Pursue an Apex Actor | By Greg Lesnewich | |||
| Lightweight Binary Similarity - YARA Using PE Features for Quick Wins | 4 | over 3 years ago | |
| DEF CON 26 - Andrea Marcelli - Looking for the perfect signature an automatic YARA rules | |||
Awesome YARA / Related Awesome Lists | |||
| Crawler | 6,530 | 7 months ago | |
| CVE PoC | 3,339 | about 3 years ago | |
| Forensics | 4,030 | about 1 month ago | |
| Hacking | 13,321 | 8 months ago | |
| HackwithGithub | 86,668 | 5 months ago | |
| Honeypots | 8,732 | 5 months ago | |
| Incident-Response | 7,728 | 6 months ago | |
| Infosec | 5,221 | 11 months ago | |
| IOCs | 817 | 3 months ago | |
| Malware Analysis | 12,073 | 7 months ago | |
| ML for Cyber Security | 7,311 | 5 months ago | |
| OSINT | 19,410 | about 1 month ago | |
| PCAP Tools | 3,143 | 9 months ago | |
| Pentesting | 22,116 | about 1 month ago | |
| Reversing | 4,105 | over 1 year ago | |
| Security | 12,563 | 6 months ago | |
| Static Analysis | 13,429 | about 1 month ago | |
| Threat Detection | 3,916 | 6 months ago | |
| Threat Intelligence | 8,211 | 5 months ago | |
hack-with-github/awesome-hacking
enaqx/awesome-pentest
sbilly/awesome-security
rshipp/awesome-malware-analysis
decalage2/awesome-security-hardening
cugu/awesome-forensics
0x4d31/awesome-threat-detection
0ex/more-awesome
netanmangal/awesome-hacking
virustotal/yara
citizenlab/malware-indicators
zbetcheckin/security_list
sigmahq/sigma
mandiant/capa
k-atc/peid
rust-leipzig/regex-performance
apr4h/cobaltstrikescan
zigrin-security/cakefuzzer
wkentaro/pytorch-fcn
bitwiseshiftleft/sjcl
arxsys/dff