awesome-yara
YARA library
A curated collection of YARA rules and tools for malware analysis and threat detection.
A curated list of awesome YARA rules, tools, and people.
4k stars
175 watching
491 forks
last commit: 18 days ago
Linked from 9 awesome lists
awesomeawesome-listawesome-yaraiocmalware-analysismalware-detectionmalware-researchmalware-rulesthreat-huntingyarayara-manageryara-rulesyara-scanneryara-signatures
Awesome YARA / Guides | |||
| Yara Performance Guidelines | 126 | almost 2 years ago | |
| YARA-Style-Guide | 38 | 10 months ago | |
Awesome YARA / Rules | |||
| AlienVault Labs Rules | 512 | almost 3 years ago | |
Awesome YARA / Rules / AlienVault Labs Rules | |||
| AlienVault Labs | Collection of tools, signatures, and rules from the researchers at . Search the repo for .yar and .yara extensions to find about two dozen rules ranging from APT detection to generic sandbox / VM detection. Last updated in January of 2016 | ||
Awesome YARA / Rules | |||
| anyrun rules | 14 | 12 days ago | |
| Apple OSX | |||
| bartblaze YARA rules | 333 | 16 days ago | |
| BinaryAlert YARA Rules | 1,411 | 12 months ago | |
| Burp YARA Rules | 44 | almost 3 years ago | |
| BinSequencer | 74 | almost 3 years ago | |
| CAPE Rules | 2,026 | about 9 hours ago | |
| CDI Rules | 19 | about 1 year ago | |
Awesome YARA / Rules / CDI Rules | |||
| CyberDefenses | Collection of YARA rules released by for public use. Built from information in intelligence profiles, dossiers and file work | ||
Awesome YARA / Rules | |||
| Citizen Lab Malware Signatures | 134 | about 8 years ago | |
| ConventionEngine Rules | 37 | over 1 year ago | |
| Deadbits Rules | 42 | about 1 year ago | |
Awesome YARA / Rules / Deadbits Rules | |||
| Adam Swanda | A collection of YARA rules made public by , Splunk's Principal Threat Intel. Analyst, from his own recent malware research | ||
Awesome YARA / Rules | |||
| Delivr.to Detections | 61 | 5 days ago | |
| Didier Stevens Rules | 2,037 | 2 days ago | |
Awesome YARA / Rules / Didier Stevens Rules | |||
| NVISO Labs Blog | Collection of rules from Didier Stevens, author of a suite of tools for inspecting OLE/RTF/PDF. Didier's rules are worth scrutinizing and are generally written purposed towards hunting. New rules are frequently announced through the | ||
Awesome YARA / Rules | |||
| Ditekshen Rules | 211 | about 1 month ago | |
| Elastic Security YARA Rules | 1,068 | 1 day ago | |
| ESET IOCs | 1,685 | 6 days ago | |
Awesome YARA / Rules / ESET IOCs | |||
| ESET WeLiveSecurity Blog | Collection of YARA and Snort rules from IOCs collected by ESET researchers. There's about a dozen YARA Rules to glean from in this repo, search for file extension .yar. This repository is seemingly updated on a roughly monthly interval. New IOCs are often mentioned on the | ||
Awesome YARA / Rules | |||
| Fidelis Rules | |||
| Filescan.io Rules | 9 | 5 days ago | ✨ |
| FireEye | 2,652 | 9 months ago | |
| Florian Roth Rules | 2,499 | 15 days ago | |
| Florian Roth's IDDQD Rule | |||
| f0wl yara_rules | 10 | almost 3 years ago | |
Awesome YARA / Rules / f0wl yara_rules | |||
| https://dissectingmalwa.re/ | A collection of Yara rules from blog posts | ||
Awesome YARA / Rules | |||
| Frank Boldewin's Rules | 62 | over 1 year ago | |
Awesome YARA / Rules / Frank Boldewin's Rules | |||
| @r3c0nst | A collection of YARA Rules from | ||
Awesome YARA / Rules | |||
| FSF Rules | 289 | about 3 years ago | |
| GoDaddy ProcFilter Rules | 84 | over 7 years ago | |
| Google Cloud Threat Intelligence(GCTI) Rules | 529 | 12 months ago | |
| h3x2b Rules | 23 | 3 months ago | |
| HydraDragonAntivirus | 40 | 10 days ago | |
| Icewater Rules | 380 | over 5 years ago | |
| imp0rtp3's Rules | 18 | about 3 years ago | |
| Intezer Rules | 125 | about 3 years ago | |
| InQuest Rules | 365 | over 2 years ago | |
Awesome YARA / Rules / InQuest Rules | |||
| InQuest Blog | YARA rules published by InQuest researchers mostly geared towards threat hunting on Virus Total. Rules are updated as new samples are collected and novel pivots are discovered. The will often discuss new findings | ||
Awesome YARA / Rules | |||
| jeFF0Falltrades Rules | 29 | 2 months ago | |
| kevthehermit Rules | 52 | almost 9 years ago | |
| Loginsoft Rules | |||
| lw-yara | 102 | over 3 years ago | |
| ndaal_YARA_passwords_default | |||
| ndaal_YARA_passwords_weak | |||
| NCC Group Rules | 475 | almost 3 years ago | |
| MalGamy's YARA_Rules | 64 | almost 2 years ago | |
| Malice.IO YARA Plugin Rules | 30 | about 5 years ago | |
| Malpedia Auto Generated Rules | |||
| Malpedia Auto Generated Rules Repo | 114 | 22 days ago | |
| McAfee Advanced Threat Research IOCs | 79 | over 3 years ago | |
| McAfee Advanced Threat Research Yara-Rules | 571 | 12 months ago | |
| mikesxrs YARA Rules Collection | 334 | 8 months ago | |
| Public YARA Rules | 11 | over 5 years ago | |
| QuickSand Lite Rules | 126 | about 1 year ago | |
| Rapid7-Labs | 53 | 12 days ago | |
| Rastrea2r | 236 | over 3 years ago | |
| ReversingLabs YARA Rules | 773 | 6 days ago | |
| Securitymagic's YARA Rules | 11 | 12 months ago | |
| Sophos AI YaraML Rules | 211 | over 1 year ago | |
| SpiderLabs Rules | 244 | over 8 years ago | |
| StrangeRealIntel's Daily IOCs | 311 | 12 months ago | |
| t4d's PhishingKit-Yara-Rules | 204 | about 10 hours ago | |
| Telekom Security Malare Analysis Repository | 110 | 12 months ago | |
| Tenable Rules | 60 | about 2 years ago | |
| ThreatHunting-Keywords-yara-rules | 89 | 10 days ago | |
| TjadaNel Rules | 9 | over 5 years ago | |
| VectraThreatLab Rules | 19 | almost 9 years ago | |
| Volexity - Threat-Intel | 337 | 1 day ago | |
| x64dbg Signatures | 85 | over 5 years ago | |
| YAIDS | 22 | about 2 years ago | |
| YARA-FORENSICS | 135 | about 4 years ago | |
| YARA Forge | |||
| yara4pentesters | 124 | almost 7 years ago | |
| YaraRules Project Official Repo | 4,198 | 8 months ago | |
| Yara-Unprotect | 25 | about 4 years ago | |
Awesome YARA / Rules / Yara-Unprotect | |||
| Unprotect Project | |||
Awesome YARA / Tools | |||
| AirBnB BinaryAlert | 1,411 | 12 months ago | |
| alterix | 15 | 3 months ago | |
| androguard-yara | 6 | about 9 years ago | |
| a-ray-grass | 14 | over 2 years ago | |
Awesome YARA / Tools / a-ray-grass | |||
| hashlookup.io | YARA module that provides support for bloom filters in yara. In the context of , it allows to quickly discard known files before any further analysis | ||
Awesome YARA / Tools | |||
| Arya- The Reverse YARA | 240 | almost 2 years ago | |
| Audit Node Modules With YARA Rules | 20 | over 3 years ago | |
| AutoYara | 60 | over 3 years ago | |
| base64_substring | 40 | over 6 years ago | |
| bincapz | 458 | 1 day ago | |
| CAPE: Config And Payload Extraction | 2,026 | about 9 hours ago | |
| CCCS-Yara | 98 | 3 months ago | |
| clara | 32 | 7 months ago | |
| Cloudina Security Hawk | 22 | 3 months ago | |
| CrowdStrike Feed Management System | 129 | about 6 years ago | |
| CSE-CST AssemblyLine | |||
Awesome YARA / Tools / CSE-CST AssemblyLine | |||
| AssemblyLine | The Canadian Communications Security Establishment (CSE) open sourced , a platform for analyzing malicious files. The component linked here provides an interface to YARA | ||
Awesome YARA / Tools | |||
| decompressingyara | 7 | over 1 year ago | |
| dnYara | 38 | over 1 year ago | |
| ELAT | 29 | about 8 years ago | |
| Emerson File Scanning Framework (FSF) | 289 | about 3 years ago | |
| ExchangeFilter | 20 | over 3 years ago | |
| factual-rules-generator | 76 | almost 3 years ago | |
| Fadavvi YARA collection script | 26 | over 1 year ago | |
| FARA | 48 | 11 months ago | |
| Fastfinder | 233 | over 2 years ago | |
| findcrypt-yara | 1,363 | 14 days ago | and |
| Fibratus | |||
Awesome YARA / Tools / Fibratus | |||
| support for YARA | A modern tool for Windows kernel exploration and observability with a focus on security and | ||
Awesome YARA / Tools | |||
| Fnord | 296 | almost 3 years ago | |
| GoDaddy ProcFilter | 396 | almost 5 years ago | |
| GhidraYara | 1 | about 2 months ago | A Ghidra extension providing direct integration of YARA through an analyzer, as well as rule generation from code listings and management in the Ghidra UI. Supports an extensive library of cryptographic constants, CRC tables, etc |
| go-yara | 360 | 4 months ago | |
| halogen | 207 | over 2 years ago | |
| Hyara | 223 | about 2 months ago | |
| IDA_scripts | 12 | about 7 years ago | |
| ida_yara | 22 | about 6 years ago | |
| ida-yara-processor | 29 | almost 6 years ago | |
| InQuest ThreatKB | 96 | 6 months ago | |
| iocextract | 510 | 3 months ago | |
| Invoke-Yara | |||
| java2yara | 3 | over 2 years ago | |
| KLara | 697 | 4 months ago | |
| Laika BOSS | 741 | almost 2 years ago | |
Awesome YARA / Tools / Laika BOSS | |||
| Whitepaper | 741 | almost 2 years ago | |
Awesome YARA / Tools | |||
| libyara.NET | 51 | 4 months ago | |
| Malcat | |||
| MalConfScan | 485 | 12 months ago | |
| malscan | 12 | over 6 years ago | |
| Manalyzer Yara Validator | |||
| MISP Threat Sharing | 5,417 | about 18 hours ago | |
| MITRE MultiScanner | 616 | about 5 years ago | |
| mkYARA | 204 | about 3 years ago | |
| mquery | 414 | 1 day ago | |
| ndaal YARA ruleset checker | |||
Awesome YARA / Tools / Nextron Systems OSS and Commercial Tools (Florian Roth: @Neo23x0) | |||
| Loki | 3,407 | 8 days ago | IOC and YARA rule scanner implemented in Python. Open source and free |
| THOR Lite | IOC and YARA rule scanner implemented in Go. Closed source, free, but registration required | ||
Awesome YARA / Tools | |||
| node-yara | 13 | over 3 years ago | |
| ocaml-yara | 5 | 4 months ago | |
| OCYara | 40 | about 6 years ago | |
| osquery | |||
| PasteHunter | 1,067 | 6 months ago | |
| plast | 17 | over 4 years ago | |
| plyara | 174 | 5 months ago | |
| Polichombr | 375 | almost 6 years ago | |
| PwC Cyber Threat Operations rtfsig | 29 | 10 months ago | |
| VirusTotalTools | 35 | almost 7 years ago | |
| shotgunyara | 9 | over 2 years ago | |
| spyre | 164 | 12 days ago | |
| static_file_analysis | 49 | about 1 year ago | |
| stoQ | 393 | over 2 years ago | |
| Strelka | 884 | 7 days ago | |
| Sysmon EDR | 218 | over 3 years ago | |
| SwishDbgExt | 373 | almost 6 years ago | |
| ThreatIngestor | 832 | 10 months ago | |
| UXProtect | |||
| VTCodeSimilarity-YaraGen | 96 | about 4 years ago | |
Awesome YARA / Tools / VTCodeSimilarity-YaraGen | |||
| @arieljt | Yara rule generator using VirusTotal code similarity feature written by | ||
Awesome YARA / Tools | |||
| Vxsig | 259 | 10 months ago | |
| yabin | 157 | about 2 years ago | |
| yaml2yara | 22 | almost 5 years ago | |
| YARA-CI | |||
| yaradbg-backend | 24 | 11 months ago | |
| yaradbg-frontend | 37 | 10 months ago | |
| yara-endpoint | 104 | over 6 years ago | |
| YaraFileCheckerLib | 2 | almost 3 years ago | |
| YaraGenerator | 332 | almost 9 years ago | |
| YaraGen | 35 | over 7 years ago | and |
| YaraGuardian | 190 | over 6 years ago | |
| YaraHunter | 1,270 | 18 days ago | |
| yara-java | 2 | about 2 months ago | |
Awesome YARA / Tools / yara-java | |||
| old bindings | 23 | 6 months ago | Java bindings for YARA (Subreption fork, maintained as of 2024, ) |
Awesome YARA / Tools | |||
| yaralyzer | 107 | 8 months ago | |
| yaramail | |||
| yaraMail | 28 | about 5 years ago | |
| Yara Malware Quick menu scanner | 35 | over 8 years ago | |
| YaraManager | 57 | over 4 years ago | |
| Yaramanager | 65 | almost 2 years ago | ( ) |
| yaramod | 120 | 10 days ago | |
| yarAnalyzer | 361 | almost 2 years ago | |
| yara-ocaml | 11 | almost 5 years ago | |
| yara-parser | 82 | almost 2 years ago | |
| yaraparser | 8 | over 4 years ago | |
| yaraPCAP | 101 | over 11 years ago | |
| yara-procdump-python | 11 | about 7 years ago | |
| yara-rust | 77 | 2 months ago | |
| yara-signator | 156 | about 2 years ago | |
| YARA-sort | 12 | about 15 hours ago | |
Awesome YARA / Tools / YARA-sort | |||
| blog | Aggregate files into collections basd on YARA rules | ||
Awesome YARA / Tools | |||
| Yara Python ICAP Server | 57 | about 3 years ago | |
| yarasafe | 100 | almost 5 years ago | |
| Yara-Scanner | 46 | over 8 years ago | |
| yarascanner | 27 | over 7 years ago | |
| YaraSharp | 36 | almost 3 years ago | |
| Yara Toolkit | |||
| YaraStation | 36 | almost 3 years ago | |
| yara_tools | 72 | almost 6 years ago | |
| Yara-Validator | 39 | about 4 years ago | |
| yaraVT | 5 | almost 7 years ago | |
| yara_zip_module | 13 | about 2 years ago | |
| yarg | 25 | over 4 years ago | |
| yarGen | 1,560 | 6 months ago | |
| Yara Scanner | 18 | almost 2 years ago | |
| Yarasilly2 | 28 | 6 months ago | |
| yaya | 268 | 11 months ago | |
| YaYaGen | 62 | about 6 years ago | |
| Yeti | 1,758 | about 18 hours ago | |
| yextend | 301 | over 2 years ago | |
| yaraZeekAlert | 60 | 12 months ago | |
| yaraScanParser | 11 | over 3 years ago | |
Awesome YARA / Tools / yaraScanParser | |||
| Yara Scan Service | Parsing tool for 's JSON output file | ||
Awesome YARA / Tools | |||
| YARI | 88 | 22 days ago | |
| YLS | 68 | 5 days ago | |
| YMCA | 3 | almost 3 years ago | |
| Yobi | 48 | about 3 years ago | |
| statiStrings | 12 | over 3 years ago | |
Awesome YARA / Services | |||
| Hybrid Analysis YARA Search | |||
| InQuest Labs | |||
| Koodous | |||
| MalShare | |||
| MalwareConfig | |||
| YaraEditor (Web) | |||
| YARAify | |||
| Yara Scan Service | |||
Awesome YARA / Syntax Highlighters | |||
| language-yara | 25 | about 3 years ago | Atom: |
| yara-mode | 7 | over 2 years ago | Emacs: |
| GtkSourceView-YARA | 3 | over 4 years ago | GTK-based editors, like gedit and xed: |
| userDefinedLanguages | 601 | about 19 hours ago | Notepad++: |
| YaraSyntax | 19 | about 2 years ago | Sublime Text: |
| vim-yara | 14 | almost 4 years ago | Vim: , |
| vscode-yara | 63 | 11 months ago | Visual Studio Code: |
Awesome YARA / Videos and Talks | |||
| Finding Evil with YARA | |||
| SAS2018: Finding aliens, star weapons and ponies with YARA | |||
| Costin Raiu - Combining code similarity with Yara to find goodies | |||
| YARA Rule Processing Sessions - Florian Roth | |||
| Upping the APT hunting game: learn the best YARA practices from Kaspersky | |||
| Star-Gazing | Using a Full Galaxy of YARA Methods to Pursue an Apex Actor | By Greg Lesnewich | |||
| Lightweight Binary Similarity - YARA Using PE Features for Quick Wins | 4 | about 3 years ago | |
| DEF CON 26 - Andrea Marcelli - Looking for the perfect signature an automatic YARA rules | |||
Awesome YARA / Related Awesome Lists | |||
| Crawler | 6,506 | 6 months ago | |
| CVE PoC | 3,331 | almost 3 years ago | |
| Forensics | 4,013 | 23 days ago | |
| Hacking | 13,244 | 6 months ago | |
| HackwithGithub | 86,146 | 3 months ago | |
| Honeypots | 8,707 | 4 months ago | |
| Incident-Response | 7,699 | 5 months ago | |
| Infosec | 5,213 | 9 months ago | |
| IOCs | 811 | about 2 months ago | |
| Malware Analysis | 12,029 | 6 months ago | |
| ML for Cyber Security | 7,285 | 4 months ago | |
| OSINT | 19,231 | 8 days ago | |
| PCAP Tools | 3,133 | 7 months ago | |
| Pentesting | 22,015 | about 1 month ago | |
| Reversing | 4,087 | over 1 year ago | |
| Security | 12,514 | 4 months ago | |
| Static Analysis | 13,400 | 15 days ago | |
| Threat Detection | 3,877 | 5 months ago | |
| Threat Intelligence | 8,180 | 4 months ago | |
hack-with-github/awesome-hacking
enaqx/awesome-pentest
sbilly/awesome-security
rshipp/awesome-malware-analysis
decalage2/awesome-security-hardening
cugu/awesome-forensics
0x4d31/awesome-threat-detection
0ex/more-awesome
netanmangal/awesome-hacking
virustotal/yara
citizenlab/malware-indicators
zbetcheckin/security_list
sigmahq/sigma
mandiant/capa
k-atc/peid
rust-leipzig/regex-performance
apr4h/cobaltstrikescan
zigrin-security/cakefuzzer
wkentaro/pytorch-fcn
bitwiseshiftleft/sjcl
arxsys/dff