{"id":13705946,"url":"https://github.com/hyuunnn/Hyara","last_synced_at":"2025-05-05T17:31:18.964Z","repository":{"id":37878932,"uuid":"138730348","full_name":"hyuunnn/Hyara","owner":"hyuunnn","description":"Yara rule making tool (IDA Pro \u0026 Binary Ninja \u0026 Cutter \u0026 Ghidra Plugin)","archived":false,"fork":false,"pushed_at":"2024-10-18T14:27:33.000Z","size":8639,"stargazers_count":223,"open_issues_count":9,"forks_count":42,"subscribers_count":11,"default_branch":"master","last_synced_at":"2024-11-13T13:39:19.169Z","etag":null,"topics":["binaryninja","binaryninja-plugin","cutter","cutter-plugin","ghidra","ghidra-extension","ghidra-plugin","ida","ida-plugin","ida-pro","idapro","idapython","idapython-plugin","yara","yara-rules"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/hyuunnn.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2018-06-26T11:47:13.000Z","updated_at":"2024-10-18T18:46:49.000Z","dependencies_parsed_at":"2023-01-17T17:15:56.229Z","dependency_job_id":"eaaf9feb-1467-4f4d-8e89-186eec19b394","html_url":"https://github.com/hyuunnn/Hyara","commit_stats":null,"previous_names":[],"tags_count":5,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hyuunnn%2FHyara","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hyuunnn%2FHyara/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hyuunnn%2FHyara/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hyuunnn%2FHyara/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/hyuunnn","download_url":"https://codeload.github.com/hyuunnn/Hyara/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252542252,"owners_count":21764934,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["binaryninja","binaryninja-plugin","cutter","cutter-plugin","ghidra","ghidra-extension","ghidra-plugin","ida","ida-plugin","ida-pro","idapro","idapython","idapython-plugin","yara","yara-rules"],"created_at":"2024-08-02T22:00:50.091Z","updated_at":"2025-05-05T17:31:17.069Z","avatar_url":"https://github.com/hyuunnn.png","language":"Python","funding_links":[],"categories":["Tools","\u003ca id=\"02088f4884be6c9effb0f1e9a3795e58\"\u003e\u003c/a\u003e签名(FLIRT等)\u0026\u0026比较(Diff)\u0026\u0026匹配"],"sub_categories":["\u003ca id=\"46c9dfc585ae59fe5e6f7ddf542fb31a\"\u003e\u003c/a\u003eYara"],"readme":"# Hyara\n\n![Version](https://img.shields.io/badge/version-2.3-blue.svg?cacheSeconds=2592000)\n\n![](https://github.com/hyuunnn/Hyara/blob/master/images/Hyara.gif?raw=true)\n\n\u003e Hyara is plugin that provides convenience when writing yararule.\n\u003e \n\u003e The plugin is currently undergoing a major revision!\n\n- [Demo video](https://youtu.be/zgL4BkQJZ-w)\n\n- [IDA Plugin Contest 2018](https://hex-rays.com/contests_details/contest2018/#Hyara)\n\n- [Hyara - Generator for YARA Rules (KOR)](https://github.com/hyuunnn/slides/blob/main/Hyara%20-%20Generator%20for%20YARA%20Rules.pdf) - 2018. 09. 16\n\n## Instructions\n\n### Start Screen and Options\n\n- When you run Hyara, it docks itself to the right and docks the output window to the left.\n- After specifying the address, press the `Make` button to show the specified hexadecimal or strings as a result.\n- The results are saved in the table below when you click `Save`.\n- If you double-click the table, you can clear the rule.\n- You can modify the values to wildcards by right clicking after dragging.\n\n![](https://github.com/hyuunnn/Hyara/blob/master/images/wildcard_0.png?raw=true)\n\n- `Export Yara Rule`\n  - Exports the previously created yara rules.\n\n![](https://github.com/hyuunnn/Hyara/blob/master/images/Hyara_1.png?raw=true)\n\n\n- `Right Click`\n  - You can select either start address or end address. (IDA Pro, Cutter)\n\n![](https://github.com/hyuunnn/Hyara/blob/master/images/Hyara_7.png?raw=true)\n  \n- `Comment Option`\n  - Annotates the instructions next to the condition rule(s).\n- `Rich Header` and `imphash`\n  - Adds rich header and imphash matching to the rule.\n- `String option`\n  - This option extracts strings within the range specified.\n\n![](https://github.com/hyuunnn/Hyara/blob/master/images/Hyara_3.png?raw=true)\n![](https://github.com/hyuunnn/Hyara/blob/master/images/cutter_1.png?raw=true)\n\n## Installation\n\n### IDA Pro \u0026 BinaryNinja\n\n- IDA Pro\n  ```bash\n  pip install -r requirements.txt\n  ```\n  - copy ``Hyara_IDA.py and hyara_lib folder`` to $ida_dir/plugins\n  - Activate via Edit -\u003e Plugins -\u003e Hyara (or CTRL+SHIFT+Y)\n\n- BinaryNinja\n  - Just use the plugin manager!\n  - Activate via View -\u003e Other Docks -\u003e Show Hyara\n\n### Cutter\n\n- Windows\n\nCheck the python version installed in the cutter and install it.\n\n![](https://github.com/hyuunnn/Hyara/blob/master/images/cutter_0.png?raw=true)\n\n```bash\nC:\\\\Users\\\\User\\\\AppData\\\\Local\\\\Programs\\\\Python\\\\Python3X\\\\python.exe -m pip install -I -t $cutter_dir/python3X/site-packages -r requirements.txt\n```\n\ncopy ``__init__.py, Hyara_Cutter.py and hyara_lib folder`` to $cutter_dir/plugins/python/Hyara\n\n- Linux\n\n![](https://github.com/hyuunnn/Hyara/blob/master/images/cutter_install__1.png?raw=true)\n\n```bash\ncp -r /tmp/.mount_Cutter5o3a5G/usr /root\n```\n\nCheck the python version installed in the cutter and install it.\n\n![](https://github.com/hyuunnn/Hyara/blob/master/images/cutter_01.png?raw=true)\n\n```bash\npip3.X install -I -t /root/usr/lib/python3.X/site-packages -r /root/Hyara/requirements.txt\n./Cutter-v2.0.3-x64.Linux.AppImage --pythonhome /root/usr\n```\n\ncopy ``__init__.py, Hyara_Cutter.py and hyara_lib folder`` to /root/.local/share/rizin/cutter/plugins/python/Hyara\n\nActivate via Windows -\u003e Plugins -\u003e Hyara\n\n![](https://github.com/hyuunnn/Hyara/blob/master/images/cutter__0.png?raw=true)\n\n### Ghidra (WIP)\n\nInstall \u003ca href=\"https://github.com/mandiant/Ghidrathon\"\u003eGhidrathon\u003c/a\u003e (\u003ca href=\"https://youtu.be/Aatbqf6lcjU\"\u003eInstallation Guide\u003c/a\u003e) to use Hyara Plugin.\n\n```bash\npip install PySide2 or pip install PySide6\n```\n\n- Windows\n\ncopy ``Hyara_Ghidra.py and hyara_lib folder`` to ``C:\\\\Users\\\\User\\\\.ghidra\\\\.ghidra.X.X.X\\\\Extensions\\\\Ghidrathon-X.X.X\\\\data\\\\python\\\\``\n\n```python\n# Window -\u003e Ghidrathon\nimport Hyara_Ghidra\nHyara_Ghidra.run()\n```\n\n![](https://github.com/hyuunnn/Hyara/blob/master/images/ghidra_0.png?raw=true)\n\n\n## Features\n\n- GUI-based\n- Supports IDA, BinaryNinja, Cutter and Ghidra.\n- YaraChecker\n  - Tests the yararule on the fly.\n  - ![](https://github.com/hyuunnn/Hyara/blob/master/images/Hyara_4.png?raw=true)\n- YaraDetector\n  - Shows which part is detected in the sample loaded to disassembler, and when \"Address\" is clicked, it moves to the corresponding address on the disassembler view.\n  - ![](https://github.com/hyuunnn/Hyara/blob/master/images/Hyara_5.png?raw=true)\n- YaraIcon\n  - Creates yara rules for icon resources embedded in the PE.\n  - ![](https://github.com/hyuunnn/Hyara/blob/master/images/Hyara_6.png?raw=true)\n\n## Author\n\n👤 **hyuunnn**\n\n* Github: [@hyuunnn](https://github.com/hyuunnn)\n\n### Special Thanks\n\n* Twitter: \u003ca href=\"https://twitter.com/kjkwak12\"\u003ekjkwak12\u003c/a\u003e\n* Github: \u003ca href=\"https://github.com/gaasedelen\"\u003egaasedelen\u003c/a\u003e - \u003ca href=\"https://github.com/hyuunnn/Hyara/blob/master/hyara_lib/integration/bn_hyara/binaryninja_api.py#L9\"\u003eLink\u003c/a\u003e\n* Github: \u003ca href=\"https://github.com/ITAYC0HEN\"\u003eITAYC0HEN\u003c/a\u003e - \u003ca href=\"https://github.com/hyuunnn/Hyara/pull/14\"\u003eLink\u003c/a\u003e\n* Github: \u003ca href=\"https://github.com/psifertex\"\u003epsifertex\u003c/a\u003e - \u003ca href=\"https://github.com/hyuunnn/Hyara/pull/18\"\u003eLink\u003c/a\u003e\n\n## Link\n\n* \u003ca href=\"https://twitter.com/cyb3rops/status/1024208220989140992\"\u003eFlorian Roth's Twitter\u003c/a\u003e\n* \u003ca href=\"https://danielplohmann.github.io/blog/2024/03/08/malpediaflossed.html\"\u003eMalpediaFLOSSed\u003c/a\u003e - \u003ca href=\"https://twitter.com/push_pnx/status/1766045950173200513\"\u003eTwitter\u003c/a\u003e\n* \u003ca href=\"https://cocacoding.com/papers/Automatic_Generation_of_code_based_YARA_Signatures.pdf\"\u003eAutomatic Generation of code-based YARA-Signatures\u003c/a\u003e\n* \u003ca href=\"https://www.cocacoding.com/papers/Improving_YARA-Signator_for_effective_Generation_of_code-based_YARA-Signatures.pdf\"\u003eImproving YARA-Signator for effective Generation of code-based YARA-Signatures\u003c/a\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhyuunnn%2FHyara","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhyuunnn%2FHyara","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhyuunnn%2FHyara/lists"}