{"id":13706232,"url":"https://github.com/imp0rtp3/Yobi","last_synced_at":"2025-05-05T20:30:26.572Z","repository":{"id":215854458,"uuid":"400149335","full_name":"imp0rtp3/Yobi","owner":"imp0rtp3","description":"Yara Based Detection Engine for web browsers","archived":false,"fork":false,"pushed_at":"2021-09-05T09:05:54.000Z","size":827,"stargazers_count":47,"open_issues_count":0,"forks_count":5,"subscribers_count":1,"default_branch":"main","last_synced_at":"2024-11-13T14:39:54.718Z","etag":null,"topics":["add-on","antivirus","dfir","firefox","javascript","malware","scanner","yara"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/imp0rtp3.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2021-08-26T11:47:29.000Z","updated_at":"2024-09-30T11:47:00.000Z","dependencies_parsed_at":"2024-01-07T02:02:29.893Z","dependency_job_id":"b6e257f0-dd11-4c17-8e5a-36bf7cff9166","html_url":"https://github.com/imp0rtp3/Yobi","commit_stats":null,"previous_names":["imp0rtp3/yobi"],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/imp0rtp3%2FYobi","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/imp0rtp3%2FYobi/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/imp0rtp3%2FYobi/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/imp0rtp3%2FYobi/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/imp0rtp3","download_url":"https://codeload.github.com/imp0rtp3/Yobi/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252570826,"owners_count":21769731,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["add-on","antivirus","dfir","firefox","javascript","malware","scanner","yara"],"created_at":"2024-08-02T22:00:53.372Z","updated_at":"2025-05-05T20:30:25.918Z","avatar_url":"https://github.com/imp0rtp3.png","language":"JavaScript","funding_links":[],"categories":["Tools"],"sub_categories":[],"readme":"# Yobi\n\n\u003cimg align=\"right\" src=\"https://raw.githubusercontent.com/imp0rtp3/Yobi/main/icons/icon128.png\" alt=\"drawing\" width=\"200\"/\u003e\n\n[\u003ch2\u003eInstall Yobi Here\u003c/h2\u003e](https://addons.mozilla.org/en-US/firefox/addon/yobi/)\n\n***Yara Based Detection for web browsers***\n\nYobi is a basic firefox extension which allows to run public or private YARA rules on all scripts and pages rendered by the browser.\nYobi saves files that trigger its rules and allows further inspection of them.\n\nYobi is completly serverless - no telemtry or other information is collected.\n\n## Manual Installation\n\n1. clone the repo.\n2. Go to `about:debugging` in firefox or other Gecko based browser, click \"This Firefox\"-\u003e Load Temporary Add on and select manifest.json.\n3. Done!\n\n## What can Yobi do?\n\n1. Capture any file requested by the web browser and identified as malicious by a YARA rule.\n2. Use custom YARA rules.\n3. Download the malicious files   (as zip, default password is \"infected\").\n4. Query the file hash in VirusTotal.\n\n\n## YARA rules\n\nYARA rules are fetched from a repository of JS rules I created: [js-yara-rules](https://github.com/imp0rtp3/js-yara-rules/). The repo consists of free JS rules I found on the internet and some I wrote myself. Feel free to create pull requests for additional rellevant rules. \n\nYou can change the yara rules the extension uses under Add-ons-\u003eYobi-\u003ePreferences\n\nRight now, YARA version 4.0.5 is used. libyara-wasm will be updated shortly and Yobi will then run the latest YARA verions.\n\n## Yobi's Inner Workings\n\n### Execution Flow\n\nYobi uses the Gecko `webrequests` feature `browser.webRequest.onBeforeRequest` which enables it to intercept any request and response. Yobi saves the buffer and forward it. The YARA rules run asynchronously to that and alert whether a match is found.\n\n\n### Dependencies\nYobi Depends on the following libraries:\n1. [libyara-wasm](https://github.com/mattnotmitt/libyara-wasm) - A porting of the whole YARA engine to wasm\n2. [SJCL](https://github.com/bitwiseshiftleft/sjcl) - JS encryption library used for calculating sha256.\n3. [jszip](https://github.com/Stuk/jszip) - A compact JS library to create zip files. used [PR 6969](https://github.com/Stuk/jszip/pull/696) that added the option to encrypt the archive.\n4. Bootstrap\n5. jQuery\n\n### Why doesn't Yobi block the malicious scripts?\n\nPreventing any script to run before running YARA rules on it would create a significant delay for the user.= \n\n## Continuing Development\n\nThis version is still very basic and should serve as a prototype only. Please open issues and pull request for new features or bugs you encounter.\n\n## Contact and Feedback\n\nContact me via twitter - [@imp0rtp3](https://twitter.com/imp0rtp3/)\n\n## Screenshots\n\n![Yobi alerts Dashboard Closed](https://raw.githubusercontent.com/imp0rtp3/Yobi/main/screens/scr1.png)\n\n![Yobi alerts Dashboard Opened](https://raw.githubusercontent.com/imp0rtp3/Yobi/main/screens/scr2.png)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fimp0rtp3%2FYobi","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fimp0rtp3%2FYobi","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fimp0rtp3%2FYobi/lists"}