Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/kevthehermit/YaraPcap
Process HTTP Pcaps With YARA
https://github.com/kevthehermit/YaraPcap
Last synced: 2 months ago
JSON representation
Process HTTP Pcaps With YARA
- Host: GitHub
- URL: https://github.com/kevthehermit/YaraPcap
- Owner: kevthehermit
- Created: 2013-06-29T15:57:21.000Z (almost 11 years ago)
- Default Branch: master
- Last Pushed: 2013-07-29T20:11:40.000Z (almost 11 years ago)
- Last Synced: 2024-01-26T00:03:19.583Z (5 months ago)
- Language: Python
- Size: 117 KB
- Stars: 97
- Watchers: 11
- Forks: 28
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Lists
- awesome-yara - yaraPCAP
- awesome-yara-Resource - yaraPCAP
README
yaraPCAP
========
Yara Scanner For IMAP Feeds and saved Streams
###What it does:
- Reads a PCAP File and Extracts Http Streams.
- gzip deflates any compressed streams
- Scans every file with yara
- writes a report.txt
- optionally saves matching files to a Dir
###Usage
- Simple report
"python yaraPcap.py -r sampleReport.txt sample.yar sample.pcap"
- Save Matching Files
"python yaraPcap.py -s SampleDir sample.yar sample.pcap"
###Requirements
- Python
- Yara / PyYara
- TCPFlow 1.3 - https://github.com/simsong/tcpflow
- For windows edit the Script to point to your copy of the tcpflow binary. Line 29
###ToDo
- Save Report as XML
- Add More Detail to the Report