Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/DiabloHorn/yara4pentesters
rules to identify files containing juicy information like usernames, passwords etc
https://github.com/DiabloHorn/yara4pentesters
Last synced: about 12 hours ago
JSON representation
rules to identify files containing juicy information like usernames, passwords etc
- Host: GitHub
- URL: https://github.com/DiabloHorn/yara4pentesters
- Owner: DiabloHorn
- License: mit
- Created: 2017-12-24T18:34:36.000Z (almost 7 years ago)
- Default Branch: master
- Last Pushed: 2018-01-31T09:38:17.000Z (almost 7 years ago)
- Last Synced: 2024-08-03T22:16:14.692Z (3 months ago)
- Size: 11.7 KB
- Stars: 123
- Watchers: 15
- Forks: 20
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# yara4pentesters
rules to identify files containing juicy information like usernames, passwords etc
## requirements
* YARA
* https://virustotal.github.io/yara/
## searching for files
Remember that depending on the YARA version or operating system that you use, the syntax might vary slightly.
### recursive search
```
yara -r juicy_files.txt
```
### recursive search by tag
```
yara -t -r juicy_files.txt
```
### recursive search single rule
```
yara -i -r juicy_files.txt
```
## examples
```
~/Desktop/yara4pentesters$ yara -r juicy_files.txt ../y4p_files
shadow_file ../y4p_files/shadow
hive_file ../y4p_files/mysecurity
hive_file ../y4p_files/mysam
hive_file ../y4p_files/system
hive_file ../y4p_files/mysystem
ntds_file ../y4p_files/ntds.dit
~/Desktop/yara4pentesters$ yara -t linux -r juicy_files.txt ../y4p_files
shadow_file ../y4p_files/shadow
~/Desktop/yara4pentesters$ yara -i ntds_file -r juicy_files.txt ../y4p_files
ntds_file ../y4p_files/ntds.dit
```
## References
* https://www.cgsecurity.org/wiki/File_Formats_Recovered_By_PhotoRec