Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/DissectMalware/base64_substring

Generate a Yara rule to find base64-encoded files containg a specific keyword
https://github.com/DissectMalware/base64_substring

base64 python3 search-in-base64 yara yara-rule-generator

Last synced: 3 months ago
JSON representation

Generate a Yara rule to find base64-encoded files containg a specific keyword

Host: GitHub
URL: https://github.com/DissectMalware/base64_substring
Owner: DissectMalware
License: apache-2.0
Created: 2018-07-13T02:59:51.000Z (over 6 years ago)
Default Branch: master
Last Pushed: 2018-07-13T13:46:08.000Z (over 6 years ago)
Last Synced: 2024-05-02T03:49:34.632Z (6 months ago)
Topics: base64, python3, search-in-base64, yara, yara-rule-generator
Language: Python
Homepage:
Size: 11.7 KB
Stars: 40
Watchers: 6
Forks: 3
Open Issues: 1
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# About
Often malware analysts require to search through base64-encoded samples with a search term such as Application.Run. base64_substring helps them by enumerating all possible base64 encoding for a given search term and generating a yara rule that checks those possiblities.

# How to Run
Example: generating a yara rule that matches base64-encoded file containing *Application* term.
```
> python generate_yara_rule.py
> Please enter a rule name
MyRule
> Please enter a text
Application
```

# Further Reading
["Searching for Content in Base-64 Strings" by Lee Holmes](http://www.leeholmes.com/blog/2017/09/21/searching-for-content-in-base-64-strings/)