https://github.com/janniskirschner/cutter-yara-plugin
Apply YARA rules to your Cutter projects.
https://github.com/janniskirschner/cutter-yara-plugin
Last synced: 8 months ago
JSON representation
Apply YARA rules to your Cutter projects.
- Host: GitHub
- URL: https://github.com/janniskirschner/cutter-yara-plugin
- Owner: JannisKirschner
- License: gpl-3.0
- Created: 2020-01-03T15:30:23.000Z (almost 6 years ago)
- Default Branch: master
- Last Pushed: 2020-01-07T18:36:47.000Z (almost 6 years ago)
- Last Synced: 2025-01-15T19:55:10.159Z (9 months ago)
- Language: YARA
- Size: 1.76 MB
- Stars: 16
- Watchers: 3
- Forks: 2
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Yara Cutter Plugin
## About
Extension to use [YARA](https://github.com/VirusTotal/yara) rules on [Cutter](https://github.com/radareorg/cutter) projects.
Simply paste your rule files in the "rules" directory to apply them at start.
## Installation
This plugin relies on [yara-python](https://github.com/VirusTotal/yara-python).
To make it work you need to install it into the cutter embedded python version.
- For windows systems you can run the provided powershell file. (Don't forget to edit the path!)
- For nix operating systems simply install yara-python, locate the files with ```pip show``` and copy the module files to the python directory of cutter.
- Now copy the cutter plugin files to the cutter plugin directory (on windows usually found at ```%USERPROFILE%\AppData\Roaming\RadareOrg\Cutter\plugins\python\```)
- Finally add some rules to the "rules" directory
### Example Usecases
- [Packer detection](https://github.com/Yara-Rules/rules/blob/master/Packers_index.yar)
Detect matching packers to replace tools like PEiD or DiE.
- [Malware attribution](https://github.com/Yara-Rules/rules/blob/master/malware_index.yar)
Detect known malware signatures.
- [Crypto detection](https://github.com/Yara-Rules/rules/blob/master/Crypto_index.yar)
Detect various crypto constants.