decompressingyara

command module

v0.0.0-...-d38b06b Latest Latest Go to latest Published: Apr 24, 2023 License: Apache-2.0 Imports: 11 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

README ¶

Decompressing Yara: For when your malware samples are stored compressed, but you still want to run rules against them.

Currently supports:

GZip
BZip2
LZMA (XZ)

Modules used:

Go-Yara: https://github.com/hillu/go-yara
XZ: https://github.com/ulikunitz/xz

Motivation: I've had to test Yara rules with malware which was compressed, but also on different systems, which may or may not have Yara installed. Maybe it was an older version of Yara. I've compiled the project statically against libyara, making my sysadmin life easier. Since it was useful to me, maybe someone else would benefit. Currently it only runs a rule file against a directory of files.

Future thoughts:

Files in archives, such as Zip and Tar.
Support for password-protected Zip and 7z files, and testing the usual passwords against them.

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

decompressingyara.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL