Hyara is plugin that provides convenience when writing yararule.
The plugin is currently undergoing a major revision!
- When you run Hyara, it docks itself to the right and docks the output window to the left.
- After specifying the address, press the
Makebutton to show the specified hexadecimal or strings as a result. - The results are saved in the table below when you click
Save. - If you double-click the table, you can clear the rule.
- You can modify the values to wildcards by right clicking after dragging.
Export Yara Rule- Exports the previously created yara rules.
Right Click- You can select either start address or end address. (IDA Pro, Cutter)
Comment Option- Annotates the instructions next to the condition rule(s).
Rich Headerandimphash- Adds rich header and imphash matching to the rule.
String option- This option extracts strings within the range specified.
-
IDA Pro
pip install -r requirements.txt
- copy
Hyara_IDA.py and hyara_lib folderto $ida_dir/plugins - Activate via Edit -> Plugins -> Hyara (or CTRL+SHIFT+Y)
- copy
-
BinaryNinja
- Just use the plugin manager!
- Activate via View -> Other Docks -> Show Hyara
- Windows
Check the python version installed in the cutter and install it.
C:\\Users\\User\\AppData\\Local\\Programs\\Python\\Python3X\\python.exe -m pip install -I -t $cutter_dir/python3X/site-packages -r requirements.txtcopy __init__.py, Hyara_Cutter.py and hyara_lib folder to $cutter_dir/plugins/python/Hyara
- Linux
cp -r /tmp/.mount_Cutter5o3a5G/usr /rootCheck the python version installed in the cutter and install it.
pip3.X install -I -t /root/usr/lib/python3.X/site-packages -r /root/Hyara/requirements.txt
./Cutter-v2.0.3-x64.Linux.AppImage --pythonhome /root/usrcopy __init__.py, Hyara_Cutter.py and hyara_lib folder to /root/.local/share/rizin/cutter/plugins/python/Hyara
Activate via Windows -> Plugins -> Hyara
Install Ghidrathon (Installation Guide) to use Hyara Plugin.
pip install PySide2 or pip install PySide6- Windows
copy Hyara_Ghidra.py and hyara_lib folder to C:\\Users\\User\\.ghidra\\.ghidra.X.X.X\\Extensions\\Ghidrathon-X.X.X\\data\\python\\
# Window -> Ghidrathon
import Hyara_Ghidra
Hyara_Ghidra.run()
- GUI-based
- Supports IDA, BinaryNinja, Cutter and Ghidra.
- YaraChecker
- Tests the yararule on the fly.
- YaraDetector
- Shows which part is detected in the sample loaded to disassembler, and when "Address" is clicked, it moves to the corresponding address on the disassembler view.
- YaraIcon
- Creates yara rules for icon resources embedded in the PE.
๐ค hyuunnn
- Github: @hyuunnn
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot]")
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent