Skip to content

Workaround: Using yara to match pastes

Jump to bottom
Rico edited this page Sep 4, 2019 · 1 revision

Since there is no yara analyzer yet, you might still want to use it to match the content of pastes. Here is how you do that! First of all, install the package yara-python (GitHub Page) via pip. Then put the following in your pastepwn configuration file:

import yara
from pastepwn import PastePwn
from pastepwn.analyzers import GenericAnalyzer

rule = yara.compile(source='rule foo: bar {strings: $a = "lmn" condition: $a}')

def yara_matcher(paste):
    return rule.match(data=paste.body)

my_action = [...] # Create the action you want to execute

yara_analyzer = GenericAnalyzer(actions=my_action, match_func=yara_matcher)

pastepwn = PastePwn()
pastepwn.add_analyzer(yara_analyzer)

Introduction

  1. Analyzer Overview

Examples

  1. Templating
  2. Using YARA
  3. Sending pastes via Telegram

Setup

  1. MySQL Setup
  2. Running pastepwn with docker

Code Internals

  1. How does the code work?
Clone this wiki locally