Add yara.py.

ghidraninja · Mar 7, 2019 · 5959fd7 · 5959fd7
1 parent 2c5d753
commit 5959fd7
Show file tree

Hide file tree

Showing 5 changed files with 1,516 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -10,3 +10,13 @@ In the Ghidra Script Manager click the "Script Directories" icon in the toolbar
 Runs binwalk on the current program and bookmarks the findings. Requires binwalk to be in `$PATH`.
 
 ![Example result: SHA256 constants found by binwalk.](images/binwalk.png)
+
+## yara.py
+
+Automatically find crypto constants in the loaded program - allows to very quickly identify crypto code.
+
+![Example result: ]
+
+Runs yara with the patterns found in yara-crypto.yar on the current program. The Yara rules are licensed under GPLv2. In addition @phoul's SHA256 rule was added.
+
+Requires `yara` to be in `$PATH`.
diff --git a/ghidra_ninja_helpers.py b/ghidra_ninja_helpers.py
@@ -0,0 +1,12 @@
+# Tools and workarounds for the Ghidra Ninja scripts.
+#@author Thomas Roth code@stacksmashing.net
+#@category Ghidra Ninja
+#@keybinding 
+#@menupath 
+#@toolbar 
+
+import os
+
+# Workaround for __file__ not being available in the script
+# (We need to get the path of the script to find the Yara rules)
+PATH = os.path.dirname(__file__)
diff --git a/images/yara.png b/images/yara.png