Skip to content
master
Switch branches/tags
Code

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
Jun 29, 2013

yaraPCAP

Yara Scanner For IMAP Feeds and saved Streams

###What it does:

  • Reads a PCAP File and Extracts Http Streams.
  • gzip deflates any compressed streams
  • Scans every file with yara
  • writes a report.txt
  • optionally saves matching files to a Dir

###Usage

  • Simple report "python yaraPcap.py -r sampleReport.txt sample.yar sample.pcap"
  • Save Matching Files "python yaraPcap.py -s SampleDir sample.yar sample.pcap"

###Requirements

###ToDo

  • Save Report as XML
  • Add More Detail to the Report

About

Process HTTP Pcaps With YARA

Resources

Releases

No releases published

Packages

No packages published

Languages