Process HTTP Pcaps With YARA
Switch branches/tags
Nothing to show
Clone or download
Latest commit 47bbb37 Jul 29, 2013
Failed to load latest commit information.
.gitattributes First Commit Jun 29, 2013
.gitignore First Commit Jun 29, 2013 Update Jul 29, 2013 Fixed Reporting Method Jul 29, 2013


Yara Scanner For IMAP Feeds and saved Streams

###What it does:

  • Reads a PCAP File and Extracts Http Streams.
  • gzip deflates any compressed streams
  • Scans every file with yara
  • writes a report.txt
  • optionally saves matching files to a Dir


  • Simple report "python -r sampleReport.txt sample.yar sample.pcap"
  • Save Matching Files "python -s SampleDir sample.yar sample.pcap"



  • Save Report as XML
  • Add More Detail to the Report