Process HTTP Pcaps With YARA
Python
Latest commit 47bbb37 Jul 30, 2013 @kevthehermit Update README.md
Permalink
Failed to load latest commit information.
.gitattributes First Commit Jun 29, 2013
.gitignore
README.md
yaraPcap.py Fixed Reporting Method Jul 29, 2013

README.md

yaraPCAP

Yara Scanner For IMAP Feeds and saved Streams

What it does:

  • Reads a PCAP File and Extracts Http Streams.
  • gzip deflates any compressed streams
  • Scans every file with yara
  • writes a report.txt
  • optionally saves matching files to a Dir

Usage

  • Simple report "python yaraPcap.py -r sampleReport.txt sample.yar sample.pcap"
  • Save Matching Files "python yaraPcap.py -s SampleDir sample.yar sample.pcap"

Requirements

ToDo

  • Save Report as XML
  • Add More Detail to the Report