Process HTTP Pcaps With YARA
Switch branches/tags
Nothing to show
Clone or download
Latest commit 47bbb37 Jul 29, 2013
Permalink
Failed to load latest commit information.
.gitattributes First Commit Jun 29, 2013
.gitignore First Commit Jun 29, 2013
README.md Update README.md Jul 29, 2013
yaraPcap.py Fixed Reporting Method Jul 29, 2013

README.md

yaraPCAP

Yara Scanner For IMAP Feeds and saved Streams

###What it does:

  • Reads a PCAP File and Extracts Http Streams.
  • gzip deflates any compressed streams
  • Scans every file with yara
  • writes a report.txt
  • optionally saves matching files to a Dir

###Usage

  • Simple report "python yaraPcap.py -r sampleReport.txt sample.yar sample.pcap"
  • Save Matching Files "python yaraPcap.py -s SampleDir sample.yar sample.pcap"

###Requirements

###ToDo

  • Save Report as XML
  • Add More Detail to the Report