Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Regexes to share? #1

Closed
0ut0fb0unds opened this issue Apr 19, 2017 · 1 comment
Closed

Regexes to share? #1

0ut0fb0unds opened this issue Apr 19, 2017 · 1 comment

Comments

@0ut0fb0unds
Copy link

Do you have any pre-built regexes to share?

I have malicious traffic (Rig EK) in Fiddler, when I click Run Regexes it says no malicious traffic has been found.

Looking at EKFiddle\Regexes\URLRegexes.txt and EKFiddle\Regexes\HeaderRegexes.txt both files are empty expect for the instructions at the top.
@malwareinfosec
Copy link
Owner

Hey, sorry for the long delayed reply!
I thought about including pre-built regexes but there were a few issues:

  • regexes are time sensitive, so unless they were very generic, you would want to regularly update them
  • some regexes are sensitive, as in not necessarily publicly shareable

Also, the purpose of this tool is to be a framework, not necessarily provide all the data. Same goes for the VPN feature... by default it won't work if you have no ovpn files. Should I provide VPN files? Again, this is the framework designed to give those options, but there's a lot of responsibilities if I started sharing ovpn files...

I may revisit this issue at some point... in the meantime, building your own regexes is easy... [Regex name] [tab] [regex].

Thanks for checking this project out!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@0ut0fb0unds @malwareinfosec