IRFuzz : Simple Scanner with Yara Rules!Kalilinuxtutorials

IRFuzz : Simple Scanner with Yara Rules

IRFuzz is a simple scanner with yara rules for document archives or any files.

Install

1. Prerequisites

Linux or OS X

Yara: just use the latest release source code, compile and install it (or install it via pip install yara-python)
Yara Rules – You may download yara rules from here or import your own custom ruleset.
Python dependencies

Dependencies are managed with pipenv. To get started install dependencies and activate virtual environment with following commands:

$ pipenv install
$ pipenv shell

Running IRFuzz – Watchd

Running IRFuzz

$ python -m watchd.watch ~/tools/IR/ -y rules/maldocs --csv csvfile.csv

Supported Features

Scans new files with inotify
Polling if inotify is not supported
Custom extensions are supported
Delete mode will delete matched file
Recursive directory scan
Lists matched Yara functions with yarastrings with ctime
CSV results for Filebeat

Custom Extensions

$ python -m watchd.watch ~/tools/IR/ -y rules/maldocs --csv csvfile.csv --extensions .zip,.rar

Alert Matching Yara Rule

Generate token from https://irfuzz.com/tokens

$ python -m watchd.watch ~/tools/IR/ -y rules/maldocs --csv csvfile.csv --extensions .php --token tokenhere

Configure alerts from the website to Telegram or your email.

Delete Matched File

$ python -m watchd.watch ~/tools/IR/ -y rules/maldocs --csv csvfile.csv --delete

Polling (Inotify Not Supported)

$ python -m watchd.watch ~/tools/IR/ -y rules/maldocs --csv csvfile.csv --polling

Adds –poll option to force the use of polling mechanism to detect changes in data directory. Polling is slower than the underlying mechanism in OS to detect changes but it’s necessary with certain file systems such as SMB mounts.

Default Extensions If No Extensions Are Mentioned
- Microsoft Office Word supported file formats
  - .doc .docm .docx .docx .dot .dotm .dotx .odt
- Microsoft Office Excel supported file formats
  - .ods .xla .xlam .xls .xls .xlsb .xlsm .xlsx .xlsx .xlt .xltm .xltx .xlw
- Microsoft Office PowerPoint supported file formats
  - .pot .potm .potx .ppa .ppam .pps .ppsm .ppsx .ppt .pptm .pptx .pptx .pptx
- zipdump.py
  - IRFuzz uses zipdump.py for zip file analysis.

Download

R K

Next Arcane : A Simple Script Designed To Backdoor iOS Packages »

Previous « Evine : Interactive CLI Web Crawler

Published by

R K

Tags: IRFuzzYARA

4 years ago

Ethical Hacking And Penetration Testing Tools – Harnessing Python For Robust Cybersecurity Solutions

This repository contains tools created by yogSahare0 while learning Python 3 for ethical hacking and penetration testing.…

1 day ago

Cyber security

SentinelEye – Automated Wireless Security Toolkit

"NetSecChallenger" provides a suite of automated tools designed for security professionals and network administrators to…

1 day ago

Cyber security

Autohack : Your Step-By-Step Guide To Installation And Setup

The essential tool for cybersecurity enthusiasts! This guide provides a detailed walkthrough on how to…

1 day ago

Cyber security

Poodone – A Comprehensive Toolkit For Cybersecurity Professionals

Meet "Poodone," the ultimate Python script designed for cybersecurity enthusiasts and professionals alike. Packed with…

2 days ago

Pentesting Tools

Unbekannt Framework – The Comprehensive Hacking And Pentesting Suite For Windows

The Linux version is no longer supported! The last Linux version is 6.0 that you…

2 days ago

Cyber security

Jin – Your Hacking CLI Toolkit

Jin is a hacking command-line tools designed to make your scan port, gathering urls, check…

2 days ago

Kali Linux Tutorials