Findyara - Ida Python Plugin To Scan Binary Amongst Yara Rules

Use this IDA python plugin to scan your binary amongst yara rules. All the yara dominion matches volition travel listed amongst their outset too thence you lot tin speedily hop to them!
All credit for this plugin too the code goes to David Berard (@p0ly)
This plugin is copied from David's first-class findcrypt-yara plugin. This plugin merely extends his to purpose whatsoever yara rule.

Installation

Watch the tutorial video!
Yara Rules With IDA Pro">


Usage

Launch the plugin
The plugin tin travel launched from the bill of fare using Edit->Plugins->FindYara. Or the plugin tin travel speedily launched using the hot-key combination ctl-alt-y.


Select a Yara file to scan with
When the plugin launches it volition opened upwards a file choice dialogue box. You volition involve to purpose this to direct the yara file that you lot desire to scan with.


View matches
All of the strings from the yara dominion that stand upwards for the binary volition travel displayed along amongst the stand upwards for locations.


Acknowledgments
  • A huge give cheers you lot to David Berard (@p0ly) - Follow him on GitHub here! This is by too large his code too he gets all the credit for the original plugin framework.
  • Also, chapeau tip to Alex Hanel @nullandnull - Follow him on GitHub here. Alex helped me form through how the IDC methods are beingness used. His IDA Python book is a fantastic reference!!

Feedback / Help
  • Any questions, comments, requests striking me upwards on twitter: @herrcore
  • Pull requests welcome!