Burp-Yara-Rules

##Description Yara rules to be used with the Burp Yara-Scanner extension

##Introduction Burp-Yara-Rules is a collection of Yara rules built from malicious code samples found on the Internet, in addition to Yara rules created by third-parties that identify malicious software commonly found hosted on websites.

The rules are intended to be used with the Burp Yara-Scanner extension found here: https://github.com/PolitoInc/Yara-Scanner. The goal being to identify infected web pages during a web application assessment.

##Usage Add the Yara-Scanner extension within Burp (follow the directions at the Yara-Scanner link above). Then use the all.yar rules file as it combines all rules in this repository into a single file.

##Additional Details The Yara rules in this repository were found by searching the Internet for rules that detect common exploit kits, as well as by running the YaraGenerator (https://github.com/Xen0ph0n/YaraGenerator/) against downloaded exploit kit samples. The rules look for:

Signs of infection in HTML code
Signs of infection in JavaScript code
Signs of infection in CSS code
Detection of infected JAR files
Detection of infected PDF files
Detection of infected SilverLight XAP files
Detection of infected Flash SWF files

Name		Name	Last commit message	Last commit date
Latest commit History 15 Commits
README.md		README.md
all.yar		all.yar
angler_ek_checkpoint.yar		angler_ek_checkpoint.yar
angler_ek_redirector.yar		angler_ek_redirector.yar
angler_flash.yar		angler_flash.yar
angler_flash2.yar		angler_flash2.yar
angler_flash4.yar		angler_flash4.yar
angler_flash5.yar		angler_flash5.yar
angler_flash_uncompressed.yar		angler_flash_uncompressed.yar
angler_html.yar		angler_html.yar
angler_html2.yar		angler_html2.yar
angler_jar.yar		angler_jar.yar
angler_js.yar		angler_js.yar
blackhole1_jar.yar		blackhole1_jar.yar
blackhole2_css.yar		blackhole2_css.yar
blackhole2_htm.yar		blackhole2_htm.yar
blackhole2_htm10.yar		blackhole2_htm10.yar
blackhole2_htm11.yar		blackhole2_htm11.yar
blackhole2_htm12.yar		blackhole2_htm12.yar
blackhole2_htm3.yar		blackhole2_htm3.yar
blackhole2_htm4.yar		blackhole2_htm4.yar
blackhole2_htm5.yar		blackhole2_htm5.yar
blackhole2_htm6.yar		blackhole2_htm6.yar
blackhole2_htm8.yar		blackhole2_htm8.yar
blackhole2_jar.yar		blackhole2_jar.yar
blackhole2_jar2.yar		blackhole2_jar2.yar
blackhole2_jar3.yar		blackhole2_jar3.yar
blackhole2_pdf.yar		blackhole2_pdf.yar
blackhole_basic.yar		blackhole_basic.yar
bleedinglife2_adobe_2010_1297_exploit.yar		bleedinglife2_adobe_2010_1297_exploit.yar
bleedinglife2_adobe_2010_2884_exploit.yar		bleedinglife2_adobe_2010_2884_exploit.yar
bleedinglife2_jar2.yar		bleedinglife2_jar2.yar
bleedinglife2_java_2010_0842_exploit.yar		bleedinglife2_java_2010_0842_exploit.yar
crimepack_jar.yar		crimepack_jar.yar
crimepack_jar3.yar		crimepack_jar3.yar
cve_2013_0074.yar		cve_2013_0074.yar
cve_2013_0422.yar		cve_2013_0422.yar
eleonore_jar.yar		eleonore_jar.yar
eleonore_jar2.yar		eleonore_jar2.yar
eleonore_jar3.yar		eleonore_jar3.yar
eleonore_js.yar		eleonore_js.yar
eleonore_js2.yar		eleonore_js2.yar
eleonore_js3.yar		eleonore_js3.yar
fragus_htm.yar		fragus_htm.yar
fragus_js.yar		fragus_js.yar
fragus_js2.yar		fragus_js2.yar
fragus_js_flash.yar		fragus_js_flash.yar
fragus_js_java.yar		fragus_js_java.yar
fragus_js_quicktime.yar		fragus_js_quicktime.yar
fragus_js_vml.yar		fragus_js_vml.yar
javascript_exploit_and_obfuscation.yar		javascript_exploit_and_obfuscation.yar
malicious_office.yar		malicious_office.yar
malicious_pdf.yar		malicious_pdf.yar
phoenix_html.yar		phoenix_html.yar
phoenix_html10.yar		phoenix_html10.yar
phoenix_html11.yar		phoenix_html11.yar
phoenix_html2.yar		phoenix_html2.yar
phoenix_html3.yar		phoenix_html3.yar
phoenix_html4.yar		phoenix_html4.yar
phoenix_html5.yar		phoenix_html5.yar
phoenix_html6.yar		phoenix_html6.yar
phoenix_html7.yar		phoenix_html7.yar
phoenix_html8.yar		phoenix_html8.yar
phoenix_html9.yar		phoenix_html9.yar
phoenix_jar.yar		phoenix_jar.yar
phoenix_jar2.yar		phoenix_jar2.yar
phoenix_jar3.yar		phoenix_jar3.yar
phoenix_pdf.yar		phoenix_pdf.yar
phoenix_pdf2.yar		phoenix_pdf2.yar
phoenix_pdf3.yar		phoenix_pdf3.yar
redkit_bin_basic.yar		redkit_bin_basic.yar
sakura_jar.yar		sakura_jar.yar
sakura_jar2.yar		sakura_jar2.yar
zeroaccess_css.yar		zeroaccess_css.yar
zeroaccess_css2.yar		zeroaccess_css2.yar
zeroaccess_htm.yar		zeroaccess_htm.yar
zeroaccess_js.yar		zeroaccess_js.yar
zeroaccess_js2.yar		zeroaccess_js2.yar
zeroaccess_js3.yar		zeroaccess_js3.yar
zeroaccess_js4.yar		zeroaccess_js4.yar
zerox88_js2.yar		zerox88_js2.yar
zerox88_js3.yar		zerox88_js3.yar
zeus_js.yar		zeus_js.yar

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

Burp-Yara-Rules

About

Uh oh!

Releases

Packages

Uh oh!

Contributors 2

Languages

codewatchorg/Burp-Yara-Rules

Folders and files

Latest commit

History

Repository files navigation

Burp-Yara-Rules

About

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Contributors 2

Languages

Packages