Write, test and organize your Yara rules



  • Our rating
Sending
User Rating 5 (2 votes)
YaraEditor Web is a powerful website framework to write, test and organize your Yara rules. It features syntax highlighting, team collaboration features and publishing workflow.
IconDownload YaraEditor (Web)
AuthorAdlice Software
Version0.8
Download158
Category
File SizeUnknown
LicenseOpen Source
Operating SystemServer (needs PHP, MySQL)
Tags   automation     database     framework     malware     signatures     storage     test     yara  
 
SCREENSHOTS
 
DESCRIPTION and REVIEW

Yara has become a pretty popular standard in the Anti-malware industry to write signatures for malware detections. Many Anti-malware vendors, sandboxes vendors, HIPS vendors, CERTs or IT administrators are using rules to either detect malware based on the file, or to analyze network packets and trigger an alert when something malicious occurs.

Yara is a signature syntax and scanning engine, it's available with a library or a bunch of scripts. We, at Adlice Software, are specialized in making Yara easy and convenient to use. After a desktop application, we are now offering a full website framework to write, organize and test your rules directly from your browser.

YaraEditor is an OPEN SOURCE framework built to make your life easier in writing your rules (editor with syntax highlight), testing them (against files, strings, buffers) and sharing them. It was also built with the team collaboration in mind, with ability to leave comments on rules, have a validation workflow (soon) and publishing via API.

 

DEMO
We have released our own yara sharing platform. So if you want to test the framework, this is the best place to go for a live demo.

 

FEATURES

  • Self-hosted solution (PHP/Mysql server needed)
  • Can run on Synology NAS (with Web Station)
  • REST API (submit, delete, update, get), with API Key
  • Authentication with modified UserCake library
  • Users Rights management
  • Easy to customize, with only one config file to change
  • Files management (creation/edition/removal)
  • Files exports
  • Rules management (creation/edition/removal)
  • Rules viewer
  • Rules export
  • Rules import
  • Give a name on rules/files copy
  • Stats page
  • Search page (with magic field)
  • Permissions (contributor, publisher, ...)
  • History page
  • Recycle Bin
  • Syntax check (with yara pythong)
  • Rule test (with yara pythong)
  • Tests page (string -ANSI/UNICODE-, Hex strings, Files -local storage-)
  • User comments (with conversations)

 

ROADMAP

  • Publication workflow (draft, valid, published, ...)
  • Plugin: Aliases
  • MRF integration (test rules on files stored in MRF)

 

DOCUMENTATION

 
Download
FileAction
Source Code (github)Download