radare2-extras icon indicating copy to clipboard operation
radare2-extras copied to clipboard
verified publisher icon radareorg

Add some useful rules to yara

Open radare opened this issue 10 years ago • 1 comments

It would be nice to be able to have rules for:

  • hostnames
  • ipv4 and ipv6
  • credit-card numbers
  • emails

for credit cards we should cook some regexes compatible with libmagic from this: http://www.paypalobjects.com/en_US/vhelp/paypalmanager_help/credit_card_numbers.htm

Moved from https://github.com/radare/radare2/issues/1139

radare avatar Feb 23 '15 11:02 radare

In regards to credit card... There should also be a small validation that the number is indeed, "valid" according to the mathematical formula described here: http://www.freeformatter.com/credit-card-number-generator-validator.html

Else, the rule is going to fire so often (in corporate environments at least) that nobody will seriously consider using it. The false positive rate will be too high.

Vlurk avatar May 28 '15 20:05 Vlurk

r2yara has its own repository now.

sylvainpelissier avatar Oct 08 '23 08:10 sylvainpelissier