Didier Stevens

Tuesday 11 July 2017

Update: zipdump.py Version 0.0.10

Filed under: My Software,Update — Didier Stevens @ 19:17

I regularly use YARA rules with my tools. Option -y starts the YARA engine, and option –yarastrings gives an overview of the matched strings, like this:

But it’s too much information when I use regular expressions in my YARA rules to match, for example, XML elements.

I added option –yarastringsraw to zipdump to view just the matched string, and nothing else:

zipdump_v0_0_10.zip (https)
MD5: 71B2483D24C4258DD34406CC433A3AF0
SHA256: 1259ABC36FDC13A2738D9C38549AB95A83D5039190ADAF44590E07AF6785BF7A

Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply (comments are moderated)

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.

%d bloggers like this: