Yara Based Detection Engine for web browsers

Overview

Yobi

Yara Based Detection for web browsers

System Requirements

Yobi requires python3 and and right now supports only firefox and other Gecko-based browsers.

Installation

Automatic Installation (Linux Only)

git clone https://github.com/imp0rtp3/Yobi/
cd Yobi/
chmod +x install.sh
./install.sh

Manual Installation

  1. Run:
git clone https://github.com/imp0rtp3/Yobi/
cd Yobi/
pip install -r requirements.txt
# Create certificate and key used for the WSS communicaitons
openssl req -x509 -batch -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes 
python3 setup_cert.py
  1. Open Firefox and type in the address bar https://127.0.0.1:8392. Click "Advanced"-> "Accept the Risk and Continue"
  2. open https://addons.mozilla.org/firefox/downloads/file/3831405/yobi-0.0.1-fx.xpi to install the Yobi add-on signed by mozilla.

Running

  1. run python3 main.py

YARA rules

YARA rules are fetched from a repository of JS rules I created: js-yara-rules. The repo consists of free JS rules I found on the internet and some I wrote myself. Feel free to create pull requests for additional rellevant rules. The repository can be changed in config.py

Additionally, you can add your own rules by setting USE_CUSTOM_RULES=True and CUSTOM_RULES_PATH to a path containing your yara rules in config.py.

Yobi's Inner Workings

Yobi is separated into two components - a browser extension and a python script. They communicate through WSS protocol. Self-signed certificates need to be created in order for the protocol to function. The alternative of using the unencrypted websocket protocol would allow anyone intercepting loopback traffic to intercept decrypted https content of the browsetr.

Why not run everything in the browser?

I am not aware of any maintained Yara engine able to run in the browser, through webassembly or JS.

Continuing Development

This version is still very basic and should serve as a prototype only. Please open issues and pull request for new features or bugs you encounter.

Contact and Feedback

Contact me via twitter - @imp0rtp3

Screenshots

Yobi alerts Dashboard

You might also like...
Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞利用功能
Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞利用功能

Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞利用功能

A web-app helping to create strong passwords that are easy to remember.
A web-app helping to create strong passwords that are easy to remember.

This is a simple Web-App that demonstrates a method of creating strong passwords that are still easy to remember. It also provides time estimates how long it would take an attacker to crack a password using the zxcvbn library developed by Dropbox.

WebScan is a web vulnerability Scanning tool, which scans sites for SQL injection and XSS vulnerabilities
WebScan is a web vulnerability Scanning tool, which scans sites for SQL injection and XSS vulnerabilities

WebScan is a web vulnerability Scanning tool, which scans sites for SQL injection and XSS vulnerabilities Which is a great tool for web pentesters. Coded in python3, CLI. WebScan is capable of scanning and detecting sql injection vulnerabilities across HTTP and HTTP sites.

 Subdomain enumeration,Web scraping and finding usernames automation script written in python
Subdomain enumeration,Web scraping and finding usernames automation script written in python

Subdomain enumeration,Web scraping and finding usernames automation script written in python

A simple Outline Server Access Key Copy and Paste Web Interface

Outline Keychain A simple Outline Server Access Key Copy and Paste Web Interface Developed for key and password export and copy & paste for other Shad

Web Headers Security Scanner
Web Headers Security Scanner

Web Headers Security Scanner

Kriecher is a simple Web Scanner which will run it's own checks for the OWASP

Kriecher is a simple Web Scanner which will run it's own checks for the OWASP top 10 https://owasp.org/www-project-top-ten/# as well as run a

Yet another web fuzzer
Yet another web fuzzer

yafuzz Yet another web fuzzer Usage This script can run in two modes of operation. Supplying a wordlist -W argument will initiate a multithreaded fuzz

Comments
  • accidentally created a web-based scanner

    accidentally created a web-based scanner

    Thanks for creating yobi, after some time I finally found a good usage example for libyara-wasm.

    As the license states and for others I will release the sourcecode of my own web-based scanner with modified code and a small set of my own rules.

    Bildschirmfoto 2021-09-04 um 23 03 30
    opened by DanielRuf 0
Releases(v0.1.1)
Owner
imp0rtp3
imp0rtp3
Simple yara rule manager

Yara Manager A simple program to manage your yara ruleset in a (sqlite) database. Todos Search rules and descriptions Cluster rules in rulesets Enforc

Nils Kuhnert 65 Nov 17, 2022
An experimental script to perform bulk parsing of arbitrary file features with YARA and console logging.

RonnieColemanYARAParser This script is named after Ronnie Coleman, and peforms bulk lifts on arbitary file features using YARA console logging. Requir

Steve 20 Dec 13, 2022
recover Firefox and more browsers logins

Browser Creds this script will recover saved browsers logins into txt files. It currently only support windows 10. currently support : Chrome Opera Fi

HugoLB 41 Nov 9, 2022
Yuyu Scanner is a Web Reconnaissance & Web Analysis Scanner to find assets and information about targets.

Yuyu Scanner Yuyu Scanner is a Web Reconnaissance & Web Analysis Scanner to find assets and information about targets. installation ! run as root

Justakazh 20 Nov 24, 2022
Privacy-respecting metasearch engine

Privacy-respecting, hackable metasearch engine / pronunciation səːks. If you are looking for running instances, ready to use, then visit searx.space.

Searx engine 12.4k Jan 8, 2023
JavaScript Raider is a coverage-guided JavaScript fuzzing framework designed for the v8 JavaScript engine

JavaScript Raider is a coverage-guided JavaScript fuzzing framework designed for the v8 JavaScript engine

null 105 Dec 5, 2022
Add a Web Server based on Rogue Mysql Server to allow remote user get

介绍 对于需要使用 Rogue Mysql Server 的漏洞来说,若想批量检测这种漏洞的话需要自备一个服务器。并且我常用的Rogue Mysql Server 脚本 不支持动态更改读取文件名、不支持远程用户访问读取结果、不支持批量化检测网站。于是乎萌生了这个小脚本的想法 Rogue-MySql-

null 6 May 17, 2022
DirBruter is a Python based CLI tool. It looks for hidden or existing directories/files using brute force method. It basically works by launching a dictionary based attack against a webserver and analyse its response.

DirBruter DirBruter is a Python based CLI tool. It looks for hidden or existing directories/files using brute force method. It basically works by laun

vijay sahu 12 Dec 17, 2022
A Static Analysis Tool for Detecting Security Vulnerabilities in Python Web Applications

This project is no longer maintained March 2020 Update: Please go see the amazing Pysa tutorial that should get you up to speed finding security vulne

null 2.1k Dec 25, 2022
SonicWALL SSL-VPN Web Server Vulnerable Exploit

SonicWALL SSL-VPN Web Server Vulnerable Exploit

null 44 Nov 15, 2022