An experimental script to perform bulk parsing of arbitrary file features with YARA and console logging

This script is named after Ronnie Coleman, and peforms bulk lifts on arbitary file features using YARA console logging.

Requirements

Notes

This was really designed for me to bulk build an on-demand table for file features I wanted, and to see the values I specified using YARA’s own technology. This allows me to quickly view, stack, organize the “surface area” of a file so I can turn around with the ones I want and create YARA rules. This is a terrible script and bad python, does basically no input checking and no error handling, so beware that it will get jacked up if you try to do crazy things.

• Start with PE features, things from modules, and top-level (non array) things that are easily parsed

   

   

   

  To finish reading, please visit source site