BinBot is a script designed to aggregate data from multiple *bin sources, and flexibly classify and sort that data using YARA rules.
By utilizing YARA pattern matching, BinBot is capable of:
- Detecting common indicators of malware
- Applying sets of regular expressions to documents
- Blacklisting documents that are not of interest
- Searching for keywords or phrases in documents
To add YARA rules, simply place the .yar or .yara file in yara_rules/general_rules
to be ran on text files or yara_rules/binary_rules to be ran on executable files.
Make sure to customize your blacklist.yar and keywords.yar file.
python3 BinBot.py <path to configuration file>
If no path is passed, binbot will run a manual setup.
- Binary rules found here and credited individually in the rule files.
- KindredSec's pastebin video was an inspiration for the base64 rules
- r/learnpython, as always
- Tweak implementation of binary rules to ensure customizability
- Fix bug with single URL documents (ix.io only?) causing bs4 decoding error
- Add fallbacks/error messages for documents returning NoneType