http://open-source-security-software.net/project/yarGen/releases.atomRecent releases for yarGen2026-04-02T08:11:00.616644+00:00python-feedgenyarGen 0.17.0yarGen 0.17.02017-02-06T11:24:43+00:00# Database Download
The database files are not included in the repo anymore. Use "--update" to get the string and opcode databases or download them from the following URL and place them in a "./dbs" sub folder.
### Download URL
https://drive.google.com/drive/folders/0B2S_IOa0MiOHS0xmekR6VWRhZ28
# Multiple Database Support
yarGen now allows creating multiple databases for opcodes or strings. You can easily create a new database by using "-c" for new database creation and pass an identifier "-i identifier" e.g. "office". It will then create two new database files named "good-strings-office.db" and "good-opcodes-office.db" that will initialized during startup together with the built-in databases.
### Example
Create a new strings and opcodes database from an Office 2013 program directory:
```
yarGen.py -c --opcodes -i office -g /opt/packs/office2013
```
The analysis and string extraction process will create the following new databases in the "./dbs" sub folder.
```
good-strings-office.db
good-opcodes-office.db
```
You can then directly use them in the rule creation process because from version 0.17.0 on, all *.db files in the sub folder "./dbs" will be initialized during startup.
You can update the once created databases with the "-u" parameter
```
yarGen.py -u --opcodes -i office -g /opt/packs/office365
```
This would update the "office" databases with new strings extracted from files in the given directory.
2017-02-06T11:24:43+00:00yarGen 0.17.1yarGen 0.17.12017-02-22T10:44:13+00:00- Fixed some bugs with the '-i identifier' option
- Shows output on database merge (to spot merging bottlenecks during initialization)
- New prebuilt database locations on our servers
(New databases apply the new maximum opcode length and should produce much better results)
2017-02-22T10:44:13+00:00yarGen 0.18.0yarGen 0.18.02017-08-14T19:49:59+00:00- PE module integration (imphashes and exports)
- New database set (improved speed and lower memory usage)
- New db-lookup.py tool
- New regular expressions for better string extractions
- Easier manual post processing due to new lines in the conditions
- Code refactoring
Note:
The `exports` expression works fine with older versions of YARA that support the `pe` module. (tested with 3.5.0)
The `imphash` expression works fine with all YARA version 3.6 and higher.
Raw Version
Modified Version
DB Lookup Tool
DB Lookup Tool Examples
2017-08-14T19:49:59+00:00yarGen 0.23.1yarGen 0.23.12020-07-15T13:54:13+00:00- Ported to Python3
- Replaced pickle with json
- May still contain many bugs2020-07-15T13:54:13+00:00yarGen 0.23.2yarGen 0.23.22020-07-16T17:15:31+00:00- fix: unescaped `\` and `"` characters in rules2020-07-16T17:15:31+00:00yarGen 0.23.3yarGen 0.23.32020-07-27T10:35:44+00:00- bugfix in the processing of UTF16 encoded strings2020-07-27T10:35:44+00:00yarGen 0.23.4yarGen 0.23.42020-12-29T12:59:13+00:00- fix: broken super rule generation2020-12-29T12:59:13+00:00