Alternatives and similar repositories for go-yara:

Users that are interested in go-yara are comparing it to the libraries listed below

• malware-kitten / shellcode_hashes
  A collection of shellcode hashes
  ☆17Updated 6 years ago
• zom3y3 / ssdc
  ssdeep cluster analysis for malware files
  ☆31Updated 4 years ago
• EgeBalci / MapPE
  PE file mapping and manipulation package.
  ☆36Updated 2 years ago
• Velocidex / go-pe
  A Portable Executable parser for Golang
  ☆47Updated 3 weeks ago
• repnz / rpcmon
  RPC Monitor based on The ETW Microsoft-Windows-Rpc provider
  ☆24Updated 4 years ago
• 0xcpu / winsmsd
  Windows (ShadowMove) Socket Duplication
  ☆80Updated 4 years ago
• splunk / PPLinject
  Inject unsigned DLL into Protected Process Light (PPL)
  ☆19Updated last month
• Velocidex / oleparse
  Golang parser for OLE files
  ☆31Updated 7 months ago
• jonas-koeritz / amsi
  Golang wrapper for the Microsoft Antimalware Scan Interface (AMSI)
  ☆11Updated 2 years ago
• fkie-cad / yapscan
  Yapscan is a YAra based Process SCANner, aimed at giving more control about what to scan and giving detailed reports on matches.
  ☆61Updated last year
• OsandaMalith / WindowsInternals
  Experiments on the Windows Internals
  ☆30Updated 5 years ago
• malice-plugins / windows-defender
  Malice Windows Defender AntiVirus Plugin
  ☆38Updated last year
• EgeBalci / meterpreter
  Basic multi platform meterpreter loader module.
  ☆15Updated 4 years ago
• rtcrowley / Offensive-Netsh-Helper
  Maintain Windows Persistence with an evil Netshell Helper DLL
  ☆12Updated 6 years ago
• AzAgarampur / byeintegrity4-uac
  Bypass UAC by abusing the Windows Defender Firewall Control Panel, environment variables, and shell protocol handlers
  ☆17Updated 3 years ago
• thewhiteninja / yarasploit
  YaraSploit is a collection of Yara rules generated from Metasploit framework shellcodes.
  ☆43Updated last year
• DamonMohammadbagher / ETWNetMonv3
  ETWNetMonv3 is simple C# code for Monitoring TCP Network Connection via ETW & ETWProcessMon/2 is for Monitoring Process/Thread/Memory/Ima…
  ☆38Updated last year
• 0xhido / BlueLight
  Open-source EDR kernel-component for system monitoring and DLL injection
  ☆30Updated 4 years ago
• a7t0fwa7 / windows-ps-callbacks-experiments
  Files for http://deniable.org/windows/windows-callbacks
  ☆24Updated 4 years ago
• activeshadow / go-atomicredteam
  go-atomicredteam is a Golang application to execute tests as defined in the atomics folder of Red Canary's Atomic Red Team project (https…
  ☆48Updated last year
• n1ght-w0lf / Uchihash
  A small utility to deal with malware embedded hashes.
  ☆49Updated last year
• zlowram / gopart
  Package that provides different PE tricks to difficult the reverse engineering of your Windows applications.
  ☆11Updated 4 years ago
• 0xballistics / inject2pe
  inject or convert shellcode to PE
  ☆37Updated 5 years ago
• waleedassar / SyscallNumberFinder
  ☆33Updated 3 years ago
• hongson11698 / defender-database-extract
  defender_database
  ☆17Updated last year
• golang-devops / go-psexec
  The plan is to have a replacement for psexec
  ☆30Updated 6 years ago
• Synzack / Go-Syscall-Examples
  Simple PoCs for utilizing Windows syscalls in Go
  ☆15Updated 4 years ago
• hashlookup / hashlookup-gui
  Provides a multi-platform Graphical User Interface for hashlookup
  ☆12Updated 6 months ago
• V3ded / Blog-Lab
  Source files for my posts
  ☆15Updated last year
• synacktiv / AMSI-Bypass
  Lists of AMSI triggers (VBA, JScript / VBScript)
  ☆32Updated 5 years ago