Commits on Oct 2, 2024

1. Plugins: Yarascan + Vadyarascan Context …

   This attempts to address limitations with the current implementation
   of the `YaraScan` and `VadYaraScan` plugins that seriously impacts their
   usefulness in the CLI; namely, the inability to view user-defined context
   surrounding yara matches in a hexdump format.
   
   In the CLI, users must now enumerate yara hits with one of one the plugins,
   then copy information about the hit, such as the PID and offset, to
   another location, and re-read the data from the layer in which the match
   occurred within volshell, which is a laborious process.
   
   Within volshell, there is no publicly available API on either the
   `YaraScan` or `VadYaraScan` classes to enumerate hits and interact with
   those values programatically outside of constructing an instance of the
   plugin and retrieving values from the `TreeGrid` returned by the `run`
   method. In addition to the changes proposed here, we may want to
   consider providing classmethods for performing at least yara string
   searches without requiring users to manually update the configuration
   and construct the plugins via their constructors.

   

   dgmcdona committed Oct 2, 2024
   Configuration menu

   • View commit details
   • Copy full SHA for fbcda54
   • Browse repository at this point

   Copy the full SHA

   fbcda54 View commit details

   Browse the repository at this point in the history