Overhaul YARA regex - Githubissues

InQuest / iocextract

Defanged Indicator of Compromise (IOC) Extractor.

GNU General Public License v2.0

505 stars 91 forks source link

Closed rshipp closed 5 years ago

rshipp commented 5 years ago

Fixes #27.

Include "import", "include", comments, and scopes in YARA extraction, and correct a bunch of edge cases not handled in the original regex.
Remove the re.sub call, since it didn't seem to be doing anything at all.