FindYara – IDA Python Plugin To Scan Binary With Yara Rules

FindYara - IDA Python Plugin To Scan Binary With Yara Rules

Use this IDA python plugin to scan your binary with yara guidelines. All the yara rule matches will likely be listed with their offset so you’ll be able to shortly hop to them!
All credit score for this plugin and the code goes to David Berard (@p0ly)
This plugin is copied from David’s glorious findcrypt-yara plugin. This plugin simply extends his to make use of any yara rule.


  • Install yara-python
  • Copy to your IDA “plugins” listing

Watch the tutorial video!
Yara Rules With IDA Pro”>


Launch the plugin
The plugin may be launched from the menu utilizing Edit->Plugins->DiscoverYara. Or the plugin may be shortly launched utilizing the recent-key mixture ctl-alt-y.

Select a Yara file to scan with
When the plugin launches it is going to open a file choice dialogue field. You might want to use this to decide on the yara file that you just need to scan with.

View matches
All of the strings from the yara rule that match the binary will likely be displayed together with the match areas.


  • An enormous thanks to David Berard (@p0ly) – Follow him on GitHub here! This is usually his code and he will get all of the credit score for the unique plugin framework.
  • Also, hat tip to Alex Hanel @nullandnull – Follow him on GitHub here. Alex helped me type by how the IDC strategies are getting used. His IDA Python book is a unbelievable reference!!

Feedback / Help

  • Any questions, feedback, requests hit me up on twitter: @herrcore
  • Pull requests welcome!


Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.