Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Excavate with yara matching rules doesn't emit a unique enough description #1937

Closed
aconite33 opened this issue Nov 8, 2024 · 2 comments
Closed
Assignees
Labels
bug Something isn't working

Comments

@aconite33
Copy link
Contributor

Describe the bug
When using yara rules, the excavate module doesn't generate a unique matching description which causes additional matches on different sites to be suppressed.

Expected behavior
Every unique yara rule match should emit a FINDING

BBOT Command
Example: bbot -m httpx -t example.com -cy yararule.txt

OS, BBOT Installation Method + Version
OS: Arch Linux, Installation method: pip, BBOT version: dev

Example Output

[FINDING]               {"description": "Custom Yara Rule [find_string] Matched via identifier [str1]", "host": "example.com", "path": "/", "url": "https://example.com/"}  httpx->excavate

Debug Message

[DBUG] _scan_ingress: Not forwarding FINDING("{'description': 'Custom Yara Rule [find_string] Matched via identifier [str1]', ...", module=excavate, tags=set()) because event was already emitted by its module
@aconite33
Copy link
Contributor Author

Fixed in: #1938

@TheTechromancer
Copy link
Collaborator

Fixed in #1969.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

2 participants