findcrypt-PYara
While analyzing a program, quite often we want to know if it uses any crypto algorithm. The idea behind this project is pretty simple: since almost all crypto algorithms use specific APIs, magic constants, strings, alphabets, etc. we will just look for these byte patterns in the file.
findcrypt is a well known plugin available also for
However, for performance and dependencies reasons it can also be implemented with Yara rules. This python script that wraps this ruleset which can help us in finding crypto stuff in programs.
Dependencies
pip3 install -r requirements.txt