I regularly use YARA rules with my tools. Option -y starts the YARA engine, and option –yarastrings gives an overview of the matched strings, like this:
But it’s too much information when I use regular expressions in my YARA rules to match, for example, XML elements.
I added option –yarastringsraw to zipdump to view just the matched string, and nothing else:
zipdump_v0_0_10.zip (https)
MD5: 71B2483D24C4258DD34406CC433A3AF0
SHA256: 1259ABC36FDC13A2738D9C38549AB95A83D5039190ADAF44590E07AF6785BF7A
Article Link: https://blog.didierstevens.com/2017/07/11/update-zipdump-py-version-0-0-10/