SkillAgent Search skills...⌘K

Yaramail

A Python package and command line utility for scanning emails with YARA rules

Generate Convert Improve

Install / Use

/learn @seanthegeek/Yaramail

About this skill

Quality Score

0/100

Category

Development & Engineering

Supported Platforms

Universal

Tags

email information-security infosec malware phishing security security-tools yara yara-scanner

README

<div align="center"> <img src="https://seanthegeek.github.io/yaramail/_static/yaramail-logo.png" alt="yaramail logo"> <h1 style=>yaramail</h1>

</div>

yaramail is a Python package and command line utility for scanning emails with YARA rules. It is ideal for automated triage of phishing reports.

CLI Demo

Features

Scans all parts of an email via API or CLI
- Headers
  - Removes header indents by default for consistent scanning
- Plain text and HTML body content
  - Converts body content to Markdown by default for consistent scanning
- Attachments
  - Raw file content
  - Emails attached to emails
  - PDF document text
  - ZIP file contents, including nested ZIP files
    - Uses message body content as a list of possible ZIP passwords
    - Customizable list of passwords to use when attempting to scan encrypted ZIP files
Provides a built-in methodology for categorizing emails
Parses Authentication-Results headers

seanthegeek

View profile

GitHub Stars21

CategoryDevelopment

Updated3mo ago

Forks4

seanthegeek/yaramail

Languages

Python

Security Score

92/100

Audited on Dec 25, 2025

No findings