Skip to content

Easily scan with multiple yara rules from different sources.

License

Notifications You must be signed in to change notification settings

malwarefrank/yararules-python

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Scan files and directories with multiple rules files, without cross-file rule name collision!

Files containing rules can be provided on the command-line, as a list in one or more text files, as a directory containing (just) rules files, or in a config dir. Each option (-d -f -l) can be provided multiple times.

Default output is space-separated RULE NAME, RULE FILE, and MATCH FILE. Use CSV option for comma-separated values.

Installation

pip install .

Usage

usage: yara-multi-rules.py [-h] [-d SIGDIRS] [-f SIGFILES] [-l LISTFILES] [-v]
                           [--csv] [-m] [--quiet] [--init]
                           [--config-dir CONFIGDIR] [--fail-on-warnings]
                           FILE [FILE ...]

positional arguments:
  FILE                  file(s) to scan

optional arguments:
  -h, --help            show this help message and exit
  -d SIGDIRS            Directory containing rules
  -f SIGFILES           rule file (allowed multiple times for list)
  -l LISTFILES          file containing path to rule files, one per line
  -v                    verbose output
  --csv                 output in CSV format
  -m                    only show matches
  --quiet, -q           only display match/none, no informational messages
  --init                Create a blank config (default: ~/.yara/)
  --config-dir CONFIGDIR
                        Use/create configuration in given directory.
  --fail-on-warnings    Error on warnings during rule compilation

Copyright

Copyright (c) 2018-2020, The MITRE Corporation. All rights reserved.

Approved for Public Release; Distribution Unlimited. Case Number 18-0989

About

Easily scan with multiple yara rules from different sources.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Python 100.0%