Python bindings to the boreal YARA scanner

Project description

Python bindings for the boreal YARA scanner

The library allows using the boreal library to scan files and processes using YARA rules.

import boreal

scanner = boreal.compile(source="""
rule example {
    meta:
        description = "This is an YARA rule example"
        date = "2022-11-11"
    strings:
        $s1 = { 78 6d 6c 68 74 74 70 2e 73 65 6e 64 28 29 }
        $s2 = "tmp.dat" fullword wide
    condition:
        any of them
}
""");

results = scanner.match(data=b"<\0t\0m\0p\0.\0d\0a\0t\0>\0")
assert [rule.name for rule in results] == ["example"]

Description

This library can serve as a drop-in replacement of the YARA python library, while also providing improvements and saner default behavior.

Literal replacement to the yara library: replace import yara with import boreal and everything will work.
Saner default behavior compared to the yara library: fast scanning enabled by default, proper hash implementations of python objects, use of the bytes type in some places to avoid losing information, etc.
100% compatibility with the yara library guaranteed if needed through a yara compatibility mode.

This library is fully compatible with free-threaded python.

Yara compatibility

This library guarantees 100% compatibility with the YARA library: the whole API is entirely tested against both libraries to guarantee perfect compatibility.

However, a few differences are introduced in the default behavior of this library to ensure that this default behavior fixes some issues in the behavior of the yara library. Those changes are minimal, but can introduce breakage when replacing the yara library.

Therefore, you can either:

Use the compatibility mode to ensure 100% compatibility with the yara library:

import boreal

boreal.set_config(yara_compatibility=True)

This guarantees that the yara library can be replaced and nothing will break. However, it also keeps alive a few issues in this library. It is therefore only recommended to enable this mode when replacing the yara library and wanting to ensure that nothing can break.

Use boreal as is. This fixes a few issues while still providing almost entirely the same API.

This is recommended if using this library from scratch, or when all the uses of the yara library can be easily checked to ensure nothing will break.

For a description of all the differences that exists when the compatibility mode is not enabled, you can consult this documentation.

Project details

Release history Release notifications | RSS feed

This version

1.1.0

Nov 23, 2025

1.0.0

May 17, 2025

0.1.0

May 15, 2025

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

boreal_python-1.1.0.tar.gz (361.0 kB view details)

Uploaded Nov 23, 2025 Source

Built Distributions

If you're not sure about the file name format, learn more about wheel file names.

The dropdown lists show the available interpreters, ABIs, and platforms. Enable javascript to be able to filter the list of wheel files.

boreal_python-1.1.0-pp311-pypy311_pp73-musllinux_1_2_x86_64.whl (2.4 MB view details)

Uploaded Nov 23, 2025 PyPymusllinux: musl 1.2+ x86-64

boreal_python-1.1.0-pp311-pypy311_pp73-musllinux_1_2_i686.whl (2.4 MB view details)

Uploaded Nov 23, 2025 PyPymusllinux: musl 1.2+ i686

boreal_python-1.1.0-cp314-cp314t-musllinux_1_2_x86_64.whl (2.4 MB view details)

Uploaded Nov 23, 2025 CPython 3.14tmusllinux: musl 1.2+ x86-64

boreal_python-1.1.0-cp314-cp314t-musllinux_1_2_i686.whl (2.4 MB view details)

Uploaded Nov 23, 2025 CPython 3.14tmusllinux: musl 1.2+ i686

boreal_python-1.1.0-cp313-cp313t-musllinux_1_2_x86_64.whl (2.4 MB view details)

Uploaded Nov 23, 2025 CPython 3.13tmusllinux: musl 1.2+ x86-64

boreal_python-1.1.0-cp313-cp313t-musllinux_1_2_i686.whl (2.4 MB view details)

Uploaded Nov 23, 2025 CPython 3.13tmusllinux: musl 1.2+ i686

boreal_python-1.1.0-cp311-abi3-win_amd64.whl (2.0 MB view details)

Uploaded Nov 23, 2025 CPython 3.11+Windows x86-64

boreal_python-1.1.0-cp311-abi3-win32.whl (1.8 MB view details)

Uploaded Nov 23, 2025 CPython 3.11+Windows x86

boreal_python-1.1.0-cp311-abi3-musllinux_1_2_x86_64.whl (2.4 MB view details)

Uploaded Nov 23, 2025 CPython 3.11+musllinux: musl 1.2+ x86-64

boreal_python-1.1.0-cp311-abi3-musllinux_1_2_i686.whl (2.5 MB view details)

Uploaded Nov 23, 2025 CPython 3.11+musllinux: musl 1.2+ i686

boreal_python-1.1.0-cp311-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (2.2 MB view details)

Uploaded Nov 23, 2025 CPython 3.11+manylinux: glibc 2.17+ x86-64

boreal_python-1.1.0-cp311-abi3-manylinux_2_5_i686.manylinux1_i686.whl (2.4 MB view details)

Uploaded Nov 23, 2025 CPython 3.11+manylinux: glibc 2.5+ i686

boreal_python-1.1.0-cp311-abi3-macosx_11_0_arm64.whl (1.9 MB view details)

Uploaded Nov 23, 2025 CPython 3.11+macOS 11.0+ ARM64

boreal_python-1.1.0-cp311-abi3-macosx_10_12_x86_64.whl (2.1 MB view details)

Uploaded Nov 23, 2025 CPython 3.11+macOS 10.12+ x86-64

File details

Details for the file boreal_python-1.1.0.tar.gz.

File metadata

Download URL: boreal_python-1.1.0.tar.gz
Upload date: Nov 23, 2025
Size: 361.0 kB
Tags: Source
Uploaded using Trusted Publishing? No
Uploaded via: maturin/1.10.2

File hashes

Hashes for boreal_python-1.1.0.tar.gz
Algorithm	Hash digest
SHA256	`93739315a1867ef6dd3619e0bbbe494ac7729bf36e1d187a37617fb6861965c6`
MD5	`2db8289e0973d89adc0be6e9ad796636`
BLAKE2b-256	`de93e147eb6b228cd488fb8b389ac7d4244838e46c72251abe1a3e72d005f859`

Algorithm	Hash digest
SHA256	`3c7d651c9f25884f4e3966a2ab5609c8b67b1a0d26f74ed8b07b2dba3b2c055d`
MD5	`4ece3be0b9f09c4c7b1f490401cd64f3`
BLAKE2b-256	`a958f7f7be2e3c8173bd452801fb429e5482fecf8167e7b3456d41bf5bde2e46`

Algorithm	Hash digest
SHA256	`4e4ef466eeec6469aaf10166920af09efad1c99d5d5677dc034fca91c584fba0`
MD5	`878e0a38c8ebb24fdd0718c2879c1d79`
BLAKE2b-256	`7f3163d19eed7e6465ab99726b198280a0a547e8a9d912e67ca9355205a9a034`

Algorithm	Hash digest
SHA256	`b7ff672351c9bdce099729b4e0d7a3d629854b896a92ebed4ef8020d144815ab`
MD5	`8ed8d35c357a27f8cc485268cd42abac`
BLAKE2b-256	`acb0c43e3311b852c5d6dc150ac4a03d3c127fc28a52141ec37ad06c48b19a5d`

Algorithm	Hash digest
SHA256	`e31eb202eb58c05ac8887a824077087ff35f7b879f475a171d88dec9102d22b2`
MD5	`221b4efdf26c27e283ae0ef14e857a72`
BLAKE2b-256	`7eed622be633eeafe1e229d1c166d982d31a42ddf0a406b2d02ae08b5384cc79`

Algorithm	Hash digest
SHA256	`3198c8539c3f6d4306903cc3b95ad709a3d80a7eccf2eb6f5dabb360834dde11`
MD5	`ed03831030a46c1f7a36169af0b577eb`
BLAKE2b-256	`266d72e369f8ed639c1d1c1e2e5123223e3cef4143ae50a5be5169c4fa347010`

Algorithm	Hash digest
SHA256	`ecb4c9fae307a413eb8bbdaa164149b6becbf3e28d2b28fc6d1bf2f45f64dc55`
MD5	`e4ef3b842180c692b8bec9ae07f8f2f6`
BLAKE2b-256	`90acd8c7f6b54449d120780dd39ab40b7f5bc80558bc3a8ef6f855fb8b3b5443`

Algorithm	Hash digest
SHA256	`0484f35347792174bc7254d9425da9ced365afead05ee8406bfe70fd4273655c`
MD5	`e131c4a1ae40fb438cc5ec24208a468e`
BLAKE2b-256	`f6b648bac35cf120cbaa43cc4a0028bfdd828f0cc1fac162bbd58aa27c805bf7`

Algorithm	Hash digest
SHA256	`5b36f4df7a0ea6b661b9390bcc31c167a987c736fc7f937ad14c2e0b1285eb90`
MD5	`a1e74d453dc1a2542d803b39cc9bea1e`
BLAKE2b-256	`abec06ce6ef97457969c211c76e0a4cf49f0b86656962ee0c1de284145e1610b`

Algorithm	Hash digest
SHA256	`b26be097af8d7d2bb9e2220a374ea65635a94e143a5c596ea51558a7a73d66da`
MD5	`930a24f28e20d70e4aca9902fdf8ab8b`
BLAKE2b-256	`fd4edc290c196d85c52c75fabe505d6491edcfb0522837806a081a1560415ce6`

Algorithm	Hash digest
SHA256	`fa9d365f73acfc4da060b09f345739ead5b9572b81f7b71370df7cb32246b09e`
MD5	`440d916c60ee906f396f3aef3e88264f`
BLAKE2b-256	`47f6fad94a6ce451482dd85f557d543de1cc866809e965d0db7ddcbdbc57d314`

Algorithm	Hash digest
SHA256	`9ce9cb5447247165460a6792d3fa8b496ddb944a1379eec777a32c4af89ea9e8`
MD5	`973b38f7cec78a6f8b5c02180259a148`
BLAKE2b-256	`303455f362e8421224fa21d5a40e44a8e112693ac716790478d4046f6b7e8a6a`

Algorithm	Hash digest
SHA256	`cc3d5ba96b4a6cdebf64a05152ac88af3ae3eb4219e210b3c697e4882e4f51bd`
MD5	`82e67a4a5c159a103a3196a69dad1975`
BLAKE2b-256	`2b27ca3b0ae23328483304baf83ffe87ee43d9d2b149c9e3dd148c8a2efc5d55`

Algorithm	Hash digest
SHA256	`ba2204675d1d34104ac8ee4be95508ed24adfb461b9cd13bf1ad85735f58dac9`
MD5	`5a9a00374425195af2fd6dc011437b77`
BLAKE2b-256	`6789441c0051d6578c7ff2e3ba63d8c67c67138e41d10d8ab3d67827d26e0efa`

Algorithm	Hash digest
SHA256	`65542dcc7d3d84c22ce8334c5cafa24d1e77b78c23e33dbd811782bcff080a65`
MD5	`fc6783f3d0e1936f461a3e31886fcfe7`
BLAKE2b-256	`e2a3f19150dd2c02e9bf8f76b332622d19961340906fbcf98cf81d7ce349b017`

boreal-python 1.1.0

Navigation

Verified details

Maintainers

Unverified details

Project links

Meta

Project description

Python bindings for the boreal YARA scanner

Description

Yara compatibility

Project details

Verified details

Maintainers

Unverified details

Project links

Meta

Release history Release notifications | RSS feed

Download files

Source Distribution

Built Distributions

File details

File metadata

File hashes

File details

File metadata

File hashes

File details

File metadata

File hashes

File details

File metadata

File hashes

File details

File metadata

File hashes

File details

File metadata

File hashes

File details

File metadata

File hashes

File details

File metadata

File hashes

File details

File metadata

File hashes

File details

File metadata

File hashes

File details

File metadata

File hashes

File details

File metadata

File hashes

File details

File metadata

File hashes

File details

File metadata

File hashes

File details

File metadata

File hashes