Python bindings to the boreal YARA scanner
Project description
Python bindings for the boreal YARA scanner
The library allows using the boreal library to scan files and processes using YARA rules.
import boreal
scanner = boreal.compile(source="""
rule example {
meta:
description = "This is an YARA rule example"
date = "2022-11-11"
strings:
$s1 = { 78 6d 6c 68 74 74 70 2e 73 65 6e 64 28 29 }
$s2 = "tmp.dat" fullword wide
condition:
any of them
}
""");
results = scanner.match(data=b"<\0t\0m\0p\0.\0d\0a\0t\0>\0")
assert [rule.name for rule in results] == ["example"]
Description
This library can serve as a drop-in replacement of the YARA python library, while also providing improvements and saner default behavior.
-
Literal replacement to the yara library: replace
import yarawithimport borealand everything will work. -
Saner default behavior compared to the yara library: fast scanning enabled by default, proper hash implementations of python objects, use of the bytes type in some places to avoid losing information, etc.
-
100% compatibility with the yara library guaranteed if needed through a yara compatibility mode.
Yara compatibility
This library guarantees 100% compatibility with the YARA library: the whole API is entirely tested against both libraries to guarantee perfect compatibility.
However, a few differences are introduced in the default behavior of this library to ensure that this default behavior fixes some issues in the behavior of the yara library. Those changes are minimal, but can introduce breakage when replacing the yara library.
Therefore, you can either:
- Use the compatibility mode to ensure 100% compatibility with the yara library:
import boreal
boreal.set_config(yara_compatibility=True)
This guarantees that the yara library can be replaced and nothing will break. However, it also keeps alive a few issues in this library. It is therefore only recommended to enable this mode when replacing the yara library and wanting to ensure that nothing can break.
- Use boreal as is. This fixes a few issues while still providing almost entirely the same API.
This is recommended if using this library from scratch, or when all the uses of the yara library can be easily checked to ensure nothing will break.
For a description of all the differences that exists when the compatibility mode is not enabled, you can consult this documentation.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distributions
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file boreal_python-1.0.0.tar.gz.
File metadata
- Download URL: boreal_python-1.0.0.tar.gz
- Upload date:
- Size: 345.0 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: maturin/1.8.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
14de83ad8708064384a039770112bd522258503d0319e02c91b43340f7959f63
|
|
| MD5 |
8a6ad1716b7627c4abbd101f2e3ba11d
|
|
| BLAKE2b-256 |
cc1399d64b5d567fc80cd332ca6f1f13736584a5251e520038137bd54a5deafc
|
File details
Details for the file boreal_python-1.0.0-cp311-abi3-win_amd64.whl.
File metadata
- Download URL: boreal_python-1.0.0-cp311-abi3-win_amd64.whl
- Upload date:
- Size: 1.9 MB
- Tags: CPython 3.11+, Windows x86-64
- Uploaded using Trusted Publishing? No
- Uploaded via: maturin/1.8.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
1a4afdd83d8a150cdb4759275e0d974b09b83c0d79e1f793808a2774c766d602
|
|
| MD5 |
83fd09b078d173f906c7b9dd28d8e720
|
|
| BLAKE2b-256 |
07a90040425159167fa7cc682bda46867bc567e61121caadff0e98cdedfb5608
|
File details
Details for the file boreal_python-1.0.0-cp311-abi3-win32.whl.
File metadata
- Download URL: boreal_python-1.0.0-cp311-abi3-win32.whl
- Upload date:
- Size: 1.8 MB
- Tags: CPython 3.11+, Windows x86
- Uploaded using Trusted Publishing? No
- Uploaded via: maturin/1.8.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
86ed1bdd9b02a80f7a54bc5a866ddefa0c2ba93c1c5d1289946653a6d48827ec
|
|
| MD5 |
7331a7b882ca92b762269fd89cf58097
|
|
| BLAKE2b-256 |
271340dd5790781923ae8d8fc815c522bbbef527abcf850a0e771330576610bf
|
File details
Details for the file boreal_python-1.0.0-cp311-abi3-musllinux_1_2_x86_64.whl.
File metadata
- Download URL: boreal_python-1.0.0-cp311-abi3-musllinux_1_2_x86_64.whl
- Upload date:
- Size: 2.3 MB
- Tags: CPython 3.11+, musllinux: musl 1.2+ x86-64
- Uploaded using Trusted Publishing? No
- Uploaded via: maturin/1.8.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
0f354fbabcb742e8b0510ec4e12513b26064b1f01db85a1edfe050b26ef54ef8
|
|
| MD5 |
65e6f91b4dbfa3b07f1b76b1f9b951b6
|
|
| BLAKE2b-256 |
d64e10e23dd24064262f20826129c5480233ddc17bea6859fb9ee7ee0440fa9f
|
File details
Details for the file boreal_python-1.0.0-cp311-abi3-musllinux_1_2_i686.whl.
File metadata
- Download URL: boreal_python-1.0.0-cp311-abi3-musllinux_1_2_i686.whl
- Upload date:
- Size: 2.4 MB
- Tags: CPython 3.11+, musllinux: musl 1.2+ i686
- Uploaded using Trusted Publishing? No
- Uploaded via: maturin/1.8.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
b943d4becc1424a0e4fb9ca2360ef104177d3bab54e4c7c7de42a6dc8ee284f5
|
|
| MD5 |
554a11fbf3776a42a27f13a45bf2381b
|
|
| BLAKE2b-256 |
10786a8ec7193156980327a1b62c4a68d683f8ef7ec6873bb0807d8a607c995d
|
File details
Details for the file boreal_python-1.0.0-cp311-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.
File metadata
- Download URL: boreal_python-1.0.0-cp311-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
- Upload date:
- Size: 2.2 MB
- Tags: CPython 3.11+, manylinux: glibc 2.17+ x86-64
- Uploaded using Trusted Publishing? No
- Uploaded via: maturin/1.8.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
ab62d9961601ac6881577734c203919a2eded344757411f4c64c5181d1d82920
|
|
| MD5 |
5ad9936382a8cabbe9555ea453b1befa
|
|
| BLAKE2b-256 |
d056c017495ee33983d514239aec9597803cce053d641901d51664f313de40c4
|
File details
Details for the file boreal_python-1.0.0-cp311-abi3-manylinux_2_5_i686.manylinux1_i686.whl.
File metadata
- Download URL: boreal_python-1.0.0-cp311-abi3-manylinux_2_5_i686.manylinux1_i686.whl
- Upload date:
- Size: 2.4 MB
- Tags: CPython 3.11+, manylinux: glibc 2.5+ i686
- Uploaded using Trusted Publishing? No
- Uploaded via: maturin/1.8.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
1b19739acb97305e0c26c9b488fb75ba2dc3d04aa5e03f2c35d9812641654d71
|
|
| MD5 |
ad63c5d09587bf09c2054ac34a91f7da
|
|
| BLAKE2b-256 |
ba40c6d47c6e16eead4cc3ef7a489bb3739a9fe4989aba5877890d75a7d7fc14
|
File details
Details for the file boreal_python-1.0.0-cp311-abi3-macosx_11_0_arm64.whl.
File metadata
- Download URL: boreal_python-1.0.0-cp311-abi3-macosx_11_0_arm64.whl
- Upload date:
- Size: 1.9 MB
- Tags: CPython 3.11+, macOS 11.0+ ARM64
- Uploaded using Trusted Publishing? No
- Uploaded via: maturin/1.8.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
60192d37a72f7bf168cb54b1d5a1ea12bf8fd975c73c5880d17eb71cf04e3e25
|
|
| MD5 |
b20a5e91b94c1a2bd79d65e5407db1d5
|
|
| BLAKE2b-256 |
1d7113fc99dbcbbfadf0099ad1ae47092d564c4bb9562306d312a228e17a34c7
|
File details
Details for the file boreal_python-1.0.0-cp311-abi3-macosx_10_12_x86_64.whl.
File metadata
- Download URL: boreal_python-1.0.0-cp311-abi3-macosx_10_12_x86_64.whl
- Upload date:
- Size: 2.0 MB
- Tags: CPython 3.11+, macOS 10.12+ x86-64
- Uploaded using Trusted Publishing? No
- Uploaded via: maturin/1.8.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
81a0c894e4f40a92d719263bfda7be19517e2bb742c9f096c09237d2e0980320
|
|
| MD5 |
222318333bbb225f6728304a4506ce26
|
|
| BLAKE2b-256 |
e0d45ee6a2367e4bff461b2de972368d6ef63ac54a3aa96ffceaebffbce34347
|
