A package to build YARA rules using Python
Project description
yarabuilder
Python module to create Yara rules.
Installation
yarabuilder requires Python 3+
Install with pip locally
pip install .
Usage
>>> import yarabuilder
>>> yara_builder = yarabuilder.YaraBuilder()
>>>
>>> yara_builder.create_rule("my_rule")
>>> yara_builder.add_meta("my_rule", "description", "Generated by yarabuilder")
>>> yara_builder.add_import("my_rule", "pe")
>>> yara_builder.add_tag("my_rule", "yarabuilder")
>>> yara_builder.add_text_string("my_rule", "Anonymous string")
>>> yara_builder.add_text_string("my_rule", "Named string", name="str", modifiers=["ascii", "wide"])
>>> yara_builder.add_hex_string("my_rule", "DE AD BE EF")
>>> yara_builder.add_regex_string("my_rule", "regex[0-9]{2}")
>>> yara_builder.add_condition("my_rule", "any of them")
>>>
>>> rule = yara_builder.build_rules()
>>> print(rule)
import "pe"
rule my_rule : yarabuilder {
meta:
description = "Generated by yarabuilder"
strings:
$ = "Anonymous string"
$str = "Named string" ascii wide
$ = {DE AD BE EF}
$ = /regex[0-9]{2}/
condition:
any of them
}
>>>
TODO
- Add to PyPI
- Improve documentation
- Add the capability to add comments to YARA rules
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
yarabuilder-0.0.1.tar.gz
(8.1 kB
view hashes)
Built Distributions
yarabuilder-0.0.1-py3.8.egg
(17.2 kB
view hashes)
Close
Hashes for yarabuilder-0.0.1-py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 8941404cb613121817e15cbedb9f56d8431ec7e35183f31d0ef151988826fd94 |
|
| MD5 | dc2a320c5f10bee3827b3b55ca3326e1 |
|
| BLAKE2b-256 | 4b411e8de37354431ecb54ecb31b96594f90a259e16bd88c3bb49899bbb5b597 |
