CLI tool to manage your yara rules
Project description
Yara Manager
A simple program to manage your yara ruleset in a database. By default sqlite will be used, but using MySQL/MariaDB or Postgres is also possible.
Todos
- Implement backup and sharing possibilities
Installation
Install it using pip:
pip install yaramanager
Or grab one of the prebuilt binaries from the release page.
If you want to use other databases than SQLite, you need to install the specific extra dependencies:
pip install yaramanager[mysql]
pip install yaramanager[pgsql]
Configuration
Yara Manager creates a fresh config if none exists. If you update from an older version, please pay attention to freshly
added config options. You can reset you configuration using ym config reset, however, this
will also overwrite any custom changes you made.
## Editor
# editor contains the command used to start the editor. Note that this must be a list of the command and the needed
# parameters, e.g. `editor = ["codium", "-w"]`.
editor = [ "codium", "-w" ]
The most important configuration to change is probably your editor. The default configuration uses codium -w for
opening rules. You can use e.g. EDITOR=vim DISABLE_STATUS=1 ym config edit to open you config in Vim (and you can type
:wq to save your changes and quit :P). After changing the editor path, you are good to go! The following asciinema
shows how to quickly overwrite the editor set in the config:
# Databases
# A list of databases. Every database needs to define a driver and a path, such as
#
# [[yaramanager.db.databases]]
# driver = "sqlite"
# path = "/home/user/.config/yaramanager/data.db"
[[yaramanager.db.databases]]
driver = "sqlite"
path = "/home/3c7/.config/yaramanager/myrules.db"
If you want to use multiple databases (which is pretty useful if you use rules from different sources or with different classifications), you can add them to the config file, too.
In order to use MySQL/MariaDB or Postgres, you need to specify the specific database driver, e.g.:
[[yaramanager.db.databases]]
driver = "mysql+pymysql"
path = "user:password@127.0.0.1/database"
[[yaramanager.db.databases]]
driver = "postgresql+psycopg2"
path = "user:password@127.0.0.1/database"
Features
General usage
$ ym
Usage: ym [OPTIONS] COMMAND [ARGS]...
ym - yaramanager. Use the commands shown below to manage your yara
ruleset. By default, the manager uses codium as editor. You can change
that in the config file or using EDITOR environment variable. When using
editors in the console, you might want to disable the status display using
DISABLE_STATUS.
Options:
--help Show this message and exit.
Commands:
add Add a new rule to the database.
config Review and change yaramanager configuration.
db Manage your databases
del Delete a rule by its ID or name.
edit Edits a rule with your default editor.
export Export rules from the database.
get Get rules from the database.
help Displays help about commands
list Lists rules available in DB.
new Create a new rule using you preferred editor.
parse Parses rule files.
read Read rules from stdin.
ruleset Manage your rulesets
scan Scan files using your rulesets.
search Searches through your rules.
stats Prints stats about the database contents.
tags Show tags and the number of tagged rules
version Displays the current version.
Yara Manager Showcase
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for yaramanager-0.2.1-py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 8b19144de8f2d39bbde213d57f9411544024a7cec72871fe96195fa8b8efa2e6 |
|
| MD5 | 5d447db88dbccb93f630becfe5557238 |
|
| BLAKE2b-256 | b3d949dc0f13cfcdb804e528c77cf5b9b689635403a2d64fd03e111324609c44 |
