{"id":47444132,"url":"https://github.com/bad-antics/YARAJulia.jl","last_synced_at":"2026-04-06T13:00:58.218Z","repository":{"id":344668953,"uuid":"1182653829","full_name":"bad-antics/YARAJulia.jl","owner":"bad-antics","description":"YARA-like pattern matching engine for Julia — malware analysis and threat detection","archived":false,"fork":false,"pushed_at":"2026-03-15T20:06:23.000Z","size":13,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-04-04T02:34:21.697Z","etag":null,"topics":["julia","malware-analysis","pattern-matching","security","yara"],"latest_commit_sha":null,"homepage":null,"language":"Julia","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/bad-antics.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-03-15T19:57:40.000Z","updated_at":"2026-04-03T19:02:26.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/bad-antics/YARAJulia.jl","commit_stats":null,"previous_names":["bad-antics/yarajulia.jl"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/bad-antics/YARAJulia.jl","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bad-antics%2FYARAJulia.jl","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bad-antics%2FYARAJulia.jl/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bad-antics%2FYARAJulia.jl/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bad-antics%2FYARAJulia.jl/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/bad-antics","download_url":"https://codeload.github.com/bad-antics/YARAJulia.jl/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bad-antics%2FYARAJulia.jl/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31473271,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-06T08:36:52.050Z","status":"ssl_error","status_checked_at":"2026-04-06T08:36:51.267Z","response_time":112,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["julia","malware-analysis","pattern-matching","security","yara"],"created_at":"2026-03-23T06:00:59.902Z","updated_at":"2026-04-06T13:00:58.212Z","avatar_url":"https://github.com/bad-antics.png","language":"Julia","funding_links":[],"categories":["Security Frameworks and Tools"],"sub_categories":["Threat Intelligence"],"readme":"# YARAJulia.jl\n\n[![Tests](https://img.shields.io/badge/tests-99%20passed-brightgreen)]()\n\nA pure-Julia YARA-like pattern matching engine for malware analysis, threat detection, and binary scanning. No external dependencies required.\n\n## Features\n\n- **Hex patterns** — plain bytes, wildcards (`??`), jumps (`[N-M]`), alternatives (`(XX|YY)`)\n- **Text patterns** — plain, case-insensitive (`nocase`), UTF-16LE (`wide`), word-boundary (`fullword`)\n- **Regex patterns** — full regex support with optional case-insensitive flag\n- **Rule conditions** — `all of them`, `any of them`, `N of them`, custom functions\n- **RuleSet** — group and scan with multiple rules at once\n- **YARA syntax parser** — parse standard YARA rule files\n- **Zero dependencies** — pure Julia implementation\n\n## Installation\n\n```julia\nusing Pkg\nPkg.add(\"YARAJulia\")\n```\n\n## Quick Start\n\n```julia\nusing YARAJulia\n\n# Detect PE executables\nrule = yara_rule(\"detect_pe\",\n    strings = [\n        yara_hex(\"mz_header\", \"4d 5a 90 00\"),\n        yara_hex(\"pe_sig\", \"50 45 00 00\"),\n    ],\n    condition = :all_of_them,\n    tags = [\"pe\", \"windows\"]\n)\n\nresult = scan(rule, read(\"suspicious.exe\"))\nif result.matched\n    println(\"PE file detected! $(match_count(result)) matches\")\n    for m in result.matches\n        println(\"  $(m.string_id) at offset $(m.offset)\")\n    end\nend\n```\n\n## Pattern Types\n\n### Hex Patterns\n\n```julia\n# Plain hex bytes\nyara_hex(\"magic\", \"7f 45 4c 46\")          # ELF magic\n\n# Wildcards (any byte)\nyara_hex(\"sig\", \"4d 5a ?? 00\")\n\n# Jumps (variable-length gaps)\nyara_hex(\"spaced\", \"4d 5a [2-8] 50 45\")\n\n# Alternatives\nyara_hex(\"variant\", \"4d (5a | 5b) 90 00\")\n```\n\n### Text Patterns\n\n```julia\nyara_text(\"cmd\", \"CreateRemoteThread\")\nyara_text(\"cmd_ci\", \"createremotethread\"; nocase=true)\nyara_text(\"wide_str\", \"kernel32\"; wide=true)\nyara_text(\"word\", \"malware\"; fullword=true)\n```\n\n### Regex Patterns\n\n```julia\nyara_regex(\"url\", raw\"https?://[\\w.-]+/[\\w./-]+\")\nyara_regex(\"email\", raw\"[\\w.]+@[\\w.]+\\.\\w+\"; nocase=true)\n```\n\n## Rule Conditions\n\n```julia\n# All patterns must match\nyara_rule(\"strict\", strings=patterns, condition=:all_of_them)\n\n# Any pattern must match\nyara_rule(\"loose\", strings=patterns, condition=:any_of_them)\n\n# At least N patterns must match\nyara_rule(\"threshold\", strings=patterns, condition=(:n_of_them, 3))\n\n# Custom condition function\nyara_rule(\"custom\", strings=patterns,\n    condition=(matched, matches, data) -\u003e length(matches) \u003e= 5)\n```\n\n## RuleSets\n\n```julia\nrs = RuleSet(\"malware_detection\")\nadd_rule!(rs, rule1)\nadd_rule!(rs, rule2)\n\n# Scan against all rules, returns only matching results\nresults = scan_with_ruleset(rs, data)\n\n# Or compile from a vector\nrs = compile_rules([rule1, rule2]; name=\"compiled\")\n```\n\n## YARA Syntax Parser\n\n```julia\nsource = raw\"\"\"\nrule detect_elf : linux {\n    meta:\n        author = \"analyst\"\n        severity = 8\n    strings:\n        $magic = { 7F 45 4C 46 }\n        $suspicious = \"eval(\"\n    condition:\n        all of them\n}\n\"\"\"\n\nrules = parse_yara(source)\nresult = scan(rules[1], file_data)\n```\n\n## File Scanning\n\n```julia\nresult = scan_file(rule, \"/path/to/file\")\n```\n\n## API Reference\n\n| Function | Description |\n|----------|-------------|\n| `yara_hex(id, pattern)` | Create hex byte pattern |\n| `yara_text(id, text; nocase, wide, fullword)` | Create text pattern |\n| `yara_regex(id, pattern; nocase)` | Create regex pattern |\n| `yara_rule(name; strings, condition, tags, metadata)` | Create a rule |\n| `scan(rule, data)` | Scan data against a rule |\n| `scan_file(rule, path)` | Scan a file against a rule |\n| `match_count(result)` | Total match count |\n| `match_count(result, id)` | Match count for a string ID |\n| `compile_rules(rules)` | Compile rules into a RuleSet |\n| `scan_with_ruleset(rs, data)` | Scan with multiple rules |\n| `parse_yara(source)` | Parse YARA syntax into rules |\n\n## License\n\nMIT\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbad-antics%2FYARAJulia.jl","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbad-antics%2FYARAJulia.jl","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbad-antics%2FYARAJulia.jl/lists"}