{"id":26410865,"url":"https://github.com/codiphile/yarashield","last_synced_at":"2025-08-30T09:17:46.346Z","repository":{"id":281451793,"uuid":"945327108","full_name":"codiphile/YaraShield","owner":"codiphile","description":"A Malware Detection Tool ","archived":false,"fork":false,"pushed_at":"2025-03-09T06:48:41.000Z","size":1937,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-03-17T20:19:37.742Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/codiphile.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2025-03-09T06:37:46.000Z","updated_at":"2025-03-16T07:41:15.000Z","dependencies_parsed_at":"2025-03-09T07:34:41.617Z","dependency_job_id":null,"html_url":"https://github.com/codiphile/YaraShield","commit_stats":null,"previous_names":["codiphile/yarashield"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/codiphile/YaraShield","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/codiphile%2FYaraShield","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/codiphile%2FYaraShield/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/codiphile%2FYaraShield/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/codiphile%2FYaraShield/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/codiphile","download_url":"https://codeload.github.com/codiphile/YaraShield/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/codiphile%2FYaraShield/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":272829457,"owners_count":25000235,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-30T02:00:09.474Z","response_time":77,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-03-17T20:19:41.004Z","updated_at":"2025-08-30T09:17:46.316Z","avatar_url":"https://github.com/codiphile.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# YaraShield - Advanced Malware Detection Tool\n\nYaraShield is a powerful malware detection tool that leverages YARA rules to identify various threats in files. It provides a user-friendly GUI interface for scanning files and managing YARA rules.\n\n![YaraShield Screenshot 1](./Images/Screenshot%202.png)\n![YaraShield Screenshot 2](./Images/Screenshot%201.png)\n\n## Features\n\n- **Advanced Malware Detection**: Detect a wide variety of malware types using YARA pattern matching\n- **User-Friendly Interface**: Intuitive GUI with file selection, scan results, and rule management\n- **Comprehensive Rule Collection**: Built-in rules for detecting:\n  - Ransomware\n  - Backdoors\n  - Cryptominers\n  - Data exfiltration tools\n  - Rootkits\n  - Fileless malware\n  - Memory injection techniques\n  - Supply chain attacks\n  - PowerShell attacks\n  - Obfuscated JavaScript\n- **Rule Management**: View and manage YARA rules through the application\n- **Real-time Rule Monitoring**: Automatic detection of rule file changes\n- **Detailed Scan Results**: View comprehensive information about detected threats\n\n## Installation\n\n### Prerequisites\n\n- Python 3.7 or higher\n- Required Python packages:\n  - yara-python\n  - tkinter (usually comes with Python)\n\n### Setup\n\n1. Clone the repository:\n\n   ```\n   git clone https://github.com/username/YaraShield.git\n   cd YaraShield\n   ```\n\n2. Create a virtual environment (recommended):\n\n   ```\n   python -m venv .venv\n   source .venv/bin/activate  # On Windows: .venv\\Scripts\\activate\n   ```\n\n3. Install required packages:\n\n   ```\n   pip install yara-python\n   ```\n\n4. Run the application:\n   ```\n   python malware_scanner.py\n   ```\n\n## Usage\n\n1. **File Scanning**:\n\n   - Select a file to scan using the \"Browse\" button\n   - Click \"Scan File\" to analyze the file\n   - View the results in the text area\n\n2. **Rule Management**:\n   - Switch to the \"YARA Rules\" tab\n   - View available rule files in the list\n   - Select a rule file to view its contents\n   - Click \"Reload Rules\" to refresh if you've modified rule files externally\n\n## YARA Rules\n\nYaraShield comes with several pre-defined rule files in the `rules` directory:\n\n- `basic_rules.yar`: Simple malware detection rules\n- `advanced_malware.yar`: Rules for ransomware, PowerShell attacks, and obfuscated JavaScript\n- `advanced_threats.yar`: Rules for backdoors, cryptominers, data exfiltration, and rootkits\n- `specialized_threats.yar`: Rules for supply chain attacks, memory injection, fileless malware, and persistence mechanisms\n\n### Creating Custom Rules\n\nYou can create your own YARA rules by adding `.yar` files to the `rules` directory. The application will automatically load them at startup or when you click \"Reload Rules\".\n\nExample of a simple YARA rule:\n\n```yara\nrule My_Custom_Rule {\n    meta:\n        name = \"Custom Malware Detector\"\n        description = \"Detects custom malware patterns\"\n        author = \"Your Name\"\n        date = \"2023-03-09\"\n        severity = \"Medium\"\n\n    strings:\n        $suspicious_string1 = \"malicious_function\"\n        $suspicious_string2 = \"evil_code\"\n\n    condition:\n        any of them\n}\n```\n\n## License\n\n[MIT License](LICENSE)\n\n## Author\n\nMudit Sharma\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcodiphile%2Fyarashield","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcodiphile%2Fyarashield","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcodiphile%2Fyarashield/lists"}