{"id":28900306,"url":"https://github.com/radareorg/r2yara","last_synced_at":"2025-07-26T10:11:50.712Z","repository":{"id":198502805,"uuid":"699763702","full_name":"radareorg/r2yara","owner":"radareorg","description":"yara and radare2, better together","archived":false,"fork":false,"pushed_at":"2025-06-16T00:14:31.000Z","size":134,"stargazers_count":26,"open_issues_count":7,"forks_count":5,"subscribers_count":4,"default_branch":"main","last_synced_at":"2025-06-20T08:38:52.566Z","etag":null,"topics":["malware","radare2","rules","yara"],"latest_commit_sha":null,"homepage":"","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"lgpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/radareorg.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"COPYING","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null},"funding":{"github":null,"patreon":null,"open_collective":"radareorg","ko_fi":null,"tidelift":null,"community_bridge":null,"liberapay":null,"issuehunt":null,"otechie":null,"custom":null}},"created_at":"2023-10-03T09:41:17.000Z","updated_at":"2025-06-17T23:29:34.000Z","dependencies_parsed_at":null,"dependency_job_id":"575c236b-3460-4831-8d33-449a1be384a8","html_url":"https://github.com/radareorg/r2yara","commit_stats":{"total_commits":56,"total_committers":5,"mean_commits":11.2,"dds":0.4464285714285714,"last_synced_commit":"5a135ed400b9ccc22a2ae4f74433e9ed95fb0bb1"},"previous_names":["radareorg/r2yara"],"tags_count":5,"template":false,"template_full_name":null,"purl":"pkg:github/radareorg/r2yara","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/radareorg%2Fr2yara","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/radareorg%2Fr2yara/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/radareorg%2Fr2yara/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/radareorg%2Fr2yara/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/radareorg","download_url":"https://codeload.github.com/radareorg/r2yara/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/radareorg%2Fr2yara/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":261019049,"owners_count":23097947,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["malware","radare2","rules","yara"],"created_at":"2025-06-21T09:39:44.069Z","updated_at":"2025-06-21T09:40:15.570Z","avatar_url":"https://github.com/radareorg.png","language":"C","readme":"# r2yara\n[![GithubCI Status](https://github.com/radareorg/r2yara/actions/workflows/ci.yml/badge.svg?branch=main)](https://github.com/radareorg/r2yara/actions/workflows/ci.yml?query=branch%3Amain)\n\nr2 and YARA, better together!\n\n## License and Author(s)\n\nLGPLv3 - Copyright 2014-2024 - pancake, jvoisin, jfrankowski, Sylvain Pelissier\n\n## Installation\n\nr2yara can be installed with `r2pm` tool running this command:\n\n```sh\nr2pm -ci r2yara\n```\n\n## Documentation\n\nAfter installation, you will get the `yr` command inside `radare2` shell\n\n```\n[0x100003a84]\u003e yr?\nUsage: yr [action] [args..] load and run yara rules inside r2\n| yr [file] add yara rules from file\n| yr same as yr?\n| yr-* unload all the rules\n| yr? show this help (same as 'yara?')\n| yrg[?][-sx] generate yara rule\n| yrl list loaded rules\n| yrs[q] scan the current file, suffix with 'q' for quiet mode\n| yrt ([tagname]) list tags from loaded rules, or list rules from given tag\n| yrv show version information about r2yara and yara\n```\n\nSee `man 7 r2yara` for some examples.\n\n### Yara generator usage\n\nr2yara allows the creation of YARA rules directement inside radare2.\n\n**Commands Overview**\n\n```bash\n[0x100003a84]\u003e yrg?\nUsage: yrg [action] [args..] load and run yara rules inside r2\n| yrg- delete last pattern added to the yara rule\n| yrg-* delete all the patterns in the current rule\n| yrgs ([len]) add string (optionally specify the length)\n| yrgx ([len]) add hexpairs of blocksize (or custom length)\n| yrgf ([len]) add function bytepattern signature\n| yrgz add all strings referenced from current function\n```\n\nTo start using r2yara to create YARA rules automatically, follow these steps:\n\n**Generate a YARA rule:**\n\n```\n[0x100003a84]\u003e yrg\nWARN: See 'yrg?' to find out which subcommands use to append patterns to the rule\nrule rulename : test {\n meta:\n author = \"user\"\n description = \"My first yara rule\"\n date = \"2024-10-22\"\n version = \"0.1\"\n}\n```\n\nThis shows the current YARA rule.\n\n**Add strings from the binary as patterns:**\n\n```\n[0x100003a84]\u003e yrgs\n```\n\n**Add hex patterns:**\n\n```\n[0x100003a84]\u003e yrgx\n```\n\n**Optionally, add function signatures:**\n\n```\n[0x100003a84]\u003e yrgf\n```\n\n**Once you've added the desired patterns, add the currently generated yara rule:**\n\n```\n[0x100003a84]\u003e yr+\n[0x100003a84]\u003e yrl\nrulename\n```\n\nThen the rule can be used directly as any other rules.\n","funding_links":["https://opencollective.com/radareorg"],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fradareorg%2Fr2yara","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fradareorg%2Fr2yara","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fradareorg%2Fr2yara/lists"}