Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/Neo23x0/yarAnalyzer

Yara Rule Analyzer and Statistics
https://github.com/Neo23x0/yarAnalyzer

Last synced: about 2 months ago
JSON representation

Yara Rule Analyzer and Statistics

Host: GitHub
URL: https://github.com/Neo23x0/yarAnalyzer
Owner: Neo23x0
License: mit
Created: 2015-06-16T20:36:06.000Z (over 9 years ago)
Default Branch: master
Last Pushed: 2023-02-19T21:18:08.000Z (over 1 year ago)
Last Synced: 2024-06-19T03:11:39.748Z (3 months ago)
Language: Python
Size: 274 KB
Stars: 347
Watchers: 26
Forks: 74
Open Issues: 2
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

        [![Not Maintained](https://img.shields.io/badge/Maintenance%20Level-Not%20Maintained-yellow.svg)](https://gist.github.com/cheerfulstoic/d107229326a01ff0f333a1d3476e068d)

# yarAnalyzer

Yara Rule Analyzer and Statistics

# Description

yarAnalyzer creates statistics on a yara rule set and files in a sample directory. Place some signatures with .yar extension in the "signatures" folder and then run yarAnalyzer on a certain sample directory like:

```yarAnalyzer.py -p /sample/path -s /signatures```

It will generate two tables as command line output and two CSV files. (yaranalyzer_file_stats.csv, yaranalyzer_rule_stats.csv)

A new feature is the inventory creation. 

```yarAnalyzer.py --inventory -s /signatures```

This will create a CSV file named ```yara-rule-inventory.csv``` (default, set with '-o') with information about the initialized rules. (Rule File;Rule Name;Description;Reference)

# Screenshots

Rule Statistics

![Rule Statistics](/screens/screen1.png)

File Statistics

![File Statistics](/screens/screen2.png)

CSV Output in Excel

![CSV Output in Excel](/screens/screen3.png)

# Usage

```

usage: yarAnalyzer.py [-h] [-p path] [-s sigpath] [-e ext] [-i identifier]

                      [-m max-size] [-l max-string] [-f first-bytes]

                      [-o output] [--excel] [--noempty] [--inventory]

                      [--printAll] [--debug]

yarAnalyzer - Yara Rules Statistics and Analysis

optional arguments:

  -h, --help      show this help message and exit

  -p path         Path to scan

  -s sigpath      Path to signature file(s)

  -e ext          signature extension

  -i identifier   Set an identifier - will be used in filename

                  identifier_rule_stats.csv and identifier_file_stats.csv

  -m max-size     Max file size in MB (default=10)

  -l max-string   Max filename/rulename string length in command line output

  -f first-bytes  Number of first bytes to show in output

  -o output       Inventory output

  --excel         Add extras to suppress automatic conversion in Microsoft

                  Excel

  --noempty       Don't show empty values

  --inventory     Create a YARA rule inventory only

  --printAll      Print all files that are scanned

  --debug         Debug output

  

```

# DO NOT

install the outdated "yara" Python module via pip. Use "yara-python" instead or install it from the github repo: [https://github.com/plusvic/yara-python](https://github.com/plusvic/yara-python)