Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/VirusTotal/yara-python

The Python interface for YARA
https://github.com/VirusTotal/yara-python

yara

Last synced: 30 days ago
JSON representation

The Python interface for YARA

Host: GitHub
URL: https://github.com/VirusTotal/yara-python
Owner: VirusTotal
License: apache-2.0
Created: 2015-09-11T09:37:35.000Z (over 9 years ago)
Default Branch: master
Last Pushed: 2024-05-25T14:25:38.000Z (7 months ago)
Last Synced: 2024-11-07T15:17:02.611Z (about 1 month ago)
Topics: yara
Language: C
Homepage: http://virustotal.github.io/yara/
Size: 310 KB
Stars: 659
Watchers: 51
Forks: 179
Open Issues: 31
Metadata Files:
- Readme: README.rst
- License: LICENSE

Awesome Lists containing this project

README

        .. image:: https://ci.appveyor.com/api/projects/status/gidnb9ulj3rje5s2?svg=true

    :target: https://ci.appveyor.com/project/plusvic/yara-python

yara-python

===========

With this library you can use `YARA `_ from

your Python programs. It covers all YARA's features, from compiling, saving

and loading rules to scanning files, strings and processes.

Here it goes a little example:

.. code-block:: python

    >>> import yara

    >>> rule = yara.compile(source='rule foo: bar {strings: $a = "lmn" condition: $a}')

    >>> matches = rule.match(data='abcdefgjiklmnoprstuvwxyz')

    >>> print(matches)

    [foo]

    >>> print(matches[0].rule)

    foo

    >>> print(matches[0].tags)

    ['bar']

    >>> print(matches[0].strings)

    [$a]

    >>> print(matches[0].strings[0].identifier)

    $a

    >>> print(matches[0].strings[0].instances)

    [lmn]

    >>> print(matches[0].strings[0].instances[0].offset)

    10

    >>> print(matches[0].strings[0].instances[0].matched_length)

    3

Installation

------------

The easiest way of installing YARA is by using ``pip``:

.. code-block:: bash

  $ pip install yara-python

But you can also get the source from GitHub and compile it yourself:

.. code-block:: bash

  $ git clone --recursive https://github.com/VirusTotal/yara-python

  $ cd yara-python

  $ python setup.py build

  $ sudo python setup.py install

Notice the ``--recursive`` option used with ``git``. This is important because

we need to download the ``yara`` subproject containing the source code for

``libyara`` (the core YARA library). It's also important to note that the two

methods above link ``libyara`` statically into yara-python. If you want to link

dynamically against a shared ``libyara`` library use:

.. code-block:: bash

  $ python setup.py build --dynamic-linking

For this option to work you must build and install

`YARA `_ separately before installing

``yara-python``.

Documentation

-------------

Find more information about how to use yara-python at

https://yara.readthedocs.org/en/latest/yarapython.html.