https://github.com/karpfediem/yara-sigs

nix flake combining yara + signature-base
https://github.com/karpfediem/yara-sigs

Last synced: 2 months ago
JSON representation

nix flake combining yara + signature-base

• Host: GitHub
• URL: https://github.com/karpfediem/yara-sigs
• Owner: karpfediem
• License: mit
• Created: 2024-10-22T13:41:10.000Z (8 months ago)
• Default Branch: main
• Last Pushed: 2025-04-10T00:57:53.000Z (2 months ago)
• Last Synced: 2025-04-11T02:07:24.418Z (2 months ago)
• Language: Nix
• Size: 78.1 KB
• Stars: 0
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

        
[![update-flake-lock](https://github.com/karpfediem/yara-sigs/actions/workflows/auto-update-flake.yml/badge.svg)](https://github.com/karpfediem/yara-sigs/actions/workflows/auto-update-flake.yml)

# Run

### With yara available in your PATH

```bash

nix run git+https://github.com/karpfediem/yara-sigs local/path/to/scan

nix run . local/path/to/scan

```

### Without yara available in your PATH

```bash

nix develop git+https://github.com/karpfediem/yara-sigs -c yara-sigs local/path/to/scan

nix develop . -c yara-sigs local/path/to/scan

```

# Components

## Signatures

A collection of malware signatures: https://github.com/Neo23x0/signature-base

Some signatures are only compatible with proprietary signature checkers [THOR or LOKI](https://github.com/Neo23x0/signature-base?tab=readme-ov-file#external-variables-in-yara-rules). Signatures incompatible with yara are filtered out.

## Wrapper script

A tiny wrapper script around `yara` (https://github.com/VirusTotal/yara) - `yara-sigs` which calls yara with the directory of the filtered signatures above.