GithubHelp home page GithubHelp logo

tommydeeee / yara-x Goto Github PK

View Code? Open in Web Editor NEW

This project forked from virustotal/yara-x

0.0 0.0 0.0 34.34 MB

Experimenting with YARA and Rust

License: BSD 3-Clause "New" or "Revised" License

Python 0.30% Rust 96.85% C 0.78% Go 1.38% JavaScript 0.10% SCSS 0.02% HTML 0.57%

yara-x's Introduction

tests coverage Crates.io Crates.io MSRV

YARA-X

YARA-X is a re-incarnation of YARA, a pattern matching tool designed with malware researchers in mind. This new incarnation intends to be faster, safer and more user-friendly than its predecessor. The ultimate goal of YARA-X is to serve as the future replacement for YARA.

With YARA-X you can create descriptions of malware families (or whatever you want to describe) based on textual or binary patterns. Each description (a.k.a. rule) consists of a set of patterns and a boolean expression which determine its logic. Let’s see an example:

rule silent_banker : banker {
    meta:
        description = "This is just an example"
        threat_level = 3
        in_the_wild = true

    strings:
        $a = {6A 40 68 00 30 00 00 6A 14 8D 91}
        $b = {8D 4D B0 2B C1 83 C0 27 99 6A 4E 59 F7 F9}
        $c = "UVODFRYSIHLNWPEJXQZAKCBGMT"

    condition:
        $a or $b or $c
}

The above rule is telling YARA-X that any file containing one of the three patterns must be reported as silent_banker. This is just a simple example, more complex and powerful rules can be created by using wild-cards, case-insensitive strings, regular expressions, special operators and many other features that you'll find explained in the documentation.

FAQ

How does YARA-X compare to YARA?

Read this.

Which are the differences at the rule level?

Read this.

Is YARA still maintained?

Yes, it is. YARA is still being maintained, and future releases will include bug fixes and minor features. However, don’t expect new large features or modules. All efforts to enhance YARA, including the addition of new modules, will now focus on YARA-X.

What's the current state of YARA-X?

YARA-X is still in beta, but is mature and stable enough for use, specially from the command-line interface or one-shot Python scripts. While the APIs may still undergo minor changes, the foundational aspects are already established.

At VirusTotal, we have been running YARA-X alongside YARA for a while, scanning millions of files with tens of thousands of rules, and addressing discrepancies between the two. This means that YARA-X is already battle-tested. These tests have even uncovered YARA bugs!

Please test YARA-X and don’t hesitate to open an issue if you find a bug or some feature that you want to see implemented.

yara-x's People

Contributors

plusvic avatar latonis avatar wxsbsd avatar dependabot[bot] avatar tommydeeee avatar ronniesalomonsen avatar szabgab avatar kapiteinkrapbijkas avatar metthal avatar codedninja avatar pombredanne avatar seekbytes avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.