Want to Join Us ?

you'll be able to discuss, share and send private messages.

Python yarAnalyzer by Neo23x0

Discussion in 'Source Code' started by storm shadow, Mar 11, 2016.

Share This Page

  1. storm shadow

    Techbliss Owner Admin Ida Pro Expert Developer


    Yara Rule Analyzer and Statistics

    yarAnalyzer creates statistics on a yara rule set and files in a sample directory. Place some signatures with .yar extension in the "signatures" folder and then run yarAnalyzer on a certain sample directory like:
    yarAnalyzer.py -p /sample/path -s /signatures
    It will generate two tables as command line output and two CSV files. (yaranalyzer_file_stats.csv, yaranalyzer_rule_stats.csv)
    A new feature is the inventory creation.
    yarAnalyzer.py --inventory -s /signatures
    This will create a CSV file named yara-rule-inventory.csv (default, set with '-o') with information about the initialized rules. (Rule File;Rule Name;Description;Reference)

    Rule Statistics
    File Statistics
    CSV Output in Excel

    usage: yarAnalyzer.py [-h] [-p path] [-s sigpath] [-e ext] [-i identifier]
    [-m max-size] [-l max-string] [-f first-bytes]
    [-o output] [--excel] [--noempty] [--inventory]
    [--printAll] [--debug]

    yarAnalyzer - Yara Rules Statistics and Analysis

    optional arguments:
    -h, --help show this help message and exit
    -p path Path to scan
    -s sigpath Path to signature file(s)
    -e ext signature extension
    -i identifier Set an identifier - will be used in filename
    identifier_rule_stats.csv and identifier_file_stats.csv
    -m max-size Max file size in MB (default=10)
    -l max-string Max filename/rulename string length in command line output
    -f first-bytes Number of first bytes to show in output
    -o output Inventory output
    --excel Add extras to suppress automatic conversion in Microsoft
    --noempty Don't show empty values
    --inventory Create a YARA rule inventory only
    --printAll Print all files that are scanned
    --debug Debug output

    source github https://github.com/Neo23x0/yarAnalyzer

    Attached Files: