usage: mkyara [-h] [-i {x86}] [-a {32,64,x86,x64}] -f FILE_PATH [-n RULENAME]

              -o OFFSET -s SIZE [-m {loose,normal,strict}] [-r RESULT] [-v]



Generate a Yara rule based on disassembled code



optional arguments:

  -h, --help            show this help message and exit

  -i {x86}, --instruction_set {x86}

                        Instruction set

  -a {32,64,x86,x64}, --instruction_mode {32,64,x86,x64}

                        Instruction mode

  -f FILE_PATH, --file_path FILE_PATH

                        Sample file path

  -n RULENAME, --rulename RULENAME

                        Generated rule name

  -o OFFSET, --offset OFFSET

                        File offset for signature

  -s SIZE, --size SIZE  Size of desired signature

  -m {loose,normal,strict}, --mode {loose,normal,strict}

                        Wildcard mode for yara rule generation

                        loose = wildcard all operands

                        normal = wildcard only displacement operands

                        strict = wildcard only jmp/call addresses

  -r RESULT, --result RESULT

                        Output file

  -v, --verbose         Increase verbosity