yarAnalyzer v0.6 releases: Yara Rule Analyzer and Statistics
yarAnalyzer creates statistics on a yara rule set and files in a sample directory. Place some signatures with .yar extension in the “signatures” folder and then run yarAnalyzer on a certain sample directory like:
yarAnalyzer.py -p /sample/path -s /signatures
It will generate two tables as command line output and two CSV files. (yaranalyzer_file_stats.csv, yaranalyzer_rule_stats.csv)
A new feature is the inventory creation.
yarAnalyzer.py –inventory -s /signatures
This will create a CSV file named yara-rule-inventory.csv (default, set with ‘-o’) with information about the initialized rules. (Rule File;Rule Name;Description;Reference)
YARA is the name of a tool primarily used in malware research and detection. It provides a rule-based approach to create descriptions of malware families based on textual or binary patterns. A description is essentially a Yara rule name, where these rules consist of sets of strings and a boolean expression. The language used has traits of Perl compatible regular expressions.
YARA was originally developed by Victor Alvarez of Virustotal. The name is either an abbreviation of YARA: Another Recursive Acronym, or Yet Another Ridiculous Acronym. YARA by default comes with modules to process PE, ELF analysis, as well as support for the open-source Cuckoo sandbox.
- Python 3 support
git clone https://github.com/Neo23x0/yarAnalyzer.git
CSV Output in Excel
Copyright (c) 2015 Florian Roth