Awesome

yaraScanParser

<details open="open"> <summary>Table of Contents</summary> <ol> <li> <a href="#about-the-project">About The Project</a> <ul> <li><a href="#built-with">Built With</a></li> </ul> </li> <li> <a href="#getting-started">Getting Started</a> <ul> <li><a href="#installation">Installation</a></li> </ul> </li> <li><a href="#usage">Usage</a></li> <li><a href="#contact">Contact</a></li> <li><a href="#acknowledgements">Acknowledgements</a></li> </ol> </details>

About The Project

This script is a parsing tool for Yara Scan Service's JSON output file. Yara Scan Service allows to quickly test your YARA rule against a large collection of malicious samples. It helps assure your rule only matches the malware family you are looking for. The output is a JSON file containing all the matched samples. The JSON file contains a lot of information, and yaraScanParser is meant to help you maximize its benefits.

yaraScanParser allows you to:

Save time by parsing the Yara Scan Service results automatically
Get information about wanted matches and false positives of your rule
Get the matched files' hash values in a format that can be easily inserted to your Yara rule's metadata section

Built With

Python

Getting Started

To use this tool, you must have Python installed.

Installation

Clone the repo

git clone https://github.com/Sh3llyR/yaraScanParser.git

Usage

Product Name Screen Shot

Parameters -o and -m are OPTIONAL
When -o parameter is omitted, the output file is saved in the script's directory
When -m parameter is omitted, the value of the first 'malware' key in the JSON file is used

Usage examples:

python yaraScanParser.py -i yara_scan_service_results.json -o output.txt -m CobaltStrike
python yaraScanParser.py -i yara_scan_service_results.json -o output.txt -m CobaltStrike,DarkComet,QuasarRAT
python3 yaraScanParser.py -i yara_scan_service_results.json

Contact

Project Link: https://github.com/Sh3llyR/yaraScanParser

Acknowledgements