Home

Awesome

Scan files and directories with multiple rules files, without cross-file rule name collision!

Files containing rules can be provided on the command-line, as a list in one or more text files, as a directory containing (just) rules files, or in a config dir. Each option (-d -f -l) can be provided multiple times.

Default output is space-separated RULE NAME, RULE FILE, and MATCH FILE. Use CSV option for comma-separated values.

Installation

pip install .

Usage

usage: yara-multi-rules.py [-h] [-d SIGDIRS] [-f SIGFILES] [-l LISTFILES] [-v]
                           [--csv] [-m] [--quiet] [--init]
                           [--config-dir CONFIGDIR] [--fail-on-warnings]
                           FILE [FILE ...]

positional arguments:
  FILE                  file(s) to scan

optional arguments:
  -h, --help            show this help message and exit
  -d SIGDIRS            Directory containing rules
  -f SIGFILES           rule file (allowed multiple times for list)
  -l LISTFILES          file containing path to rule files, one per line
  -v                    verbose output
  --csv                 output in CSV format
  -m                    only show matches
  --quiet, -q           only display match/none, no informational messages
  --init                Create a blank config (default: ~/.yara/)
  --config-dir CONFIGDIR
                        Use/create configuration in given directory.
  --fail-on-warnings    Error on warnings during rule compilation

Copyright

Copyright (c) 2018-2020, The MITRE Corporation. All rights reserved.

Approved for Public Release; Distribution Unlimited. Case Number 18-0989