Packages and Binaries:

libyara-dev

YARA is a tool aimed at helping malware researchers to identify and classify malware samples. With YARA, it is possible to create descriptions of malware families based on textual or binary patterns contained in samples of those families. Each description consists of a set of strings and a Boolean expression which determines its logic.

Complex and powerful rules can be created by using binary strings with wild-cards, case-insensitive text strings, special operators, regular expressions and many other features.

This package provides development libraries and headers.

Installed size: 1014 KB
How to install: sudo apt install libyara-dev

  • libjansson-dev
  • libmagic-dev
  • libssl-dev
  • libyara8

libyara8

YARA is a tool aimed at helping malware researchers to identify and classify malware samples. With YARA, it is possible to create descriptions of malware families based on textual or binary patterns contained in samples of those families. Each description consists of a set of strings and a Boolean expression which determines its logic.

Complex and powerful rules can be created by using binary strings with wild-cards, case-insensitive text strings, special operators, regular expressions and many other features.

This package provides a shared library.

Installed size: 413 KB
How to install: sudo apt install libyara8

  • libc6
  • libjansson4
  • libmagic1
  • libssl1.1

yara

YARA is a tool aimed at helping malware researchers to identify and classify malware samples. With YARA, it is possible to create descriptions of malware families based on textual or binary patterns contained in samples of those families. Each description consists of a set of strings and a Boolean expression which determines its logic.

Complex and powerful rules can be created by using binary strings with wild-cards, case-insensitive text strings, special operators, regular expressions and many other features.

Installed size: 84 KB
How to install: sudo apt install yara

  • libc6
  • libyara8
yara

Find files matching patterns and rules written in a special-purpose language.

root@kali:~# yara -h
YARA 4.1.3, the pattern matching swiss army knife.
Usage: yara [OPTION]... [NAMESPACE:]RULES_FILE... FILE | DIR | PID

Mandatory arguments to long options are mandatory for short options too.

       --atom-quality-table=FILE        path to a file with the atom quality table
  -C,  --compiled-rules                 load compiled rules
  -c,  --count                          print only number of matches
  -d,  --define=VAR=VALUE               define external variable
       --fail-on-warnings               fail on warnings
  -f,  --fast-scan                      fast matching mode
  -h,  --help                           show this help and exit
  -i,  --identifier=IDENTIFIER          print only rules named IDENTIFIER
  -l,  --max-rules=NUMBER               abort scanning after matching a NUMBER of rules
       --max-strings-per-rule=NUMBER    set maximum number of strings per rule (default=10000)
  -x,  --module-data=MODULE=FILE        pass FILE's content as extra data to MODULE
  -n,  --negate                         print only not satisfied rules (negate)
  -w,  --no-warnings                    disable warnings
  -m,  --print-meta                     print metadata
  -D,  --print-module-data              print module data
  -e,  --print-namespace                print rules' namespace
  -S,  --print-stats                    print rules' statistics
  -s,  --print-strings                  print matching strings
  -L,  --print-string-length            print length of matched strings
  -g,  --print-tags                     print tags
  -r,  --recursive                      recursively search directories
  -N,  --no-follow-symlinks             do not follow symlinks when scanning
       --scan-list                      scan files listed in FILE, one per line
  -k,  --stack-size=SLOTS               set maximum stack size (default=16384)
  -t,  --tag=TAG                        print only rules tagged as TAG
  -p,  --threads=NUMBER                 use the specified NUMBER of threads to scan a directory
  -a,  --timeout=SECONDS                abort scanning after the given number of SECONDS
  -v,  --version                        show version information

Send bug reports and suggestions to: vmalvarez@virustotal.com.

yarac

Compile rules to yara

root@kali:~# yarac -h
Usage: yarac [OPTION]... [NAMESPACE:]SOURCE_FILE... OUTPUT_FILE

       --atom-quality-table=FILE        path to a file with the atom quality table
  -d,  --define=VAR=VALUE               define external variable
       --fail-on-warnings               fail on warnings
  -h,  --help                           show this help and exit
       --max-strings-per-rule=NUMBER    set maximum number of strings per rule (default=10000)
  -w,  --no-warnings                    disable warnings
  -v,  --version                        show version information

Send bug reports and suggestions to: vmalvarez@virustotal.com

yara-doc

YARA is a tool aimed at helping malware researchers to identify and classify malware samples. With YARA, it is possible to create descriptions of malware families based on textual or binary patterns contained in samples of those families. Each description consists of a set of strings and a Boolean expression which determines its logic.

Complex and powerful rules can be created by using binary strings with wild-cards, case-insensitive text strings, special operators, regular expressions and many other features.

This package contains the documentation in HTML format.

Installed size: 1.04 MB
How to install: sudo apt install yara-doc

  • libjs-sphinxdoc

Updated on: 2021-Nov-26