コード例 #1
0
    def yara_classify(self, file_path, yara_check_file):
        """yara分类/有带pe包和没有带的分开"""
        try:
            for rules in self.yara_open_file(file_path):
                if not isinstance(rules, list):
                    continue
                if rules[1].find('rule') != -1:
                    try:
                        sigrules = yaratool.split(rules[1])
                    except Exception as e:
                        continue
                    for rule in sigrules:
                        rule_name = os.path.join(yara_check_file,
                                                 rule.name) + ".yar"
                        with open(rule_name, 'w') as tmp:
                            tmp.write(rule.original)

        except Exception as e:
            pass
コード例 #2
0
import yaratool
import sys

if __name__ == "__main__":
    count = 0
    duplicates = 0
    drf = yaratool.DuplicateDetector()
    for filename in sys.argv[1:]:
        fh = open(filename, 'r')
        sigrules = fh.read()
        fh.close()
        rules = yaratool.split(sigrules)
        for rule in rules:
            ynhash = rule.hash()
            res = drf.check(rule)
            if res:
                duplicates += 1
                for r in res:
                    print r.normalize()
                    pass
                print rule.normalize()
                print
        count += len(rules)
    print "Count: %d, Duplicates: %d" % (count, duplicates)
コード例 #3
0
#!/usr/bin/env python
import yaratool
import sys

if __name__ == "__main__":
    for filename in sys.argv[1:]:
        rulestext = file(filename,'r').read()
        rules = yaratool.split(rulestext)
        for rule in rules:
            print rule.normalize()