def find_signatures(root):
signatures = []
for entry in os.listdir(root):
if entry.endswith(".yara") or entry.endswith(".yar"):
signatures.append(os.path.join(root, entry))
return signatures
def init_yara():
"""Generates index for yara signatures."""
def find_signatures(root):
signatures = []
for entry in os.listdir(root):
if entry.endswith(".yara") or entry.endswith(".yar"):
signatures.append(os.path.join(root, entry))
return signatures
log.debug("Initializing Yara...")
# Generate root directory for yara rules.
yara_root = os.path.join(CUCKOO_ROOT, "data", "yara")
# We divide yara rules in three categories.
categories = ["binaries", "urls", "memory"]
generated = []
# Loop through all categories.
for category in categories:
# Check if there is a directory for the given category.
category_root = os.path.join(yara_root, category)
if not os.path.exists(category_root):
continue
# Check if the directory contains any rules.
signatures = []
for entry in os.listdir(category_root):
if entry.endswith(".yara") or entry.endswith(".yar"):
signatures.append(os.path.join(category_root, entry))
if not signatures:
continue
# Generate path for the category's index file.
index_name = "index_{0}.yar".format(category)
index_path = os.path.join(yara_root, index_name)
# Create index file and populate it.
with open(index_path, "w") as index_handle:
for signature in signatures:
index_handle.write("include \"{0}\"\n".format(signature))
generated.append(index_name)
for entry in generated:
if entry == generated[-1]:
log.debug("\t `-- %s", entry)
else:
log.debug("\t |-- %s", entry)
def init_yara():
"""Generates index for yara signatures."""
def find_signatures(root):
signatures = []
for entry in os.listdir(root):
if entry.endswith(".yara") or entry.endswith(".yar"):
signatures.append(os.path.join(root, entry))
return signatures
log.debug("Initializing Yara...")
# Generate root directory for yara rules.
yara_root = os.path.join(CUCKOO_ROOT, "data", "yara")
# We divide yara rules in three categories.
categories = ["binaries", "urls", "memory"]
generated = []
# Loop through all categories.
for category in categories:
# Check if there is a directory for the given category.
category_root = os.path.join(yara_root, category)
if not os.path.exists(category_root):
continue
# Check if the directory contains any rules.
signatures = []
for entry in os.listdir(category_root):
if entry.endswith(".yara") or entry.endswith(".yar"):
signatures.append(os.path.join(category_root, entry))
if not signatures:
continue
# Generate path for the category's index file.
index_name = "index_{0}.yar".format(category)
index_path = os.path.join(yara_root, index_name)
# Create index file and populate it.
with open(index_path, "w") as index_handle:
for signature in signatures:
index_handle.write("include \"{0}\"\n".format(signature))
generated.append(index_name)
for entry in generated:
if entry == generated[-1]:
log.debug("\t `-- %s", entry)
else:
log.debug("\t |-- %s", entry)
def init_yara():
"""Generates index for yara signatures."""
def find_signatures(root):
signatures = []
for entry in os.listdir(root):
if entry.endswith(".yara") or entry.endswith(".yar"):
signatures.append(os.path.join(root, entry))
return signatures
log.debug("Initializing Yara...")
# Find the latest rules available on the http://yararules.com/rules/
# i did not include library like BeautifulSoup to parse HTML as it would create a new dependency
# used some RE do to it instead
root_url = "http://yararules.com/rules/"
yara_files = re.findall("\w+.yar", urllib2.urlopen(root_url).read())
# remove duplicate entries as it appear in the href and between the link anchor
yara_file_names = set(yara_files)
yara_file_names = list(yara_files)
# download the rules inside the "binaries" folder
yara_binaries = os.path.join(CUCKOO_ROOT, "data", "yara", "binaries")
for rule_name in yara_file_names:
url = root_url + rule_name
file = open( yara_binaries + "/" + rule_name, "w+")
file.write( urllib2.urlopen(url).read() )
file.close()
# Generate root directory for yara rules.
yara_root = os.path.join(CUCKOO_ROOT, "data", "yara")
# We divide yara rules in three categories.
categories = ["binaries", "urls", "memory"]
generated = []
# Loop through all categories.
for category in categories:
# Check if there is a directory for the given category.
category_root = os.path.join(yara_root, category)
if not os.path.exists(category_root):
continue
# Check if the directory contains any rules.
signatures = []
for entry in os.listdir(category_root):
if entry.endswith(".yara") or entry.endswith(".yar"):
signatures.append(os.path.join(category_root, entry))
if not signatures:
continue
# Generate path for the category's index file.
index_name = "index_{0}.yar".format(category)
index_path = os.path.join(yara_root, index_name)
# Create index file and populate it.
with open(index_path, "w") as index_handle:
for signature in signatures:
index_handle.write("include \"{0}\"\n".format(signature))
generated.append(index_name)
for entry in generated:
if entry == generated[-1]:
log.debug("\t `-- %s", entry)
else:
log.debug("\t |-- %s", entry)
def init_yara():
"""Generates index for yara signatures."""
def find_signatures(root):
signatures = []
for entry in os.listdir(root):
if entry.endswith(".yara") or entry.endswith(".yar"):
signatures.append(os.path.join(root, entry))
return signatures
log.debug("Initializing Yara...")
# Find the latest rules available on the http://yararules.com/rules/
# i did not include library like BeautifulSoup to parse HTML as it would create a new dependency
# used some RE do to it instead
root_url = "http://yararules.com/rules/"
yara_files = re.findall("\w+.yar", urllib2.urlopen(root_url).read())
# remove duplicate entries as it appear in the href and between the link anchor
yara_file_names = set(yara_files)
yara_file_names = list(yara_files)
# download the rules inside the "binaries" folder
yara_binaries = os.path.join(CUCKOO_ROOT, "data", "yara", "binaries")
for rule_name in yara_file_names:
url = root_url + rule_name
file = open(yara_binaries + "/" + rule_name, "w+")
file.write(urllib2.urlopen(url).read())
file.close()
# Generate root directory for yara rules.
yara_root = os.path.join(CUCKOO_ROOT, "data", "yara")
# We divide yara rules in three categories.
categories = ["binaries", "urls", "memory"]
generated = []
# Loop through all categories.
for category in categories:
# Check if there is a directory for the given category.
category_root = os.path.join(yara_root, category)
if not os.path.exists(category_root):
continue
# Check if the directory contains any rules.
signatures = []
for entry in os.listdir(category_root):
if entry.endswith(".yara") or entry.endswith(".yar"):
signatures.append(os.path.join(category_root, entry))
if not signatures:
continue
# Generate path for the category's index file.
index_name = "index_{0}.yar".format(category)
index_path = os.path.join(yara_root, index_name)
# Create index file and populate it.
with open(index_path, "w") as index_handle:
for signature in signatures:
index_handle.write("include \"{0}\"\n".format(signature))
generated.append(index_name)
for entry in generated:
if entry == generated[-1]:
log.debug("\t `-- %s", entry)
else:
log.debug("\t |-- %s", entry)
