def find_signatures(root): signatures = [] for entry in os.listdir(root): if entry.endswith(".yara") or entry.endswith(".yar"): signatures.append(os.path.join(root, entry)) return signatures
def init_yara(): """Generates index for yara signatures.""" def find_signatures(root): signatures = [] for entry in os.listdir(root): if entry.endswith(".yara") or entry.endswith(".yar"): signatures.append(os.path.join(root, entry)) return signatures log.debug("Initializing Yara...") # Generate root directory for yara rules. yara_root = os.path.join(CUCKOO_ROOT, "data", "yara") # We divide yara rules in three categories. categories = ["binaries", "urls", "memory"] generated = [] # Loop through all categories. for category in categories: # Check if there is a directory for the given category. category_root = os.path.join(yara_root, category) if not os.path.exists(category_root): continue # Check if the directory contains any rules. signatures = [] for entry in os.listdir(category_root): if entry.endswith(".yara") or entry.endswith(".yar"): signatures.append(os.path.join(category_root, entry)) if not signatures: continue # Generate path for the category's index file. index_name = "index_{0}.yar".format(category) index_path = os.path.join(yara_root, index_name) # Create index file and populate it. with open(index_path, "w") as index_handle: for signature in signatures: index_handle.write("include \"{0}\"\n".format(signature)) generated.append(index_name) for entry in generated: if entry == generated[-1]: log.debug("\t `-- %s", entry) else: log.debug("\t |-- %s", entry)
def init_yara(): """Generates index for yara signatures.""" def find_signatures(root): signatures = [] for entry in os.listdir(root): if entry.endswith(".yara") or entry.endswith(".yar"): signatures.append(os.path.join(root, entry)) return signatures log.debug("Initializing Yara...") # Generate root directory for yara rules. yara_root = os.path.join(CUCKOO_ROOT, "data", "yara") # We divide yara rules in three categories. categories = ["binaries", "urls", "memory"] generated = [] # Loop through all categories. for category in categories: # Check if there is a directory for the given category. category_root = os.path.join(yara_root, category) if not os.path.exists(category_root): continue # Check if the directory contains any rules. signatures = [] for entry in os.listdir(category_root): if entry.endswith(".yara") or entry.endswith(".yar"): signatures.append(os.path.join(category_root, entry)) if not signatures: continue # Generate path for the category's index file. index_name = "index_{0}.yar".format(category) index_path = os.path.join(yara_root, index_name) # Create index file and populate it. with open(index_path, "w") as index_handle: for signature in signatures: index_handle.write("include \"{0}\"\n".format(signature)) generated.append(index_name) for entry in generated: if entry == generated[-1]: log.debug("\t `-- %s", entry) else: log.debug("\t |-- %s", entry)
def init_yara(): """Generates index for yara signatures.""" def find_signatures(root): signatures = [] for entry in os.listdir(root): if entry.endswith(".yara") or entry.endswith(".yar"): signatures.append(os.path.join(root, entry)) return signatures log.debug("Initializing Yara...") # Find the latest rules available on the http://yararules.com/rules/ # i did not include library like BeautifulSoup to parse HTML as it would create a new dependency # used some RE do to it instead root_url = "http://yararules.com/rules/" yara_files = re.findall("\w+.yar", urllib2.urlopen(root_url).read()) # remove duplicate entries as it appear in the href and between the link anchor yara_file_names = set(yara_files) yara_file_names = list(yara_files) # download the rules inside the "binaries" folder yara_binaries = os.path.join(CUCKOO_ROOT, "data", "yara", "binaries") for rule_name in yara_file_names: url = root_url + rule_name file = open( yara_binaries + "/" + rule_name, "w+") file.write( urllib2.urlopen(url).read() ) file.close() # Generate root directory for yara rules. yara_root = os.path.join(CUCKOO_ROOT, "data", "yara") # We divide yara rules in three categories. categories = ["binaries", "urls", "memory"] generated = [] # Loop through all categories. for category in categories: # Check if there is a directory for the given category. category_root = os.path.join(yara_root, category) if not os.path.exists(category_root): continue # Check if the directory contains any rules. signatures = [] for entry in os.listdir(category_root): if entry.endswith(".yara") or entry.endswith(".yar"): signatures.append(os.path.join(category_root, entry)) if not signatures: continue # Generate path for the category's index file. index_name = "index_{0}.yar".format(category) index_path = os.path.join(yara_root, index_name) # Create index file and populate it. with open(index_path, "w") as index_handle: for signature in signatures: index_handle.write("include \"{0}\"\n".format(signature)) generated.append(index_name) for entry in generated: if entry == generated[-1]: log.debug("\t `-- %s", entry) else: log.debug("\t |-- %s", entry)
def init_yara(): """Generates index for yara signatures.""" def find_signatures(root): signatures = [] for entry in os.listdir(root): if entry.endswith(".yara") or entry.endswith(".yar"): signatures.append(os.path.join(root, entry)) return signatures log.debug("Initializing Yara...") # Find the latest rules available on the http://yararules.com/rules/ # i did not include library like BeautifulSoup to parse HTML as it would create a new dependency # used some RE do to it instead root_url = "http://yararules.com/rules/" yara_files = re.findall("\w+.yar", urllib2.urlopen(root_url).read()) # remove duplicate entries as it appear in the href and between the link anchor yara_file_names = set(yara_files) yara_file_names = list(yara_files) # download the rules inside the "binaries" folder yara_binaries = os.path.join(CUCKOO_ROOT, "data", "yara", "binaries") for rule_name in yara_file_names: url = root_url + rule_name file = open(yara_binaries + "/" + rule_name, "w+") file.write(urllib2.urlopen(url).read()) file.close() # Generate root directory for yara rules. yara_root = os.path.join(CUCKOO_ROOT, "data", "yara") # We divide yara rules in three categories. categories = ["binaries", "urls", "memory"] generated = [] # Loop through all categories. for category in categories: # Check if there is a directory for the given category. category_root = os.path.join(yara_root, category) if not os.path.exists(category_root): continue # Check if the directory contains any rules. signatures = [] for entry in os.listdir(category_root): if entry.endswith(".yara") or entry.endswith(".yar"): signatures.append(os.path.join(category_root, entry)) if not signatures: continue # Generate path for the category's index file. index_name = "index_{0}.yar".format(category) index_path = os.path.join(yara_root, index_name) # Create index file and populate it. with open(index_path, "w") as index_handle: for signature in signatures: index_handle.write("include \"{0}\"\n".format(signature)) generated.append(index_name) for entry in generated: if entry == generated[-1]: log.debug("\t `-- %s", entry) else: log.debug("\t |-- %s", entry)