Skip to content
/ yaragen Public

Attempt at a yara rules generator for classification of malware families. This should be able to generate binary rules.

6 stars 6 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

JoeyJoJoJrShabadu/yaragen

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
tests
tests
 
 
yaragen
yaragen
 
 
README.md
README.md
 
 
README.rst
README.rst
 
 
requirements.txt
requirements.txt
 
 
setup.cfg
setup.cfg
 
 
setup.py
setup.py
 
 

Repository files navigation

yaragen

Attempt at a yara rules generator for classification of malware families. This should be able to generate binary rules.

NOTE: This is still a WIP

Current plan is as follows

- A Rules engine will find Generator classes that subclass the 'BaseGen' type

- Current classes of generators are
    - HeaderGens - Parse header data(at start of file usually), can add/remove
        regions of interest for other classes of 'BaseGens'
    - BinaryGens - Generate binary yara rules based on some form of binary 
        differencing, a max_size, min_size, ratio and fuzzy_len are provided
        for some control
    - StructGens  Parse structures that may not necessarily be in the header
    - TextGens - Generate rules from textual data
    
- Rules should be returned using the YaraRule types so the generator knows
    how to manage them.
    - AsciiStringRule
    - WideAsciiStringRule
    - BinaryStringRule

About

Attempt at a yara rules generator for classification of malware families. This should be able to generate binary rules.

Resources

Readme
Activity

Stars

6 stars

Watchers

6 watching

Forks

6 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages