Skip to content
Yara Rule Analyzer and Statistics
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.


Yara Rule Analyzer and Statistics


yarAnalyzer creates statistics on a yara rule set and files in a sample directory. Place some signatures with .yar extension in the "signatures" folder and then run yarAnalyzer on a certain sample directory like: -p /sample/path -s /signatures

It will generate two tables as command line output and two CSV files. (yaranalyzer_file_stats.csv, yaranalyzer_rule_stats.csv)

A new feature is the inventory creation. --inventory -s /signatures

This will create a CSV file named yara-rule-inventory.csv (default, set with '-o') with information about the initialized rules. (Rule File;Rule Name;Description;Reference)


Rule Statistics

Rule Statistics

File Statistics

File Statistics

CSV Output in Excel

CSV Output in Excel


usage: [-h] [-p path] [-s sigpath] [-e ext] [-i identifier]
                      [-m max-size] [-l max-string] [-f first-bytes]
                      [-o output] [--excel] [--noempty] [--inventory]
                      [--printAll] [--debug]

yarAnalyzer - Yara Rules Statistics and Analysis

optional arguments:
  -h, --help      show this help message and exit
  -p path         Path to scan
  -s sigpath      Path to signature file(s)
  -e ext          signature extension
  -i identifier   Set an identifier - will be used in filename
                  identifier_rule_stats.csv and identifier_file_stats.csv
  -m max-size     Max file size in MB (default=10)
  -l max-string   Max filename/rulename string length in command line output
  -f first-bytes  Number of first bytes to show in output
  -o output       Inventory output
  --excel         Add extras to suppress automatic conversion in Microsoft
  --noempty       Don't show empty values
  --inventory     Create a YARA rule inventory only
  --printAll      Print all files that are scanned
  --debug         Debug output


install the outdated "yara" Python module via pip. Use "yara-python" instead or install it from the github repo:

You can’t perform that action at this time.