YaraGuard is an advanced malware analysis tool designed to empower users in the relentless pursuit of securing digital environments. At its core, YaraGuard utilizes YARA rules, providing a sophisticated and effective means of scanning files for potential threats.
-
Custom YARA Rules: YaraGuard incorporates a diverse set of YARA rules, including custom-crafted ones meticulously designed for precision. Special thanks to the countless individuals and organizations whose publicly available YARA rules have been incorporated into this tool, contributing to its comprehensive malware detection capabilities.
-
Precision Scanning: By leveraging the power of YARA rules, YaraGuard achieves precision scanning, accurately pinpointing potential threats within files. The tool's enhanced detection capabilities make it a valuable asset for security professionals and enthusiasts alike.
-
YaraGuard supports analysis for a wide range of file formats
-
Threat Intelligence: YaraGuard goes beyond mere identification of threats; it furnishes valuable insights into the intricate nature of potential malicious content. The generated reports, exemplified below, shedding light on the characteristics and behaviors of identified threats:
YaraGuard's operation is centered around the execution of custom YARA rules during the scanning process. When invoked with the command python3 scan.py {file_to_scan}
, the tool dynamically applies these rules to scrutinize the specified file for patterns associated with malware. The result is a comprehensive analysis report, detailing any identified threats.
To use YaraGuard, ensure that you have the following dependencies installed:
-
yara-python: YARA is a pattern matching tool used for malware identification.
-
rich: Rich is a Python library for rich text and beautiful formatting in the terminal.
git clone https://github.com/MY7H404/YaraGuard.git
cd YaraGuard
pip3 install yara-python / or ( pip install -U git+https://github.com/VirusTotal/yara-python )
pip3 install rich
python3 scan.py {file_to_scan}
python3 scan.py file_to_scan
This command initiates a scan on the specified file, providing real-time feedback on potential malicious content detected by YARA rules.
Contributions to YaraGuard are welcome. If you encounter issues or have suggestions for improvements, feel free to open an issue or submit a pull request.
A big thank you to the contributors who have helped make YaraGuard even better!
This project is licensed under the GNU General Public License v3.0.