A collection of scripts to support the use of rulezet.org.
Fetch YARA rules from Rulezet and optionally run them locally against a file or directory.
- Search public YARA rules from Rulezet
- Print fetched rules
- Save rules as local
.yarfiles - Run fetched rules locally with
yara-python
- Python 3
requestsyara-python
python3 rulezet-yara.py --search CVE-2025-53521 --print-rulespython3 rulezet-yara.py --search CVE-2025-53521 --save-dir ./rulespython3 rulezet-yara.py --search CVE-2025-53521 --run /path/to/filepython3 rulezet-yara.py --search CVE-2025-53521 --run /path/to/dir --recursivepython3 rulezet-yara.py --search CVE-2025-53521 --run /path/to/dir --recursive --jsonFetch Suricata rules from Rulezet and save them as local files or as a consolidated rules file for Suricata to load.
- Search public Suricata rules from Rulezet
- Print fetched rules
- Save each rule as an individual
.rulesfile - Build one aggregate
.rulesfile for Suricata - Optionally run a Suricata config test command and reload command
- Python 3
requests- Suricata tools (
suricata,suricatasc) only if using--test-command/--reload-command
python3 rulezet-suricata.py --search ransomware --print-rulespython3 rulezet-suricata.py --search ransomware --save-dir ./suricata-rulespython3 rulezet-suricata.py --search ransomware --output-file /etc/suricata/rules/rulezet.rulespython3 rulezet-suricata.py \
--search ransomware \
--output-file /etc/suricata/rules/rulezet.rules \
--test-command "suricata -T -c /etc/suricata/suricata.yaml -S /etc/suricata/rules/rulezet.rules" \
--reload-command "suricatasc -c reload-rules"