{
"info": {
"author": "Stephen DiCato",
"author_email": "sdicato@mitre.org",
"bugtrack_url": null,
"classifiers": [
"Development Status :: 5 - Production/Stable",
"Intended Audience :: Developers",
"License :: OSI Approved :: BSD License",
"Natural Language :: English",
"Programming Language :: Python",
"Programming Language :: Python :: 2.7",
"Topic :: Security",
"Topic :: System :: Monitoring"
],
"description": "Yaraprocessor\n=============\n\n`YARA `_ is an awesome tool.\nIt's aimed at helping malware researchers to identify and classify malware\nsamples. With YARA you can create descriptions of malware families based\non textual or binary patterns contained on samples of those families.\n\nHowever, sometimes the data you are analyzing needs some manipulation in\norder to achieve the best results. Yaraprocessor allows you to scan data\nstreams in few unique ways. It supports scanning data streams in discrete\nchunks, or buffers. These chunks can overlap or be completely disjoint\ndepending on the 'processing_mode' selected.\n\nYaraprocessor was originally written for\n`Chopshop `_. Combined with Chopshop, it\nallows for dynamic scanning of payloads plucked from network packet capture.\nHistorically, signature based tools operate over the entire PCAP file. With\nChopshop and Yaraprocessor, YARA can be ran against individual packet payloads\nas well as a concatenation of some or all of the payloads. Ideally, this makes\nwriting signatures easier. Check out the Chopshop module `yarashop\n`_ to see it in action!\n\nDependencies\n------------\n\n- `Python 2.7 `_\n- `YARA `_\n- `YARA-python bindings `_\n\nInstallation\n------------\n\nSimply clone the repository via git:\n\n.. code-block:: bash\n\n $ git clone https://github.com/MITRECND/yaraprocessor.git\n\nOr download the latest release from our `github page\n`_.\n\nOnce you have the code, run the following command inside the\nYaraprocessor directory:\n\n.. code-block:: bash\n\n $ python setup.py install\n\nUsing it!\n---------\n\nWhile yaraprocessor was built for use with\n`Chopshop `_, it aims for simple\nand straightforward usage and integration with other tools. Simply\nimport yaraprocessor, instantiate a \"Processor\" object, and start\nanalyzing data.\n\n.. code-block:: python\n\n from yaraprocessor import Processor\n\n # Yara rules are passed as a list of filenames\n p = Processor(['/full/path/to/rules, relative/path/to/other/rules'])\n\n # By default, the processor will operate in 'raw' mode, meaning it\n # will scan whatever data you give it. Note that in 'raw' mode, you\n # are required to call 'analyze', which will return yara matches if\n # found.\n p.data = data\n results = p.analyze()\n\n # 'analyze' returns yara matches and also stores them in 'p.results'\n # for convenient access.\n if p.results:\n for match in p.results:\n print match\n\n # When operating in other processing modes, data will be continuously\n # buffered and automatically processed when the buffer fills. In these\n # modes, you don't have to ever call 'p.analyze'; instead simply check\n # for results.\n\n if p.results:\n for match in p.results:\n print match\n\nContributing\n------------\n\nWe love to hear from people using our tools and code. Feel free to discuss\nissues on our `issue tracker `_ and make pull requests!",
"description_content_type": null,
"docs_url": null,
"download_url": "UNKNOWN",
"downloads": {
"last_day": -1,
"last_month": -1,
"last_week": -1
},
"home_page": "https://github.com/MITRECND/yaraprocessor",
"keywords": null,
"license": "Copyright (c) 2013 The MITRE Corporation. All rights reserved.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions\nare met:\n1. Redistributions of source code must retain the above copyright\n notice, this list of conditions and the following disclaimer.\n2. Redistributions in binary form must reproduce the above copyright\n notice, this list of conditions and the following disclaimer in the\n documentation and/or other materials provided with the distribution.\n\nTHIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND\nANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE\nIMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE\nARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE\nFOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL\nDAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS\nOR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)\nHOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT\nLIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY\nOUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF\nSUCH DAMAGE.",
"maintainer": null,
"maintainer_email": null,
"name": "yaraprocessor",
"package_url": "https://pypi.org/project/yaraprocessor/",
"platform": "UNKNOWN",
"project_url": "https://pypi.org/project/yaraprocessor/",
"project_urls": {
"Download": "UNKNOWN",
"Homepage": "https://github.com/MITRECND/yaraprocessor"
},
"release_url": "https://pypi.org/project/yaraprocessor/1.1.0/",
"requires_dist": null,
"requires_python": null,
"summary": "Scan data streams with Yara using various algorithms.",
"version": "1.1.0"
},
"last_serial": 4094443,
"releases": {
"1.1.0": [
{
"comment_text": "",
"digests": {
"md5": "ca3116fad11b6fe48ff8eaf1bc056ab9",
"sha256": "b0f559b25058ab4c034e197adcae6632e3c8bf94dd23113d6743e90621147656"
},
"downloads": -1,
"filename": "yaraprocessor-1.1.0-py2-none-any.whl",
"has_sig": false,
"md5_digest": "ca3116fad11b6fe48ff8eaf1bc056ab9",
"packagetype": "bdist_wheel",
"python_version": "py2",
"requires_python": null,
"size": 10797,
"upload_time": "2016-01-14T20:25:54",
"url": "https://files.pythonhosted.org/packages/17/d4/516ab8b713bdc44153f7cde4f37a3d0f676ae17eaba3eebc83ed76db5809/yaraprocessor-1.1.0-py2-none-any.whl"
},
{
"comment_text": "",
"digests": {
"md5": "36b8ee793412064376c3874bd0d0be30",
"sha256": "23ea97e6dd8090092fc6c329d0d354fe47413b2c9c871918ea77da87ed05bba9"
},
"downloads": -1,
"filename": "yaraprocessor-1.1.0.tar.gz",
"has_sig": false,
"md5_digest": "36b8ee793412064376c3874bd0d0be30",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 6957,
"upload_time": "2016-01-14T20:25:59",
"url": "https://files.pythonhosted.org/packages/a0/30/8905acd268cdc4d288fd4f660766199f239faf13aa83dc874fe6941d10e6/yaraprocessor-1.1.0.tar.gz"
}
]
},
"urls": [
{
"comment_text": "",
"digests": {
"md5": "ca3116fad11b6fe48ff8eaf1bc056ab9",
"sha256": "b0f559b25058ab4c034e197adcae6632e3c8bf94dd23113d6743e90621147656"
},
"downloads": -1,
"filename": "yaraprocessor-1.1.0-py2-none-any.whl",
"has_sig": false,
"md5_digest": "ca3116fad11b6fe48ff8eaf1bc056ab9",
"packagetype": "bdist_wheel",
"python_version": "py2",
"requires_python": null,
"size": 10797,
"upload_time": "2016-01-14T20:25:54",
"url": "https://files.pythonhosted.org/packages/17/d4/516ab8b713bdc44153f7cde4f37a3d0f676ae17eaba3eebc83ed76db5809/yaraprocessor-1.1.0-py2-none-any.whl"
},
{
"comment_text": "",
"digests": {
"md5": "36b8ee793412064376c3874bd0d0be30",
"sha256": "23ea97e6dd8090092fc6c329d0d354fe47413b2c9c871918ea77da87ed05bba9"
},
"downloads": -1,
"filename": "yaraprocessor-1.1.0.tar.gz",
"has_sig": false,
"md5_digest": "36b8ee793412064376c3874bd0d0be30",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 6957,
"upload_time": "2016-01-14T20:25:59",
"url": "https://files.pythonhosted.org/packages/a0/30/8905acd268cdc4d288fd4f660766199f239faf13aa83dc874fe6941d10e6/yaraprocessor-1.1.0.tar.gz"
}
]
}