{ "info": { "author": "Chris Lee & Friends", "author_email": "python @ chrislee.dhs.org", "bugtrack_url": null, "classifiers": [ "Development Status :: 3 - Alpha", "License :: OSI Approved :: MIT License", "Topic :: Utilities" ], "description": "# Overview\n\nYaraTool was created to normalize yara signatures to format the signatures nicely, detect duplicates, and express a specific signature by hash (similar to how we express malware). The hashing method in this tool is the same as the Ruby Yara-Normalize module.\n\n# Normalizing a signature\n\nThe following snippet takes a signature, normalizes it, prints out the pieces of the rule, and provides the \"Yara Normalized\" hash. The YNHash is designed to identify yara signatures.\n\n import yaratool\n\n if __name__ == \"__main__\":\n ruletext = \"\"\"rule DebuggerCheck__API : AntiDebug DebuggerCheck {\n meta:\n author=\"Some dude or dudette\" \n weight = 1\n strings:\n $ =\"IsDebuggerPresent\"\n condition:\n any of them\n }\"\"\"\n yr = yaratool.YaraRule(ruletext)\n print yr.normalize()\n print \"Name: %s, Tags: %s, Author: %s\" % (yr.name, \"&\".join(yr.tags), yr.metas['author'])\n print \"Strings: \"\n for string in yr.strings:\n print \" %s\" % (string)\n print \"Condition: \"\n for condition in yr.condition:\n print \" %s\" % (condition)\n print yr.hash()\n\nOutputs\n\n rule DebuggerCheck__API : AntiDebug DebuggerCheck {\n meta:\n author = \"Some dude or dudette\"\n weight = 1\n strings:\n $ = \"IsDebuggerPresent\"\n condition:\n any of them\n }\n Name: DebuggerCheck__API, Tags: AntiDebug&DebuggerCheck, Author: \"Some dude or dudette\"\n Strings: \n $ = \"IsDebuggerPresent\"\n Condition: \n any of them\n yn01:d28d649e24c37244:d936fceffe\n\n# Detecting Duplicate Rules\n\nThe following code iterates through all the files specified on the command line and counts the number of rules and duplicate rules. It will display the normalized versions of any duplicate rules.\n\n import yaratool\n import sys\n\n if __name__ == \"__main__\":\n count = 0\n duplicates = 0\n drf = yaratool.DuplicateDetector()\n for filename in sys.argv[1:]:\n fh = open(filename, 'r')\n sigrules = fh.read()\n fh.close()\n rules = yaratool.split(sigrules)\n for rule in rules:\n ynhash = rule.hash()\n res = drf.check(rule)\n if res:\n duplicates += 1\n for r in res:\n print r.normalize()\n pass\n print rule.normalize()\n print\n count += len(rules)\n print \"Count: %d, Duplicates: %d\" % (count, duplicates)", "description_content_type": null, "docs_url": null, "download_url": "", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/chrislee35/yaratool", "keywords": "yara malware", "license": "BSD", "maintainer": "", "maintainer_email": "", "name": "yaratool", "package_url": "https://pypi.org/project/yaratool/", "platform": "UNKNOWN", "project_url": "https://pypi.org/project/yaratool/", "project_urls": { "Homepage": "https://github.com/chrislee35/yaratool" }, "release_url": "https://pypi.org/project/yaratool/0.0.7/", "requires_dist": null, "requires_python": "", "summary": "Python libary to normalize Yara signatures", "version": "0.0.7" }, "last_serial": 2894754, "releases": { "0.0.2": [ { "comment_text": "", "digests": { "md5": "13558a8092bdce0807776663411e8a98", "sha256": "59b0564ca3d90ce75f8cd902871256ae8fd892faeafd9a38aa6806f1c254c3e8" }, "downloads": -1, "filename": "yaratool-0.0.2-py2.7.egg", "has_sig": true, "md5_digest": "13558a8092bdce0807776663411e8a98", "packagetype": "bdist_egg", "python_version": "2.7", "requires_python": null, "size": 17291, "upload_time": "2012-10-30T23:55:41", "url": "https://files.pythonhosted.org/packages/ef/77/3c0f9d7f040f10528bb7fe4fee1f962dc81f0454a6d45854088442414194/yaratool-0.0.2-py2.7.egg" }, { "comment_text": "", "digests": { "md5": "7093505b201415e0d850586cc60ac1c1", "sha256": "28a1bc4b1fb383babf8f0952e6d6a27d5f97ab0cd068cb0f510b2389a0b4c3c3" }, "downloads": -1, "filename": "yaratool-0.0.2.tar.gz", "has_sig": true, "md5_digest": "7093505b201415e0d850586cc60ac1c1", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 5919, "upload_time": "2012-10-30T23:55:58", "url": "https://files.pythonhosted.org/packages/76/21/25e8a9e3b7e3258224922cff4d8034258009db7c59786e5d94002c3423ab/yaratool-0.0.2.tar.gz" } ], "0.0.3": [ { "comment_text": "", "digests": { "md5": "ad300b1f42da5b372a0c5d5a058c2bac", "sha256": "69d8e16cef69d0a2e4c9a1c46dcf6d9ab27cdde800cc93d68fc30c0b264f2176" }, "downloads": -1, "filename": "yaratool-0.0.3-py2.7.egg", "has_sig": true, "md5_digest": "ad300b1f42da5b372a0c5d5a058c2bac", "packagetype": "bdist_egg", "python_version": "2.7", "requires_python": null, "size": 17297, "upload_time": "2012-10-31T01:20:12", "url": "https://files.pythonhosted.org/packages/c8/36/c20f21602dbd1264668d8b667b1e2579b42d78bfebe42bceb34f0e86ce01/yaratool-0.0.3-py2.7.egg" }, { "comment_text": "", "digests": { "md5": "12801ef7f04057ddb9bff11838ffe5d4", "sha256": "7fcdff06553f16adb5e1f6dbe72a5af4eba7a8e6ccdd437fc978182324e66b12" }, "downloads": -1, "filename": "yaratool-0.0.3.tar.gz", "has_sig": true, "md5_digest": "12801ef7f04057ddb9bff11838ffe5d4", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 6138, "upload_time": "2012-10-31T01:20:02", "url": "https://files.pythonhosted.org/packages/2f/ea/5f3395a974cf87e6f3616060c278cce47373f511db8908baa05ecde11426/yaratool-0.0.3.tar.gz" } ], "0.0.4": [ { "comment_text": "", "digests": { "md5": "c02b00d3bc1de91fb8c3598e8975c263", "sha256": "d41c4ae0731c10dc7b41e76d190167388801093fb00485f8e35f54be85dd21ad" }, "downloads": -1, "filename": "yaratool-0.0.4-py2.7.egg", "has_sig": true, "md5_digest": "c02b00d3bc1de91fb8c3598e8975c263", "packagetype": "bdist_egg", "python_version": "2.7", "requires_python": null, "size": 17297, "upload_time": "2012-10-31T01:21:41", "url": "https://files.pythonhosted.org/packages/2c/81/2ed61d34bfd257d2903bd06a5072f74937384c49a821510a1ed125fabfeb/yaratool-0.0.4-py2.7.egg" }, { "comment_text": "", "digests": { "md5": "40f353eed5a4041dd611df2acc1a6204", "sha256": "312e1761234511019e6bbe170cffc49a0e72bdbfdbc5cbc93833f7eaca804018" }, "downloads": -1, "filename": "yaratool-0.0.4.tar.gz", "has_sig": true, "md5_digest": "40f353eed5a4041dd611df2acc1a6204", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 6133, "upload_time": "2012-10-31T01:23:19", "url": "https://files.pythonhosted.org/packages/bb/a6/8dd798e087098490c4992b63b388cae0da9ade5d9a754a137d849b34044c/yaratool-0.0.4.tar.gz" } ], "0.0.5": [ { "comment_text": "", "digests": { "md5": "14ff247addef7ddceb5ab1fa9471d9ab", "sha256": "9ff83dcb936c84e5f860db4f1df2f019be1c403278afc550b7ad750cf4cc85a9" }, "downloads": -1, "filename": "yaratool-0.0.5-py2.7.egg", "has_sig": true, "md5_digest": "14ff247addef7ddceb5ab1fa9471d9ab", "packagetype": "bdist_egg", "python_version": "2.7", "requires_python": null, "size": 18075, "upload_time": "2012-10-31T02:03:16", "url": "https://files.pythonhosted.org/packages/96/2b/d87bde509cd59a73193b0b7d4ba210003ff40bbe3951f097290bb23f5ccd/yaratool-0.0.5-py2.7.egg" }, { "comment_text": "", "digests": { "md5": "4434cdffa1a5376cd04793063e150276", "sha256": "ba259b021215e627a28dd04b41f72e5b0081c7599e4378fafa2bb228ecd7c53f" }, "downloads": -1, "filename": "yaratool-0.0.5.tar.gz", "has_sig": true, "md5_digest": "4434cdffa1a5376cd04793063e150276", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 6452, "upload_time": "2012-10-31T02:03:07", "url": "https://files.pythonhosted.org/packages/61/5b/c66b8038843aaf234b67c5f274655e224aa3a8bb1f749f95ceaaad1e6961/yaratool-0.0.5.tar.gz" } ], "0.0.6": [ { "comment_text": "", "digests": { "md5": "7841b206d8a263703f661303f3bfbabe", "sha256": "32b355ad71f723b48795f906f92c66e17048bcd0a954032f969e23c805723e45" }, "downloads": -1, "filename": "yaratool-0.0.6-py2-none-any.whl", "has_sig": false, "md5_digest": "7841b206d8a263703f661303f3bfbabe", "packagetype": "bdist_wheel", "python_version": "py2", "requires_python": null, "size": 8249, "upload_time": "2017-05-23T21:08:22", "url": "https://files.pythonhosted.org/packages/7c/d2/7d16ed93d5f2cc350bb810aaad1a6aa0361037ab6ec39a13e8383ea912d6/yaratool-0.0.6-py2-none-any.whl" }, { "comment_text": "", "digests": { "md5": "17b7d3a481b7ca744e2495f2924164b8", "sha256": "36967298fc5c74cb9f6f8ff0ee4f84bb0a8390a92f23fe220542d40be1e72cf2" }, "downloads": -1, "filename": "yaratool-0.0.6-py3-none-any.whl", "has_sig": false, "md5_digest": "17b7d3a481b7ca744e2495f2924164b8", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": null, "size": 8249, "upload_time": "2017-05-23T21:08:29", "url": "https://files.pythonhosted.org/packages/2c/ca/040953ba0c094159de7e0f9115a0b17c042fc1bb7f6e6286ea57078edf7d/yaratool-0.0.6-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "e3555ed2922c75b5cddaa323945d1151", "sha256": "6b8f30f109f771605759039a1e97617782ddb374692b530be4133de87e51b0cf" }, "downloads": -1, "filename": "yaratool-0.0.6.tar.gz", "has_sig": false, "md5_digest": "e3555ed2922c75b5cddaa323945d1151", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 6183, "upload_time": "2017-05-23T21:07:57", "url": "https://files.pythonhosted.org/packages/77/1e/8632950fe832eef5febeb9fad0930524d3d863c1c8b94a18b5b18bb9decb/yaratool-0.0.6.tar.gz" } ], "0.0.7": [ { "comment_text": "", "digests": { "md5": "9b5163e971bbbc13328ab8649181ba0f", "sha256": "f69856083ffe9655ec27d1992c7a3732e1ab836d55705093fbcf50fca8a81e3a" }, "downloads": -1, "filename": "yaratool-0.0.7-py2-none-any.whl", "has_sig": false, "md5_digest": "9b5163e971bbbc13328ab8649181ba0f", "packagetype": "bdist_wheel", "python_version": "py2", "requires_python": null, "size": 8461, "upload_time": "2017-05-24T01:49:56", "url": "https://files.pythonhosted.org/packages/d7/bf/4789f5e2b78f51a829a5fcb876986fe860f70da397ba6fa5b2651a2e39b1/yaratool-0.0.7-py2-none-any.whl" }, { "comment_text": "", "digests": { "md5": "204bf7fd18cf8719a4b4a8cbf443e58b", "sha256": "0b3a193885821258ca39fdce175551d3089652781fb410178e9e47a7b220e4ed" }, "downloads": -1, "filename": "yaratool-0.0.7-py3-none-any.whl", "has_sig": false, "md5_digest": "204bf7fd18cf8719a4b4a8cbf443e58b", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": null, "size": 8463, "upload_time": "2017-05-24T01:50:20", "url": "https://files.pythonhosted.org/packages/cd/7c/d1fa1d7bbe9849b1111897a5e3c09a74daa5fb4fc2dcca78026407347761/yaratool-0.0.7-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "8de4c3abf436d4b5ac038327e9191bae", "sha256": "0b550d521d9fcc57eabc630fde5db8eb4e8fd3bae15566e3974bf08f1e9e1fca" }, "downloads": -1, "filename": "yaratool-0.0.7.tar.gz", "has_sig": false, "md5_digest": "8de4c3abf436d4b5ac038327e9191bae", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 6392, "upload_time": "2017-05-24T01:49:48", "url": "https://files.pythonhosted.org/packages/c2/1a/5b0791feade084923ceb778681010a26a4133339c622153c076b8f8c4044/yaratool-0.0.7.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "9b5163e971bbbc13328ab8649181ba0f", "sha256": "f69856083ffe9655ec27d1992c7a3732e1ab836d55705093fbcf50fca8a81e3a" }, "downloads": -1, "filename": "yaratool-0.0.7-py2-none-any.whl", "has_sig": false, "md5_digest": "9b5163e971bbbc13328ab8649181ba0f", "packagetype": "bdist_wheel", "python_version": "py2", "requires_python": null, "size": 8461, "upload_time": "2017-05-24T01:49:56", "url": "https://files.pythonhosted.org/packages/d7/bf/4789f5e2b78f51a829a5fcb876986fe860f70da397ba6fa5b2651a2e39b1/yaratool-0.0.7-py2-none-any.whl" }, { "comment_text": "", "digests": { "md5": "204bf7fd18cf8719a4b4a8cbf443e58b", "sha256": "0b3a193885821258ca39fdce175551d3089652781fb410178e9e47a7b220e4ed" }, "downloads": -1, "filename": "yaratool-0.0.7-py3-none-any.whl", "has_sig": false, "md5_digest": "204bf7fd18cf8719a4b4a8cbf443e58b", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": null, "size": 8463, "upload_time": "2017-05-24T01:50:20", "url": "https://files.pythonhosted.org/packages/cd/7c/d1fa1d7bbe9849b1111897a5e3c09a74daa5fb4fc2dcca78026407347761/yaratool-0.0.7-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "8de4c3abf436d4b5ac038327e9191bae", "sha256": "0b550d521d9fcc57eabc630fde5db8eb4e8fd3bae15566e3974bf08f1e9e1fca" }, "downloads": -1, "filename": "yaratool-0.0.7.tar.gz", "has_sig": false, "md5_digest": "8de4c3abf436d4b5ac038327e9191bae", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 6392, "upload_time": "2017-05-24T01:49:48", "url": "https://files.pythonhosted.org/packages/c2/1a/5b0791feade084923ceb778681010a26a4133339c622153c076b8f8c4044/yaratool-0.0.7.tar.gz" } ] }