YARA Package Description

With YARA you can create descriptions of malware families based on textual or binary patterns contained on samples of those families. Each description consists of a set of strings and a boolean expression which determines its logic. This package contains the command-line interface.

Source: https://github.com/virustotal/yara
YARA Homepage | Kali YARA Repo

  • Author: Google Inc., Hilko Bengen, Joachim Metz, Stefan Buehlmann, Victor M. Alvarez and Wesley Shields
  • License: BSD 3-Clause

Tools included in the yara package

yara – Tool to identify and classify malware samples
root@kali:~# yara --help
YARA 3.8.1, the pattern matching swiss army knife.
Usage: yara [OPTION]... [NAMESPACE:]RULES_FILE... FILE | DIR | PID

Mandatory arguments to long options are mandatory for short options too.

       --atom-quality-table=FILE        path to a file with the atom quality table
  -c,  --count                          print only number of matches
  -d,  --define=VAR=VALUE               define external variable
       --fail-on-warnings               fail on warnings
  -f,  --fast-scan                      fast matching mode
  -h,  --help                           show this help and exit
  -i,  --identifier=IDENTIFIER          print only rules named IDENTIFIER
  -l,  --max-rules=NUMBER               abort scanning after matching a NUMBER of rules
       --max-strings-per-rule=NUMBER    set maximum number of strings per rule (default=10000)
  -x,  --module-data=MODULE=FILE        pass FILE's content as extra data to MODULE
  -n,  --negate                         print only not satisfied rules (negate)
  -w,  --no-warnings                    disable warnings
  -m,  --print-meta                     print metadata
  -D,  --print-module-data              print module data
  -e,  --print-namespace                print rules' namespace
  -S,  --print-stats                    print rules' statistics
  -s,  --print-strings                  print matching strings
  -L,  --print-string-length            print length of matched strings
  -g,  --print-tags                     print tags
  -r,  --recursive                      recursively search directories
  -k,  --stack-size=SLOTS               set maximum stack size (default=16384)
  -t,  --tag=TAG                        print only rules tagged as TAG
  -p,  --threads=NUMBER                 use the specified NUMBER of threads to scan a directory
  -a,  --timeout=SECONDS                abort scanning after the given number of SECONDS
  -v,  --version                        show version information

Send bug reports and suggestions to: vmalvarez@virustotal.com.

yara Usage Example

root@kali:~# coming soon
Menu