YARA Package Description
With YARA you can create descriptions of malware families based on textual or binary patterns contained on samples of those families. Each description consists of a set of strings and a boolean expression which determines its logic. This package contains the command-line interface.
Source: http://plusvic.github.io/yara/
YARA Homepage | Kali YARA Repo
- Author: Victor M. Alvarez
- License: Apache-2.0
Tools included in the yara package
yara – Tool to identify and classify malware samples
root@kali:~# yara
usage: yara [OPTION]... [RULEFILE]... FILE | PID
options:
-t <tag> print rules tagged as <tag> and ignore the rest. Can be used more than once.
-i <identifier> print rules named <identifier> and ignore the rest. Can be used more than once.
-n print only not satisfied rules (negate).
-g print tags.
-m print metadata.
-s print matching strings.
-l <number> abort scanning after a <number> of rules matched.
-d <identifier>=<value> define external variable.
-r recursively search directories.
-f fast matching mode.
-v show version information.
Report bugs to: <vmalvarez@virustotal.com>
usage: yara [OPTION]... [RULEFILE]... FILE | PID
options:
-t <tag> print rules tagged as <tag> and ignore the rest. Can be used more than once.
-i <identifier> print rules named <identifier> and ignore the rest. Can be used more than once.
-n print only not satisfied rules (negate).
-g print tags.
-m print metadata.
-s print matching strings.
-l <number> abort scanning after a <number> of rules matched.
-d <identifier>=<value> define external variable.
-r recursively search directories.
-f fast matching mode.
-v show version information.
Report bugs to: <vmalvarez@virustotal.com>
yara Usage Example
root@kali:~# coming soon