## Intro
Package I am working on to be used in parsing Yara rules into their individual components. Package may also contain utilities or extra features I develop for working with Yara rules over time.
## Usage
```python
pip install YaraParser
```
## Single Parser
```python
from YaraParser import SingleParser
test = """
/*
This Yara ruleset is under the GNU-GPLv2 license (http://www.gnu.org/licenses/gpl-2.0.html) and open to any user or organization, as long as you use it under this license.
*/
rule Big_Numbers0
{
meta:
author = "_pusher_"
description = "Looks for big numbers 20:sized"
date = "2016-07"
strings:
$c0 = /[0-9a-fA-F]{20}/ fullword ascii
condition:
$c0
}
"""
parser = SingleParser(test)
parser.get_rule_name()
parser.get_rule_strings()
parser.rule_text
```
```
Big_Numbers0
strings:
$c0 = /[0-9a-fA-F]{20}/ fullword ascii
rule Big_Numbers0
{
meta:
author = "_pusher_"
description = "Looks for big numbers 20:sized"
date = "2016-07"
strings:
$c0 = /[0-9a-fA-F]{20}/ fullword ascii
condition:
$c0
}
```
## MultiParser
```python
from YaraParser import MultiParser
test = """
/*
This Yara ruleset is under the GNU-GPLv2 license (http://www.gnu.org/licenses/gpl-2.0.html) and open to any user or organization, as long as you use it under this license.
*/
rule Big_Numbers0
{
meta:
author = "_pusher_"
description = "Looks for big numbers 20:sized"
date = "2016-07"
strings:
$c0 = /[0-9a-fA-F]{20}/ fullword ascii
condition:
$c0
}
rule Big_Numbers5
{
meta:
author = "_pusher_"
description = "Looks for big numbers 256:sized"
date = "2016-08"
strings:
$c0 = /[0-9a-fA-F]{256}/ fullword wide ascii
condition:
$c0
}
"""
parser = MultiParser(test)
rules = parser.get_rules_dict()
for k,v in rules.items():
v['rule_name']
v['rule_logic_hash']
```
```
Big_Numbers0
cc15c2fe1e9d195ce446c522991f04a9dee858e9752b385473d82c85b5826051
Big_Numbers5
f140e1cdead43088563c392c34604fe8d1f5cb387db78e93049faa91cd4f2941
```
Raw data
{
"_id": null,
"home_page": "https://www.github.com/jrbrawner/YaraParser",
"name": "YaraParser",
"maintainer": "",
"docs_url": null,
"requires_python": "",
"maintainer_email": "",
"keywords": "yara parser",
"author": "Joshua Brawner",
"author_email": "jrbbrawner@gmail.com",
"download_url": "https://files.pythonhosted.org/packages/55/eb/d943a94391884751b21594ec7ba4e4b539d92c042150083db1a83810cbe4/YaraParser-0.0.7.tar.gz",
"platform": null,
"description": "## Intro\r\nPackage I am working on to be used in parsing Yara rules into their individual components. Package may also contain utilities or extra features I develop for working with Yara rules over time.\r\n## Usage\r\n\r\n```python\r\npip install YaraParser\r\n```\r\n## Single Parser\r\n```python\r\nfrom YaraParser import SingleParser\r\n\r\ntest = \"\"\"\r\n/*\r\n This Yara ruleset is under the GNU-GPLv2 license (http://www.gnu.org/licenses/gpl-2.0.html) and open to any user or organization, as long as you use it under this license.\r\n*/\r\nrule Big_Numbers0\r\n{\r\n\tmeta:\r\n\t\tauthor = \"_pusher_\"\r\n\t\tdescription = \"Looks for big numbers 20:sized\"\r\n\t\tdate = \"2016-07\"\r\n\tstrings:\r\n\t\t$c0 = /[0-9a-fA-F]{20}/ fullword ascii\r\n\tcondition:\r\n\t\t$c0\r\n}\r\n\"\"\"\r\n\r\nparser = SingleParser(test)\r\n\r\nparser.get_rule_name()\r\nparser.get_rule_strings()\r\nparser.rule_text\r\n```\r\n```\r\nBig_Numbers0\r\nstrings:\r\n $c0 = /[0-9a-fA-F]{20}/ fullword ascii\r\nrule Big_Numbers0\r\n{\r\n meta:\r\n author = \"_pusher_\"\r\n description = \"Looks for big numbers 20:sized\"\r\n date = \"2016-07\"\r\n\r\n strings:\r\n $c0 = /[0-9a-fA-F]{20}/ fullword ascii\r\n\r\n condition:\r\n $c0\r\n}\r\n```\r\n## MultiParser\r\n```python\r\nfrom YaraParser import MultiParser\r\n\r\ntest = \"\"\"\r\n/*\r\n This Yara ruleset is under the GNU-GPLv2 license (http://www.gnu.org/licenses/gpl-2.0.html) and open to any user or organization, as long as you use it under this license.\r\n*/\r\nrule Big_Numbers0\r\n{\r\n\tmeta:\r\n\t\tauthor = \"_pusher_\"\r\n\t\tdescription = \"Looks for big numbers 20:sized\"\r\n\t\tdate = \"2016-07\"\r\n\tstrings:\r\n\t\t$c0 = /[0-9a-fA-F]{20}/ fullword ascii\r\n\tcondition:\r\n\t\t$c0\r\n}\r\n\r\nrule Big_Numbers5\r\n{\r\n\tmeta:\r\n\t\tauthor = \"_pusher_\"\r\n\t\tdescription = \"Looks for big numbers 256:sized\"\r\n\t\tdate = \"2016-08\"\r\n\tstrings:\r\n \t$c0 = /[0-9a-fA-F]{256}/ fullword wide ascii\r\n\tcondition:\r\n\t\t$c0\r\n}\r\n\"\"\"\r\n\r\nparser = MultiParser(test)\r\n\r\nrules = parser.get_rules_dict()\r\n\r\nfor k,v in rules.items():\r\n v['rule_name']\r\n v['rule_logic_hash']\r\n \r\n```\r\n```\r\nBig_Numbers0\r\ncc15c2fe1e9d195ce446c522991f04a9dee858e9752b385473d82c85b5826051\r\nBig_Numbers5\r\nf140e1cdead43088563c392c34604fe8d1f5cb387db78e93049faa91cd4f2941\r\n```\r\n",
"bugtrack_url": null,
"license": "Apache Software License",
"summary": "Parse and easily work with Yara rules.",
"version": "0.0.7",
"split_keywords": [
"yara",
"parser"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "55ebd943a94391884751b21594ec7ba4e4b539d92c042150083db1a83810cbe4",
"md5": "2d7dfee69e936994b5d1e04fe282d04b",
"sha256": "3967914dd5d63bc53e8383c86ace3fbded171aa8f57146337aa71c362639507c"
},
"downloads": -1,
"filename": "YaraParser-0.0.7.tar.gz",
"has_sig": false,
"md5_digest": "2d7dfee69e936994b5d1e04fe282d04b",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 7956,
"upload_time": "2023-01-31T18:36:38",
"upload_time_iso_8601": "2023-01-31T18:36:38.892080Z",
"url": "https://files.pythonhosted.org/packages/55/eb/d943a94391884751b21594ec7ba4e4b539d92c042150083db1a83810cbe4/YaraParser-0.0.7.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2023-01-31 18:36:38",
"github": true,
"gitlab": false,
"bitbucket": false,
"github_user": "jrbrawner",
"github_project": "YaraParser",
"travis_ci": false,
"coveralls": false,
"github_actions": false,
"requirements": [],
"lcname": "yaraparser"
}
JSON
