gamma-scanner


Namegamma-scanner JSON
Version 1.0.6 PyPI version JSON
download
home_pagehttps://github.com/gammascanner/gamma-scanner
SummaryAdvanced string manipulation and pattern matching engine with unique DSL syntax
upload_time2025-08-24 16:50:15
maintainerNone
docs_urlNone
authorHarish Santhanalakshmi Ganesan
requires_python>=3.8
licenseNone
keywords security pattern-matching dsl text-analysis malware-detection
VCS
bugtrack_url
requirements No requirements were recorded.
Travis-CI No Travis.
coveralls test coverage No coveralls. 
            # Gamma Scanner

Advanced string manipulation and pattern matching engine with a completely unique DSL syntax. **Very effective for detecting prompt injection and jailbreak attempts** in AI systems and user inputs.

## Installation

```bash
pip install gamma-scanner
```

## Quick Start

```bash
# Run the CLI
gamma-scanner --help

# Or use the short command
gamma --help

# Interactive mode
gamma interactive

# Scan files for threats
gamma scan rules.gamma target_file.txt --alert

# Show examples
gamma examples
```

## Unique DSL Syntax

Gamma Scanner features a completely original DSL syntax using unique keywords and natural flow operators. The syntax is intuitive and easy to use for comprehensive pattern matching.

### Basic Rule Structure

```gamma
HUNT RuleName:
    CONDITION:
        "literal_text"
```

### Advanced Rule Structure

```gamma
HUNT SQLInjection:
    LOOK FOR:
        sqli_pattern ~ text "' OR '1'='1" IGNORE case
        union_attack ~ text "UNION SELECT" IGNORE case
    WHEN:
        file HAS sqli_pattern EITHER content HOLDS union_attack
    THEN:
        ALERT "SQL injection detected!" with high_priority
```

## Complete DSL Reference

### Keywords

#### Primary Keywords
- **HUNT** - Defines a detection rule
- **SCAN** - Alternative to HUNT
- **FIND** - Alternative to HUNT  
- **SEEK** - Alternative to HUNT

#### Section Keywords
- **CONDITION** - Simple condition block
- **LOOK FOR** - Pattern definition section
- **WHEN** - Conditional logic section
- **THEN** - Action section
- **meta** - Metadata section

#### Logical Operators
- **ALSO** - Logical AND
- **EITHER** - Logical OR
- **UNLESS** - Logical NOT
- **HAS** - Contains check
- **HOLDS** - Alternative to HAS

#### Pattern Types
- **text** - Text pattern matching
- **regex** - Regular expression matching
- **hex** - Hexadecimal pattern matching
- **base64** - Base64 encoded patterns

#### Modifiers
- **IGNORE case** - Case-insensitive matching
- **WHOLE word** - Word boundary matching
- **ASCII** - ASCII encoding
- **WIDE** - Wide character encoding

### Operators

- **~** - Pattern assignment operator
- **->** - Flow operator
- **=** - Equality operator
- **!=** - Inequality operator
- **>** - Greater than
- **<** - Less than
- **>=** - Greater than or equal
- **<=** - Less than or equal

### Built-in Functions

#### String Functions
- `length(string)` - Get string length
- `upper(string)` - Convert to uppercase
- `lower(string)` - Convert to lowercase
- `substr(string, start, length)` - Extract substring
- `replace(string, old, new)` - Replace text

#### Encoding Functions
- `base64_encode(data)` - Base64 encode
- `base64_decode(data)` - Base64 decode
- `url_encode(data)` - URL encode
- `url_decode(data)` - URL decode
- `hex_encode(data)` - Hexadecimal encode
- `hex_decode(data)` - Hexadecimal decode

#### Hash Functions
- `md5(data)` - MD5 hash
- `sha1(data)` - SHA1 hash
- `sha256(data)` - SHA256 hash

#### Analysis Functions
- `entropy(data)` - Calculate entropy
- `regex_match(pattern, text)` - Regex matching
- `contains(text, substring)` - Substring check

## Syntax Examples

### 1. Simple Literal Matching

```gamma
HUNT PasswordDetection:
    CONDITION:
        "password"
```

### 2. Case-Insensitive Pattern

```gamma
HUNT MalwareDetection:
    LOOK FOR:
        malware_sig ~ text "malicious" IGNORE case
    WHEN:
        content HAS malware_sig
    THEN:
        ALERT "Malware detected!"
```

### 3. Multiple Patterns with Logic

```gamma
HUNT SQLInjection:
    LOOK FOR:
        sqli1 ~ text "' OR 1=1" IGNORE case
        sqli2 ~ text "UNION SELECT" IGNORE case
        sqli3 ~ text "DROP TABLE" IGNORE case
    WHEN:
        content HAS sqli1 EITHER content HAS sqli2 EITHER content HAS sqli3
    THEN:
        ALERT "SQL injection attempt detected!"
```

### 4. Regex Pattern Matching

```gamma
HUNT EmailExtraction:
    LOOK FOR:
        email_pattern ~ regex "[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}"
    WHEN:
        content HAS email_pattern
    THEN:
        REPORT "Email found" -> security_team
```

### 5. Hexadecimal Pattern Detection

```gamma
HUNT ExecutableSignature:
    LOOK FOR:
        pe_header ~ hex "4D 5A 90 00"
        elf_header ~ hex "7F 45 4C 46"
    WHEN:
        file HAS pe_header EITHER file HAS elf_header
    THEN:
        ALERT "Executable file detected!"
```

### 6. Complex Conditional Logic

```gamma
HUNT AdvancedThreat:
    LOOK FOR:
        cmd_inject ~ text "cmd.exe" IGNORE case
        powershell ~ text "powershell" IGNORE case
        base64_data ~ regex "[A-Za-z0-9+/=]{20,}"
    WHEN:
        (content HAS cmd_inject EITHER content HAS powershell) 
        ALSO content HAS base64_data 
        ALSO length(content) > 1000
    THEN:
        ALERT "Advanced threat detected!" with critical_priority
        REPORT to incident_response
```

### 7. Built-in Function Usage

```gamma
HUNT EncodedContent:
    LOOK FOR:
        suspicious_b64 ~ text base64_decode($content)
    WHEN:
        entropy($content) > 6.0 
        ALSO length($content) > 100
        ALSO contains(suspicious_b64, "malware")
    THEN:
        ALERT "Encoded malicious content!"
```

### 8. Metadata Section

```gamma
HUNT WebShellDetection:
    meta:
        author = "Security Team"
        description = "Detects common web shell patterns"
        version = "1.2"
        category = "web_security"
        reference = "https://owasp.org/webshells"
        created = "2024-01-01"
        
    LOOK FOR:
        php_shell ~ text "<?php system($_GET"
        asp_shell ~ text "<%eval request"
        jsp_shell ~ text "<%Runtime.getRuntime().exec"
        
    WHEN:
        content HAS php_shell EITHER content HAS asp_shell EITHER content HAS jsp_shell
        
    THEN:
        ALERT "Web shell detected!" with high_priority
        REPORT to security_team
        QUARANTINE file
```

### 9. File Analysis Patterns

```gamma
HUNT SensitiveDataLeak:
    LOOK FOR:
        ssn_pattern ~ regex "\b\d{3}-\d{2}-\d{4}\b"
        cc_pattern ~ regex "\b\d{4}[-\s]?\d{4}[-\s]?\d{4}[-\s]?\d{4}\b"
        api_key ~ regex "[Aa][Pp][Ii]_?[Kk][Ee][Yy].*[A-Za-z0-9]{32,}"
        
    WHEN:
        content HAS ssn_pattern 
        EITHER content HAS cc_pattern 
        EITHER content HAS api_key
        
    THEN:
        ALERT "Sensitive data exposure!" with critical_priority
        CLASSIFY as "PII_LEAK"
        NOTIFY compliance_team
```

### 10. Network Security Patterns

```gamma
HUNT NetworkThreat:
    LOOK FOR:
        ip_pattern ~ regex "\b(?:\d{1,3}\.){3}\d{1,3}\b"
        port_scan ~ text "nmap"
        reverse_shell ~ text "/bin/sh"
        
    WHEN:
        content HAS ip_pattern 
        ALSO (content HAS port_scan EITHER content HAS reverse_shell)
        ALSO length(content) > 50
        
    THEN:
        ALERT "Network threat detected!"
        BLOCK source_ip
        LOG to security_events
```

## Command Line Usage

### Scanning Commands

```bash
# Basic file scanning
gamma scan rules.gamma target_file.txt

# Directory scanning with alerts
gamma scan malware_rules.gamma /suspicious/directory --alert --recursive

# Verbose output with reporting
gamma scan security_rules.gamma logs/ --verbose --report --output results.json

# Hunt for specific threats
gamma hunt apt_rules.gamma network_logs/ --alert
```

### Rule Development

```bash
# Validate rule syntax
gamma validate my_rules.gamma

# Test rules against sample data
gamma test rules.gamma --input test_data.txt

# Compile rules and check syntax
gamma compile advanced_rules.gamma --check-syntax

# Interactive rule development
gamma interactive
```

### Analysis Commands

```bash
# Comprehensive file analysis
gamma analyze document.txt --threats --pii --secrets

# Performance benchmarking
gamma benchmark rules.gamma dataset/ --iterations 100

# Show built-in examples
gamma examples
```

## Python API

### Basic Usage

```python
from gamma_scanner import GammaScanner

# Initialize scanner
scanner = GammaScanner()

# Simple rule compilation and matching
rule = '''
HUNT TestPattern:
    CONDITION:
        "malware"
'''

success = scanner.compile_rule(rule)
if success:
    results = scanner.match("This file contains malware")
    print(f"Matches found: {len(results)}")
```

### Advanced API Usage

```python
from gamma_scanner import GammaScanner
import json

scanner = GammaScanner()

# Load rules from file
compiled_rules = scanner.load_rules_from_file("security_rules.gamma")
print(f"Loaded {len(compiled_rules)} rules")

# Analyze content
content = "Suspicious content with potential threats"
matches = scanner.match(content)

# Process results
for match in matches:
    print(f"Rule: {match['rule_name']}")
    print(f"Match details: {json.dumps(match, indent=2)}")

# Access compiled rules
for rule_name, rule_obj in scanner.compiled_rules.items():
    print(f"Rule {rule_name}: {rule_obj.name}")
```

### Batch Processing

```python
from gamma_scanner import GammaScanner
import os

scanner = GammaScanner()
scanner.load_rules_from_file("comprehensive_rules.gamma")

# Process multiple files
results = []
for root, dirs, files in os.walk("/target/directory"):
    for file in files:
        file_path = os.path.join(root, file)
        try:
            with open(file_path, 'r', encoding='utf-8', errors='ignore') as f:
                content = f.read()
            
            matches = scanner.match(content)
            if matches:
                results.append({
                    'file': file_path,
                    'matches': len(matches),
                    'details': matches
                })
        except Exception as e:
            print(f"Error processing {file_path}: {e}")

print(f"Found threats in {len(results)} files")
```

## Features

- **Unique DSL**: Completely original syntax with natural language keywords and flow operators
- **Natural Keywords**: Uses intuitive keywords like HUNT, SCAN, LOOK FOR, WHEN, ALSO, EITHER, UNLESS
- **Security Focus**: Built-in patterns for common security threats and vulnerabilities
- **High Performance**: Optimized execution engine with rule compilation and caching
- **Comprehensive CLI**: Full-featured command-line interface with multiple scanning modes
- **Pattern Library**: Extensible pattern matching with regex, hex, and text patterns
- **Built-in Functions**: Rich set of string manipulation, encoding, and analysis functions
- **Metadata Support**: Rule documentation and organization with metadata sections
- **Flexible Output**: JSON, XML, and custom report formats
- **Interactive Mode**: Real-time rule testing and development environment

## Performance

Gamma Scanner is designed for high-performance pattern matching:

- **Rule Compilation**: Rules are compiled once and cached for repeated use
- **Parallel Processing**: Multi-threaded scanning for large datasets  
- **Memory Efficient**: Streaming processing for large files
- **Optimized Matching**: Advanced pattern matching algorithms
- **Benchmark Tools**: Built-in performance measurement and optimization

## Best Practices

### Rule Organization

```gamma
# Use descriptive rule names
HUNT WebShellPHPVariant1:
    meta:
        category = "web_security"
        severity = "high"
        
    CONDITION:
        "<?php system($_GET"
```

### Pattern Efficiency

```gamma
# Combine related patterns for better performance
HUNT SQLInjectionPatterns:
    LOOK FOR:
        union_select ~ text "UNION SELECT" IGNORE case
        or_1_equals_1 ~ text "' OR '1'='1" IGNORE case
        drop_table ~ text "DROP TABLE" IGNORE case
        
    WHEN:
        content HAS union_select EITHER content HAS or_1_equals_1 EITHER content HAS drop_table
```

### Error Handling

```gamma
# Use metadata for rule documentation
HUNT DatabaseThreats:
    meta:
        description = "Detects database-related security threats"
        false_positives = "May trigger on legitimate SQL documentation"
        mitigation = "Review context before taking action"
```

## License

MIT License - see LICENSE file for details.

## Contributing

Contributions are welcome! Please read our contributing guidelines and submit pull requests for any improvements.

## Support

For questions, issues, or feature requests, please visit our GitHub repository or contact the development team.

Raw data

            {
    "_id": null,
    "home_page": "https://github.com/gammascanner/gamma-scanner",
    "name": "gamma-scanner",
    "maintainer": null,
    "docs_url": null,
    "requires_python": ">=3.8",
    "maintainer_email": "Harish Santhanalakshmi Ganesan <harishsg99@gmail.com>",
    "keywords": "security, pattern-matching, dsl, text-analysis, malware-detection",
    "author": "Harish Santhanalakshmi Ganesan",
    "author_email": "Harish Santhanalakshmi Ganesan <harishsg99@gmail.com>",
    "download_url": "https://files.pythonhosted.org/packages/9c/fa/c3e1768ba09f23b1e54869c4b618b5da2862c82ba057ac3b81636b098d06/gamma_scanner-1.0.6.tar.gz",
    "platform": null,
    "description": "# Gamma Scanner\n\nAdvanced string manipulation and pattern matching engine with a completely unique DSL syntax. **Very effective for detecting prompt injection and jailbreak attempts** in AI systems and user inputs.\n\n## Installation\n\n```bash\npip install gamma-scanner\n```\n\n## Quick Start\n\n```bash\n# Run the CLI\ngamma-scanner --help\n\n# Or use the short command\ngamma --help\n\n# Interactive mode\ngamma interactive\n\n# Scan files for threats\ngamma scan rules.gamma target_file.txt --alert\n\n# Show examples\ngamma examples\n```\n\n## Unique DSL Syntax\n\nGamma Scanner features a completely original DSL syntax using unique keywords and natural flow operators. The syntax is intuitive and easy to use for comprehensive pattern matching.\n\n### Basic Rule Structure\n\n```gamma\nHUNT RuleName:\n    CONDITION:\n        \"literal_text\"\n```\n\n### Advanced Rule Structure\n\n```gamma\nHUNT SQLInjection:\n    LOOK FOR:\n        sqli_pattern ~ text \"' OR '1'='1\" IGNORE case\n        union_attack ~ text \"UNION SELECT\" IGNORE case\n    WHEN:\n        file HAS sqli_pattern EITHER content HOLDS union_attack\n    THEN:\n        ALERT \"SQL injection detected!\" with high_priority\n```\n\n## Complete DSL Reference\n\n### Keywords\n\n#### Primary Keywords\n- **HUNT** - Defines a detection rule\n- **SCAN** - Alternative to HUNT\n- **FIND** - Alternative to HUNT  \n- **SEEK** - Alternative to HUNT\n\n#### Section Keywords\n- **CONDITION** - Simple condition block\n- **LOOK FOR** - Pattern definition section\n- **WHEN** - Conditional logic section\n- **THEN** - Action section\n- **meta** - Metadata section\n\n#### Logical Operators\n- **ALSO** - Logical AND\n- **EITHER** - Logical OR\n- **UNLESS** - Logical NOT\n- **HAS** - Contains check\n- **HOLDS** - Alternative to HAS\n\n#### Pattern Types\n- **text** - Text pattern matching\n- **regex** - Regular expression matching\n- **hex** - Hexadecimal pattern matching\n- **base64** - Base64 encoded patterns\n\n#### Modifiers\n- **IGNORE case** - Case-insensitive matching\n- **WHOLE word** - Word boundary matching\n- **ASCII** - ASCII encoding\n- **WIDE** - Wide character encoding\n\n### Operators\n\n- **~** - Pattern assignment operator\n- **->** - Flow operator\n- **=** - Equality operator\n- **!=** - Inequality operator\n- **>** - Greater than\n- **<** - Less than\n- **>=** - Greater than or equal\n- **<=** - Less than or equal\n\n### Built-in Functions\n\n#### String Functions\n- `length(string)` - Get string length\n- `upper(string)` - Convert to uppercase\n- `lower(string)` - Convert to lowercase\n- `substr(string, start, length)` - Extract substring\n- `replace(string, old, new)` - Replace text\n\n#### Encoding Functions\n- `base64_encode(data)` - Base64 encode\n- `base64_decode(data)` - Base64 decode\n- `url_encode(data)` - URL encode\n- `url_decode(data)` - URL decode\n- `hex_encode(data)` - Hexadecimal encode\n- `hex_decode(data)` - Hexadecimal decode\n\n#### Hash Functions\n- `md5(data)` - MD5 hash\n- `sha1(data)` - SHA1 hash\n- `sha256(data)` - SHA256 hash\n\n#### Analysis Functions\n- `entropy(data)` - Calculate entropy\n- `regex_match(pattern, text)` - Regex matching\n- `contains(text, substring)` - Substring check\n\n## Syntax Examples\n\n### 1. Simple Literal Matching\n\n```gamma\nHUNT PasswordDetection:\n    CONDITION:\n        \"password\"\n```\n\n### 2. Case-Insensitive Pattern\n\n```gamma\nHUNT MalwareDetection:\n    LOOK FOR:\n        malware_sig ~ text \"malicious\" IGNORE case\n    WHEN:\n        content HAS malware_sig\n    THEN:\n        ALERT \"Malware detected!\"\n```\n\n### 3. Multiple Patterns with Logic\n\n```gamma\nHUNT SQLInjection:\n    LOOK FOR:\n        sqli1 ~ text \"' OR 1=1\" IGNORE case\n        sqli2 ~ text \"UNION SELECT\" IGNORE case\n        sqli3 ~ text \"DROP TABLE\" IGNORE case\n    WHEN:\n        content HAS sqli1 EITHER content HAS sqli2 EITHER content HAS sqli3\n    THEN:\n        ALERT \"SQL injection attempt detected!\"\n```\n\n### 4. Regex Pattern Matching\n\n```gamma\nHUNT EmailExtraction:\n    LOOK FOR:\n        email_pattern ~ regex \"[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}\"\n    WHEN:\n        content HAS email_pattern\n    THEN:\n        REPORT \"Email found\" -> security_team\n```\n\n### 5. Hexadecimal Pattern Detection\n\n```gamma\nHUNT ExecutableSignature:\n    LOOK FOR:\n        pe_header ~ hex \"4D 5A 90 00\"\n        elf_header ~ hex \"7F 45 4C 46\"\n    WHEN:\n        file HAS pe_header EITHER file HAS elf_header\n    THEN:\n        ALERT \"Executable file detected!\"\n```\n\n### 6. Complex Conditional Logic\n\n```gamma\nHUNT AdvancedThreat:\n    LOOK FOR:\n        cmd_inject ~ text \"cmd.exe\" IGNORE case\n        powershell ~ text \"powershell\" IGNORE case\n        base64_data ~ regex \"[A-Za-z0-9+/=]{20,}\"\n    WHEN:\n        (content HAS cmd_inject EITHER content HAS powershell) \n        ALSO content HAS base64_data \n        ALSO length(content) > 1000\n    THEN:\n        ALERT \"Advanced threat detected!\" with critical_priority\n        REPORT to incident_response\n```\n\n### 7. Built-in Function Usage\n\n```gamma\nHUNT EncodedContent:\n    LOOK FOR:\n        suspicious_b64 ~ text base64_decode($content)\n    WHEN:\n        entropy($content) > 6.0 \n        ALSO length($content) > 100\n        ALSO contains(suspicious_b64, \"malware\")\n    THEN:\n        ALERT \"Encoded malicious content!\"\n```\n\n### 8. Metadata Section\n\n```gamma\nHUNT WebShellDetection:\n    meta:\n        author = \"Security Team\"\n        description = \"Detects common web shell patterns\"\n        version = \"1.2\"\n        category = \"web_security\"\n        reference = \"https://owasp.org/webshells\"\n        created = \"2024-01-01\"\n        \n    LOOK FOR:\n        php_shell ~ text \"<?php system($_GET\"\n        asp_shell ~ text \"<%eval request\"\n        jsp_shell ~ text \"<%Runtime.getRuntime().exec\"\n        \n    WHEN:\n        content HAS php_shell EITHER content HAS asp_shell EITHER content HAS jsp_shell\n        \n    THEN:\n        ALERT \"Web shell detected!\" with high_priority\n        REPORT to security_team\n        QUARANTINE file\n```\n\n### 9. File Analysis Patterns\n\n```gamma\nHUNT SensitiveDataLeak:\n    LOOK FOR:\n        ssn_pattern ~ regex \"\\b\\d{3}-\\d{2}-\\d{4}\\b\"\n        cc_pattern ~ regex \"\\b\\d{4}[-\\s]?\\d{4}[-\\s]?\\d{4}[-\\s]?\\d{4}\\b\"\n        api_key ~ regex \"[Aa][Pp][Ii]_?[Kk][Ee][Yy].*[A-Za-z0-9]{32,}\"\n        \n    WHEN:\n        content HAS ssn_pattern \n        EITHER content HAS cc_pattern \n        EITHER content HAS api_key\n        \n    THEN:\n        ALERT \"Sensitive data exposure!\" with critical_priority\n        CLASSIFY as \"PII_LEAK\"\n        NOTIFY compliance_team\n```\n\n### 10. Network Security Patterns\n\n```gamma\nHUNT NetworkThreat:\n    LOOK FOR:\n        ip_pattern ~ regex \"\\b(?:\\d{1,3}\\.){3}\\d{1,3}\\b\"\n        port_scan ~ text \"nmap\"\n        reverse_shell ~ text \"/bin/sh\"\n        \n    WHEN:\n        content HAS ip_pattern \n        ALSO (content HAS port_scan EITHER content HAS reverse_shell)\n        ALSO length(content) > 50\n        \n    THEN:\n        ALERT \"Network threat detected!\"\n        BLOCK source_ip\n        LOG to security_events\n```\n\n## Command Line Usage\n\n### Scanning Commands\n\n```bash\n# Basic file scanning\ngamma scan rules.gamma target_file.txt\n\n# Directory scanning with alerts\ngamma scan malware_rules.gamma /suspicious/directory --alert --recursive\n\n# Verbose output with reporting\ngamma scan security_rules.gamma logs/ --verbose --report --output results.json\n\n# Hunt for specific threats\ngamma hunt apt_rules.gamma network_logs/ --alert\n```\n\n### Rule Development\n\n```bash\n# Validate rule syntax\ngamma validate my_rules.gamma\n\n# Test rules against sample data\ngamma test rules.gamma --input test_data.txt\n\n# Compile rules and check syntax\ngamma compile advanced_rules.gamma --check-syntax\n\n# Interactive rule development\ngamma interactive\n```\n\n### Analysis Commands\n\n```bash\n# Comprehensive file analysis\ngamma analyze document.txt --threats --pii --secrets\n\n# Performance benchmarking\ngamma benchmark rules.gamma dataset/ --iterations 100\n\n# Show built-in examples\ngamma examples\n```\n\n## Python API\n\n### Basic Usage\n\n```python\nfrom gamma_scanner import GammaScanner\n\n# Initialize scanner\nscanner = GammaScanner()\n\n# Simple rule compilation and matching\nrule = '''\nHUNT TestPattern:\n    CONDITION:\n        \"malware\"\n'''\n\nsuccess = scanner.compile_rule(rule)\nif success:\n    results = scanner.match(\"This file contains malware\")\n    print(f\"Matches found: {len(results)}\")\n```\n\n### Advanced API Usage\n\n```python\nfrom gamma_scanner import GammaScanner\nimport json\n\nscanner = GammaScanner()\n\n# Load rules from file\ncompiled_rules = scanner.load_rules_from_file(\"security_rules.gamma\")\nprint(f\"Loaded {len(compiled_rules)} rules\")\n\n# Analyze content\ncontent = \"Suspicious content with potential threats\"\nmatches = scanner.match(content)\n\n# Process results\nfor match in matches:\n    print(f\"Rule: {match['rule_name']}\")\n    print(f\"Match details: {json.dumps(match, indent=2)}\")\n\n# Access compiled rules\nfor rule_name, rule_obj in scanner.compiled_rules.items():\n    print(f\"Rule {rule_name}: {rule_obj.name}\")\n```\n\n### Batch Processing\n\n```python\nfrom gamma_scanner import GammaScanner\nimport os\n\nscanner = GammaScanner()\nscanner.load_rules_from_file(\"comprehensive_rules.gamma\")\n\n# Process multiple files\nresults = []\nfor root, dirs, files in os.walk(\"/target/directory\"):\n    for file in files:\n        file_path = os.path.join(root, file)\n        try:\n            with open(file_path, 'r', encoding='utf-8', errors='ignore') as f:\n                content = f.read()\n            \n            matches = scanner.match(content)\n            if matches:\n                results.append({\n                    'file': file_path,\n                    'matches': len(matches),\n                    'details': matches\n                })\n        except Exception as e:\n            print(f\"Error processing {file_path}: {e}\")\n\nprint(f\"Found threats in {len(results)} files\")\n```\n\n## Features\n\n- **Unique DSL**: Completely original syntax with natural language keywords and flow operators\n- **Natural Keywords**: Uses intuitive keywords like HUNT, SCAN, LOOK FOR, WHEN, ALSO, EITHER, UNLESS\n- **Security Focus**: Built-in patterns for common security threats and vulnerabilities\n- **High Performance**: Optimized execution engine with rule compilation and caching\n- **Comprehensive CLI**: Full-featured command-line interface with multiple scanning modes\n- **Pattern Library**: Extensible pattern matching with regex, hex, and text patterns\n- **Built-in Functions**: Rich set of string manipulation, encoding, and analysis functions\n- **Metadata Support**: Rule documentation and organization with metadata sections\n- **Flexible Output**: JSON, XML, and custom report formats\n- **Interactive Mode**: Real-time rule testing and development environment\n\n## Performance\n\nGamma Scanner is designed for high-performance pattern matching:\n\n- **Rule Compilation**: Rules are compiled once and cached for repeated use\n- **Parallel Processing**: Multi-threaded scanning for large datasets  \n- **Memory Efficient**: Streaming processing for large files\n- **Optimized Matching**: Advanced pattern matching algorithms\n- **Benchmark Tools**: Built-in performance measurement and optimization\n\n## Best Practices\n\n### Rule Organization\n\n```gamma\n# Use descriptive rule names\nHUNT WebShellPHPVariant1:\n    meta:\n        category = \"web_security\"\n        severity = \"high\"\n        \n    CONDITION:\n        \"<?php system($_GET\"\n```\n\n### Pattern Efficiency\n\n```gamma\n# Combine related patterns for better performance\nHUNT SQLInjectionPatterns:\n    LOOK FOR:\n        union_select ~ text \"UNION SELECT\" IGNORE case\n        or_1_equals_1 ~ text \"' OR '1'='1\" IGNORE case\n        drop_table ~ text \"DROP TABLE\" IGNORE case\n        \n    WHEN:\n        content HAS union_select EITHER content HAS or_1_equals_1 EITHER content HAS drop_table\n```\n\n### Error Handling\n\n```gamma\n# Use metadata for rule documentation\nHUNT DatabaseThreats:\n    meta:\n        description = \"Detects database-related security threats\"\n        false_positives = \"May trigger on legitimate SQL documentation\"\n        mitigation = \"Review context before taking action\"\n```\n\n## License\n\nMIT License - see LICENSE file for details.\n\n## Contributing\n\nContributions are welcome! Please read our contributing guidelines and submit pull requests for any improvements.\n\n## Support\n\nFor questions, issues, or feature requests, please visit our GitHub repository or contact the development team.\n",
    "bugtrack_url": null,
    "license": null,
    "summary": "Advanced string manipulation and pattern matching engine with unique DSL syntax",
    "version": "1.0.6",
    "project_urls": {
        "Bug Reports": "https://github.com/gammascanner/gamma-scanner/issues",
        "Documentation": "https://gamma-scanner.readthedocs.io/",
        "Homepage": "https://github.com/gammascanner/gamma-scanner",
        "Source": "https://github.com/gammascanner/gamma-scanner"
    },
    "split_keywords": [
        "security",
        " pattern-matching",
        " dsl",
        " text-analysis",
        " malware-detection"
    ],
    "urls": [
        {
            "comment_text": null,
            "digests": {
                "blake2b_256": "1c1413d87b2bef645089aeaa8d57d0318a88ebe6cb930fd3a50e5e10abfa9058",
                "md5": "deb96a479e6d7203e03c264adffdf115",
                "sha256": "3aefd6d4c2bd3881fe9af9346582619199356b9851e227e854b9f81f63fe9c34"
            },
            "downloads": -1,
            "filename": "gamma_scanner-1.0.6-py3-none-any.whl",
            "has_sig": false,
            "md5_digest": "deb96a479e6d7203e03c264adffdf115",
            "packagetype": "bdist_wheel",
            "python_version": "py3",
            "requires_python": ">=3.8",
            "size": 45006,
            "upload_time": "2025-08-24T16:50:14",
            "upload_time_iso_8601": "2025-08-24T16:50:14.141014Z",
            "url": "https://files.pythonhosted.org/packages/1c/14/13d87b2bef645089aeaa8d57d0318a88ebe6cb930fd3a50e5e10abfa9058/gamma_scanner-1.0.6-py3-none-any.whl",
            "yanked": false,
            "yanked_reason": null
        },
        {
            "comment_text": null,
            "digests": {
                "blake2b_256": "9cfac3e1768ba09f23b1e54869c4b618b5da2862c82ba057ac3b81636b098d06",
                "md5": "55dbbbf2fd7d0ae30fc7431d34a2a27a",
                "sha256": "7e31ad871ded757b8504d45e91ac02ace64709a9203ddf66b7b03ce13ac43038"
            },
            "downloads": -1,
            "filename": "gamma_scanner-1.0.6.tar.gz",
            "has_sig": false,
            "md5_digest": "55dbbbf2fd7d0ae30fc7431d34a2a27a",
            "packagetype": "sdist",
            "python_version": "source",
            "requires_python": ">=3.8",
            "size": 59052,
            "upload_time": "2025-08-24T16:50:15",
            "upload_time_iso_8601": "2025-08-24T16:50:15.280069Z",
            "url": "https://files.pythonhosted.org/packages/9c/fa/c3e1768ba09f23b1e54869c4b618b5da2862c82ba057ac3b81636b098d06/gamma_scanner-1.0.6.tar.gz",
            "yanked": false,
            "yanked_reason": null
        }
    ],
    "upload_time": "2025-08-24 16:50:15",
    "github": true,
    "gitlab": false,
    "bitbucket": false,
    "codeberg": false,
    "github_user": "gammascanner",
    "github_project": "gamma-scanner",
    "github_not_found": true,
    "lcname": "gamma-scanner"
}
Harish Santhanalakshmi Ganesan
Elapsed time: 1.14293s