scripts/yara_gen.py

#!/usr/bin/python
#
# Generate Yara rules from a list of strings

import yara_tools
import yara
import argparse
import os
import fileinput
import sys

usage = "usage: %prog [options]"

parser = argparse.ArgumentParser(
    description="Generate Yara rules from a list of strings", epilog=""
)

parser.add_argument(
    "-n",
    dest="name",
    help="set name of the Yara rule",
    type=str,
    default="default_rule_name",
)
default_author = os.getlogin()
parser.add_argument(
    "-a",
    dest="author",
    help="set name of the Yara rule author",
    type=str,
    default=default_author,
)
parser.add_argument(
    "-p",
    dest="purpose",
    help="set the purpose of the Yara rule",
    type=str,
    default="Purpose not set",
)

options = parser.parse_args()

rule = yara_tools.create_rule(name=f'{options.name}', default_boolean='or')
rule.add_meta(key="author", value=f'{options.author}')
rule.add_meta(key="purpose", value=f'{options.purpose}')

s = []
for line in fileinput.input('-'):
    l = line.rstrip()
    if l:
        s.append(l)
rule.add_strings(
    strings=s, modifiers=['wide', 'ascii'], condition="any of ($IDENTIFIER*)"
)

generated_rule = rule.build_rule()

print(generated_rule)
new: [yara_gen.py] added 2024-03-15 21:31:05 +00:00			`#!/usr/bin/python`
			`#`
			`# Generate Yara rules from a list of strings`

			`import yara_tools`
			`import yara`
			`import argparse`
			`import os`
			`import fileinput`
			`import sys`

			`usage = "usage: %prog [options]"`

			`parser = argparse.ArgumentParser(`
			`description="Generate Yara rules from a list of strings", epilog=""`
			`)`

			`parser.add_argument(`
			`"-n",`
			`dest="name",`
			`help="set name of the Yara rule",`
			`type=str,`
			`default="default_rule_name",`
			`)`
			`default_author = os.getlogin()`
			`parser.add_argument(`
			`"-a",`
			`dest="author",`
			`help="set name of the Yara rule author",`
			`type=str,`
			`default=default_author,`
			`)`
			`parser.add_argument(`
			`"-p",`
			`dest="purpose",`
			`help="set the purpose of the Yara rule",`
			`type=str,`
			`default="Purpose not set",`
			`)`

			`options = parser.parse_args()`

			`rule = yara_tools.create_rule(name=f'{options.name}', default_boolean='or')`
			`rule.add_meta(key="author", value=f'{options.author}')`
			`rule.add_meta(key="purpose", value=f'{options.purpose}')`

			`s = []`
			`for line in fileinput.input('-'):`
			`l = line.rstrip()`
			`if l:`
			`s.append(l)`
			`rule.add_strings(`
			`strings=s, modifiers=['wide', 'ascii'], condition="any of ($IDENTIFIER*)"`
			`)`

			`generated_rule = rule.build_rule()`

			`print(generated_rule)`