From 7de8d651a2c39bc007ce37b2feac8787daa27720 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Fri, 15 Mar 2024 22:31:05 +0100 Subject: [PATCH] new: [yara_gen.py] added --- README.md | 2 +- yara_gen.py | 58 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 59 insertions(+), 1 deletion(-) create mode 100644 yara_gen.py diff --git a/README.md b/README.md index acbf3e2..d42b06b 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,5 @@ # My scripts - [url-check.sh](./url-check.sh) Read a list of URLs from stdin and print if the url is Ok (200 or 301 with one redirect to a 200) - +- [yara_gen.py](./yara_gen.py) Generate Yara rules from a list of strings diff --git a/yara_gen.py b/yara_gen.py new file mode 100644 index 0000000..ffdf5ec --- /dev/null +++ b/yara_gen.py @@ -0,0 +1,58 @@ +#!/usr/bin/python +# +# Generate Yara rules from a list of strings + +import yara_tools +import yara +import argparse +import os +import fileinput +import sys + +usage = "usage: %prog [options]" + +parser = argparse.ArgumentParser( + description="Generate Yara rules from a list of strings", epilog="" +) + +parser.add_argument( + "-n", + dest="name", + help="set name of the Yara rule", + type=str, + default="default_rule_name", +) +default_author = os.getlogin() +parser.add_argument( + "-a", + dest="author", + help="set name of the Yara rule author", + type=str, + default=default_author, +) +parser.add_argument( + "-p", + dest="purpose", + help="set the purpose of the Yara rule", + type=str, + default="Purpose not set", +) + +options = parser.parse_args() + +rule = yara_tools.create_rule(name=f'{options.name}', default_boolean='or') +rule.add_meta(key="author", value=f'{options.author}') +rule.add_meta(key="purpose", value=f'{options.purpose}') + +s = [] +for line in fileinput.input('-'): + l = line.rstrip() + if l: + s.append(l) +rule.add_strings( + strings=s, modifiers=['wide', 'ascii'], condition="any of ($IDENTIFIER*)" +) + +generated_rule = rule.build_rule() + +print(generated_rule)