Metadata-Version: 2.1
Name: yarabuilder
Version: 0.0.2
Summary: A package to build YARA rules using Python
Home-page: https://github.com/BitsOfBinary/yarabuilder
Author: BitsOfBinary
License: UNKNOWN
Platform: UNKNOWN
Classifier: Programming Language :: Python :: 3
Classifier: License :: OSI Approved :: MIT License
Classifier: Operating System :: OS Independent
Requires-Python: >=3.6
Description-Content-Type: text/markdown

yarabuilder
===========

.. image:: https://readthedocs.org/projects/yarabuilder/badge/?version=latest
  :target: https://yarabuilder.readthedocs.io/en/latest/?badge=latest
  :alt: Documentation Status
.. image:: http://img.shields.io/pypi/v/yarabuilder.svg
  :target: https://pypi.org/project/yarabuilder/
  :alt: PyPi Version

Python module to create Yara rules.

Installation
------------

yarabuilder requires Python 3+::

    pip install yarabuilder

Usage
-----

.. code-block:: python

    >>> import yarabuilder
    >>> yara_builder = yarabuilder.YaraBuilder()
    >>>
    >>> yara_builder.create_rule("my_rule")
    >>> yara_builder.add_meta("my_rule", "description", "Generated by yarabuilder")
    >>> yara_builder.add_import("my_rule", "pe")
    >>> yara_builder.add_tag("my_rule", "yarabuilder")
    >>> yara_builder.add_text_string("my_rule", "Anonymous string")
    >>> yara_builder.add_text_string("my_rule", "Named string", name="str", modifiers=["ascii", "wide"])
    >>> yara_builder.add_string_comment("my_rule", "str", "example comment")
    >>> yara_builder.add_hex_string("my_rule", "DE AD BE EF")
    >>> yara_builder.add_regex_string("my_rule", "regex[0-9]{2}")
    >>> yara_builder.add_condition("my_rule", "any of them")
    >>>
    >>> rule = yara_builder.build_rules()
    >>> print(rule)
    import "pe"

    rule my_rule : yarabuilder {
        meta:
            description = "Generated by yarabuilder"

        strings:
            $ = "Anonymous string"
            $str = "Named string" ascii wide // example comment
            $ = {DE AD BE EF}
            $ = /regex[0-9]{2}/

        condition:
            any of them
    }
    >>>

TODO
----
- More logging in the classes
- Add optional validation for building YARA rules (e.g. checking imports are valid, and more longer term check the condition is valid)


