kali工具箱

YARA Package Description

With YARA you can create descriptions of malware families based on textual or binary patterns contained on samples of those families. Each description consists of a set of strings and a boolean expression which determines its logic. This package contains the command-line interface.

Source: http://plusvic.github.io/yara/

YARA Homepage | Kali YARA Repo

Author: Victor M. Alvarez
License: Apache-2.0

Tools included in the yara package

yara – Tool to identify and classify malware samples

[email protected]:~# yara

usage:  yara [OPTION]... [RULEFILE]... FILE | PID

options:

  -t <tag>                  print rules tagged as <tag> and ignore the rest. Can be used more than once.

  -i <identifier>           print rules named <identifier> and ignore the rest. Can be used more than once.

  -n                        print only not satisfied rules (negate).

  -g                        print tags.

  -m                        print metadata.

  -s                        print matching strings.

  -l <number>               abort scanning after a <number> of rules matched.

  -d <identifier>=<value>   define external variable.

  -r                        recursively search directories.

  -f                        fast matching mode.

  -v                        show version information.



Report bugs to: <[email protected]>

yara Usage Example

[email protected]:~# coming soon