Skip to content

ahsentekd/Yara-Forge

2 Branches1 Tag

Folders and files

NameName
Last commit message
Last commit date

Latest commit

ahsentekdahsentekd
fix: remove unused import
Dec 26, 2024
74d043f Β· Dec 26, 2024

History

9 Commits
.github
.github
Dec 26, 2024
benches
benches
Dec 26, 2024
examples
examples
Dec 26, 2024
src
src
Dec 26, 2024
.commitlintrc.json
.commitlintrc.json
Dec 26, 2024
.gitignore
.gitignore
Dec 26, 2024
Cargo.toml
Cargo.toml
Dec 26, 2024
Dockerfile
Dockerfile
Dec 26, 2024
LICENSE
LICENSE
Dec 26, 2024
README.md
README.md
Dec 26, 2024
cliff.toml
cliff.toml
Dec 26, 2024
docker-compose.yml
docker-compose.yml
Dec 26, 2024
release-plz.toml
release-plz.toml
Dec 26, 2024
rustfmt.toml
rustfmt.toml
Dec 26, 2024

Repository files navigation

YARA Forge πŸ› οΈ

A powerful Rust library for crafting, validating, and managing YARA rules. YARA Forge provides a comprehensive set of tools for creating sophisticated malware detection rules with an intuitive builder pattern interface.

Crates.io Documentation License: MIT CI

Features

  • πŸ—οΈ Rule Builder Pattern: Intuitive interface for creating YARA rules
  • πŸ“š Pre-built Templates: Common templates for malware detection
  • πŸ” Pattern Library: Extensive collection of malware detection patterns
  • βœ… Validation: Built-in rule validation and testing
  • πŸš€ Performance: Parallel scanning capabilities
  • πŸ”„ Import/Export: Support for JSON and other formats
  • πŸ“‹ Documentation: Comprehensive documentation and examples

Installation

Add this to your Cargo.toml:

[dependencies]
yara-forge = "0.1.0"

Quick Start

use yara_forge::{RuleBuilder, ValidationOptions};

fn main() -> Result<(), Box<dyn std::error::Error>> {
    // Create a simple rule
    let rule = RuleBuilder::new("detect_suspicious")
        .with_metadata("author", "YARA Forge")
        .with_string("$suspicious_api", "CreateRemoteThread")
        .with_condition("$suspicious_api")
        .build()?;

    // Validate the rule
    let options = ValidationOptions {
        syntax_only: true,
        test_against_samples: false,
        max_file_size: 10 * 1024 * 1024,
        timeout: 30,
    };

    // Save the rule
    rule.save("detect_suspicious.yar")?;

    Ok(())
}

Advanced Usage

Using Templates

use yara_forge::templates::ransomware_template;

let rule = ransomware_template("detect_ransomware")
    .with_metadata("severity", "high")
    .build()?;

Pattern Matching

use yara_forge::patterns::{ENCRYPTION_APIS, PROCESS_INJECTION};

let rule = RuleBuilder::new("detect_malware")
    .with_patterns(ENCRYPTION_APIS)
    .with_patterns(PROCESS_INJECTION)
    .with_condition("2 of them")
    .build()?;

Parallel Scanning

use yara_forge::validation::parallel_scan;

let matches = parallel_scan("rules/malware.yar", "samples/", &options)?;

Development

# Run tests
cargo test

# Run benchmarks
cargo bench

# Build documentation
cargo doc --no-deps --open

# Format code
cargo fmt

# Run lints
cargo clippy

Docker Support

Build the Docker image:

docker build -t yara-forge .

Run with Docker Compose:

docker-compose up

Contributing

We welcome contributions! Please see CONTRIBUTING.md for guidelines.

License

This project is licensed under the MIT License - see the LICENSE file for details.

Acknowledgments

Security

For security issues, please open issue on GitHub.

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

1 tags

Packages 1

Languages