4 releases (2 breaking)
new 0.3.0 | May 17, 2024 |
---|---|
0.2.0 | May 3, 2024 |
0.1.1 | Apr 4, 2024 |
0.1.0 | Apr 4, 2024 |
#1021 in Parser implementations
266 downloads per month
2MB
39K
SLoC
YARA-X
YARA-X is a re-incarnation of YARA, a pattern matching tool designed with malware researchers in mind. This new incarnation intends to be faster, safer and more user-friendly than its predecessor. The ultimate goal of YARA-X is to serve as the future replacement for YARA.
News are coming, stay tuned!
lib.rs
:
A YARA compiler and scanner completely written in Rust from scratch.
It is 99% compatible with existing YARA rules and intends to be a safer, more efficient implementation of YARA.
There are two main types in this crate: Compiler
and Scanner
. A compiler
takes YARA source code and produces compiled Rules
that are passed to the
scanner for scanning files or in-memory data. The Rules
produced by the
compiler can be safely passed to multiple instances of Scanner
, but each
instance of the scanner can be used for scanning a single file or memory buffer
at a time. The scanner can be re-used for scanning multiple files or memory-buffers,
though.
Example
// Create a compiler.
let mut compiler = yara_x::Compiler::new();
// Add some YARA source code to compile.
compiler.add_source(r#"
rule lorem_ipsum {
strings:
$ = "Lorem ipsum"
condition:
all of them
}
"#).unwrap();
// Obtain the compiled YARA rules.
let rules = compiler.build();
// Create a scanner that uses the compiled rules.
let mut scanner = yara_x::Scanner::new(&rules);
// Scan some data.
let results = scanner.scan("Lorem ipsum".as_bytes()).unwrap();
assert_eq!(results.matching_rules().len(), 1);
Dependencies
~24–42MB
~710K SLoC