yarAnalyzer is a Python-based YARA rule analyzer that can also generate statistics from yara rulesets. It also has an inventory creation feature that can output a CSV file detailing the rules.
It creates statistics on a YARA rule set and files in a sample directory. Place some signatures with .yar extension in the “signatures” folder and then run yarAnalyzer on a certain sample directory.
Usage
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 |
usage: yarAnalyzer.py [-h] -p path [-s sigpath] [-e ext] [-i identifier] [-m max-size] [-l max-string] [-f first-bytes] [--excel] [--noempty] [--printAll] [--debug] yarAnalyzer - Yara Rules Statistics and Analysis optional arguments: -h, --help show this help message and exit -p path Path to scan -s sigpath Path to signature files -e ext signature extension -i identifier Set an identifier - will be used in filename identifier_rule_stats.csv and identifier_file_stats.csv -m max-size Max file size in MB (default=10) -l max-string Max filename/rulename string length in command line output -f first-bytes Number of first bytes to show in output --excel Add extras to suppress automatic conversion in Microsoft Excel --noempty Don't show empty values --printAll Print all files that are scanned --debug Debug output |
You can download yarAnalyzer here:
Or read more here.