A Python utility for malware detection using YARA rules. It leverages the YARA Python library and yarac for in-memory rule handling, optimized binary compilation, and efficient file scanning, offering faster and more reliable results than traditional Bash scripting.
- Python3
- Yara C Library
echo 'export PATH="$HOME/bin:$PATH"' >> ~/.bashrc # Or ~/.zshrc if using Zsh
source ~/.bashrc # Or ~/.zshrc
brew install yara
curl -fsSL https://raw.githubusercontent.com/villanovachile/jetpack-local-yara-scanner/main/install_scan.sh -o /tmp/install_scan.sh && bash /tmp/install_scan.sh && rm /tmp/install_scan.sh
Run the script using the scan
command. The script supports scanning directories, specific files, or defaults to the current working directory.
-
Scan the Current Working Directory (Default):
scan
-
Scan a Specific Directory:
scan -d /path/to/directory
-
Scan Specific Files:
scan -f file1.php file2.html
This scans all files in the current working directory or the specified directory/file. To ensure accurate results, limit the scan to binary files.
Example Output:
scan
Compiling YARA rules...
Compilation complete.
No flags provided. Scanning current working directory: /Users/user/scan-directory
Total PHP files: 11037
Total HTML/JS files: 3912
Total other files: 235
Total files to scan: 15184
Scanning files: 16%|████████████▊ | 2489/15184 [00:07<00:43, 289.17it/s]