HiveBrain v1.2.0
Get Started
← Back to all entries
snippetbashTip

yara — Pattern matching tool for identifying and classifying malware. See also: `yarac`. More information:

Submitted by: @import:tldr-pages··
0
Viewed 0 times
clitldryaracommand-line
commandyarapatternclitoolidentifyingmatchingfor

Problem

How to use the yara command: Pattern matching tool for identifying and classifying malware. See also: yarac. More information: <https://yara.readthedocs.io/en/stable/commandline.html>.

Solution

yara — Pattern matching tool for identifying and classifying malware. See also: yarac. More information: <https://yara.readthedocs.io/en/stable/commandline.html>.

Scan a specific file with a rule file:
yara {{path/to/rule.yar}} {{path/to/file}}


Recursively scan a directory and subdirectories containing possible threats:
yara {{path/to/rule.yar}} {{[-r|--recursive]}} {{path/to/directory}}


Scan a running process by its PID using multiple rules:
yara {{path/to/rule1.yar path/to/rule2.yar ...}} {{PID}}


Print metadata associated with the matching rules:
yara {{[-m|--print-meta]}} {{path/to/rule.yar}} {{path/to/file}}


Print the strings that caused the rule to match:
yara {{[-s|--print-strings]}} {{path/to/rule.yar}} {{path/to/file}}


Use a specific number of threads for parallel scanning:
yara {{[-p|--threads]}} {{number_of_threads}} {{path/to/rule.yar}} {{path/to/directory}}


Use compiled YARA rules file to scan a directory recursively:
yara {{[-C|--compiled-rules]}} {{path/to/rules.bin}} {{[-r|--recursive]}} {{path/to/directory}}

Code Snippets

Scan a specific file with a rule file

yara {{path/to/rule.yar}} {{path/to/file}}

Recursively scan a directory and subdirectories containing possible threats

yara {{path/to/rule.yar}} {{[-r|--recursive]}} {{path/to/directory}}

Scan a running process by its PID using multiple rules

yara {{path/to/rule1.yar path/to/rule2.yar ...}} {{PID}}

Print metadata associated with the matching rules

yara {{[-m|--print-meta]}} {{path/to/rule.yar}} {{path/to/file}}

Print the strings that caused the rule to match

yara {{[-s|--print-strings]}} {{path/to/rule.yar}} {{path/to/file}}

Context

tldr-pages: common/yara

Revisions (0)

No revisions yet.