Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Velocidex/go-yara

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

222 Commits
.github/workflows
.github/workflows
 
 
custom
custom
 
 
go-yara @ 50b5a02
go-yara @ 50b5a02
 
 
scripts
scripts
 
 
simple-yara
simple-yara
 
 
yara_src @ 7ff3904
yara_src @ 7ff3904
 
 
.gitignore
.gitignore
 
 
.gitmodules
.gitmodules
 
 
COPYING
COPYING
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
ahocorasick.c
ahocorasick.c
 
 
ahocorasick.h
ahocorasick.h
 
 
arena.c
arena.c
 
 
arena.h
arena.h
 
 
atoms.c
atoms.c
 
 
atoms.h
atoms.h
 
 
base64.c
base64.c
 
 
base64.h
base64.h
 
 
bitmask.c
bitmask.c
 
 
bitmask.h
bitmask.h
 
 
cgo.go
cgo.go
 
 
compat.c
compat.c
 
 
compat.h
compat.h
 
 
compiler.c
compiler.c
 
 
compiler.go
compiler.go
 
 
compiler.h
compiler.h
 
 
compiler_test.go
compiler_test.go
 
 
config.go
config.go
 
 
crypto.h
crypto.h
 
 
dex.h
dex.h
 
 
dotnet.h
dotnet.h
 
 
elf.h
elf.h
 
 
elf_utils.h
elf_utils.h
 
 
endian.c
endian.c
 
 
endian.h
endian.h
 
 
error.go
error.go
 
 
error.h
error.h
 
 
example_mem_blocks_test.go
example_mem_blocks_test.go
 
 
exception.h
exception.h
 
 
exec.c
exec.c
 
 
exec.h
exec.h
 
 
exefiles.c
exefiles.c
 
 
exefiles.h
exefiles.h
 
 
filemap.c
filemap.c
 
 
filemap.h
filemap.h
 
 
globals.h
globals.h
 
 
go.mod
go.mod
 
 
grammar.c
grammar.c
 
 
grammar.h
grammar.h
 
 
handle_go115.go
handle_go115.go
 
 
handle_go117.go
handle_go117.go
 
 
handle_legacy.go
handle_legacy.go
 
 
hash.c
hash.c
 
 
hash.h
hash.h
 
 
hex_grammar.c
hex_grammar.c
 
 
hex_grammar.h
hex_grammar.h
 
 
hex_lexer.c
hex_lexer.c
 
 
hex_lexer.h
hex_lexer.h
 
 
integers.h
integers.h
 
 
lexer.c
lexer.c
 
 
lexer.h
lexer.h
 
 
libyara.c
libyara.c
 
 
libyara.h
libyara.h
 
 
log.c
log.c
 
 
macho.h
macho.h
 
 
main.go
main.go
 
 
main_test.go
main_test.go
 
 
md5.c
md5.c
 
 
md5.h
md5.h
 
 
mem.c
mem.c
 
 
mem.h
mem.h
 
 
mem_blocks.go
mem_blocks.go
 
 
mem_blocks_test.go
mem_blocks_test.go
 
 
modules.c
modules.c
 
 
modules.h
modules.h
 
 
modules_dotnet.c
modules_dotnet.c
 
 
modules_elf.c
modules_elf.c
 
 
modules_math.c
modules_math.c
 
 
modules_module_list
modules_module_list
 
 
modules_pe.c
modules_pe.c
 
 
modules_pe_utils.c
modules_pe_utils.c
 
 
modules_time.c
modules_time.c
 
 
notebook.c
notebook.c
 
 
notebook.h
notebook.h
 
 
object.c
object.c
 
 
object.go
object.go
 
 
object.h
object.h
 
 
parser.c
parser.c
 
 
parser.h
parser.h
 
 
pe.h
pe.h
 
 
pe_utils.h
pe_utils.h
 
 
ported_test.go
ported_test.go
 
 
proc.c
proc.c
 
 
proc.h
proc.h
 
 
proc_darwin.c
proc_darwin.c
 
 
proc_freebsd.c
proc_freebsd.c
 
 
proc_linux.c
proc_linux.c
 
 
proc_windows.c
proc_windows.c
 
 
re.c
re.c
 
 

Repository files navigation

Go binding for yara

This repository is a repackages go-yara and libyara c files in such a way that they can built using cgo statically without needing to link a shared object.

Current Versions:

  • Libyara version is v4.5.4
  • go-yara version is v4.3.2

Enabled modules

Only the following yara modules are available. Rules that import other modules will be rejected.

  • pe
  • elf
  • math
  • time
  • dotnet

NOTE: This package does not build with openssl support.

Openssl is considered a large and complex dependency so at present it is not built into the library.

This means that any functionality that requires openssl will not work!

Specifically the following fields in the pe module are not populated and will not work in conditions:

  • pe.signatures
  • pe.is_signed
  • pe.number_of_signatures

In previous versions these fields were completely removed but this caused rules that use those fields to be rejected outright. This caused problems when loading a large number of rules from external sources, because it is difficult to identify and remove just the offending rules.

In this version, the fields are defined but are never populated. This allows rules that reference those fields to be loaded cleanly but any conditions will not match. Considering that signatures can be easily invalidated, robust rules typically have other conditions as a fallback so the impact should be minimal.

About

Go bindings for YARA

Resources

Readme

License

BSD-3-Clause license
Activity
Custom properties

Stars

14 stars

Watchers

3 watching

Forks

6 forks
Report repository

Releases 1

Release tag Latest
Sep 25, 2018

Packages

No packages published

Languages

  • C 95.1%
  • Go 4.8%
  • Other 0.1%