YARI - An interactive debugger for YARA Language

Related tags

Command-line debugger rust python3 yara avast
Overview

YARI - YARA Interactive

Interactive debugger for the YARA language written in Rust. Debugger directly calls libyara avoiding emulation to get the most accurate results.

🚀 Features:

  • Call functions from modules
  • Get the value of module constants
  • Evaluate complex expressions
  • Check the matches of strings
  • Support for external variables
  • Integration with YARA Language Server

Showcase

Interactive shell

Binary accepts the same arguments as original yara binary.

λ yari /bin/sh
>> elf.number_of_sections
Integer(26)
>>

License

Copyright (c) 2022 Avast Software, licensed under the MIT license. See the LICENSE file for more details.

YARI and its related projects uses third-party libraries or other resources listed, along with their licenses, in the yari-sys/LICENSE-THIRD-PARTY file.

This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit. (http://www.openssl.org/)

Comments
  • Add support for `filesize` and similar expressions

    Add support for `filesize` and similar expressions

    We do not support the built-in symbols that are not from modules. The other symbol is deprecated entrypoint.

    • they should be documented here
    #[test]
fn test_eval_filesize() {
    let mut context = common::context_with_pe_sample_and_rule();
    let res = context.eval("filesize").unwrap();
    assert_eq!(res, YrValue::Integer(123));
}

    Make sure this is also supported in complex expressions when comparing against 1200KB for example.

    enhancement good first issue help wanted 
    opened by MatejKastak 1
  • feat: Distinguish YR_UNDEFINED

    feat: Distinguish YR_UNDEFINED

    • integer can be checked by value
    • float can be checked for nan
    • string can be null, so for this we have to wrap this in Option

    This also made the converting to boolean better, since undefined values seems to evaluate to False.

    enhancement 
    opened by MatejKastak 1
  • feat: Add support for `entrypoint` and `filesize`

    feat: Add support for `entrypoint` and `filesize`

    Enable this in complex expressions. This does not work in regular eval because both are represented as u64 and YrValue::Integer has i64.

    This might result in losing some information if we just convert it from u64 to i64. We will have to come back to this.

    • YARA reference https://github.com/VirusTotal/yara/blob/master/libyara/scanner.c#L657
    opened by MatejKastak 0
  • chore: Embed license information

    chore: Embed license information

    In order to satisfy LICENSE requirements, yari_sys::LICENSES contains the license information.

    On the cli you can print the licenses using following

    yari --licenses

    From the Python you can print the licenses using following:

    >>> import yari
>>> print(yari.LICENSES)
    documentation 
    opened by MatejKastak 0
  • Cargo build error E0432 on Linux

    Cargo build error E0432 on Linux

    When compiling under Linux, I get the following error message:

    • cargo update
    • cargo build
    error[E0432]: unresolved import `crate::bindings::yr_modules_do_load`
  --> yari-sys/src/lib.rs:23:5
   |
23 | use crate::bindings::yr_modules_do_load;
   |     ^^^^^^^^^^^^^^^^^------------------
   |     |                |
   |     |                help: a similar name exists in the module: `yr_modules_load`
   |     no `yr_modules_do_load` in `bindings`

error[E0432]: unresolved import `crate::bindings::yr_modules_do_unload`
  --> yari-sys/src/lib.rs:24:5
   |
24 | use crate::bindings::yr_modules_do_unload;
   |     ^^^^^^^^^^^^^^^^^--------------------
   |     |                |
   |     |                help: a similar name exists in the module: `yr_modules_load`
   |     no `yr_modules_do_unload` in `bindings`

For more information about this error, try `rustc --explain E0432`.
error: could not compile `yari-sys` due to 2 previous errors

    rustc --explain E0432: An import was unresolved.

    uname -a: Linux Host 5.10.102.1-microsoft-standard-WSL2 SMP Wed Mar 2 00:30:59 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux

    lsb_release -a: Ubuntu 20.04.5 LTS

    opened by albertzsigovits 1
  • Prepare GithubActions based semi-automatic release

    Prepare GithubActions based semi-automatic release

    The release process is currently manual. We should try to automate it. At least the builds for different platforms.

    • [ ] Linux
    • [ ] Windows
    • [ ] Mac OS (only after #14 is done)
    help wanted 
    opened by MatejKastak 0
  • Start building Mac OS Python wheels for yari-py

    Start building Mac OS Python wheels for yari-py

    Currently we support only Linux and Windows platforms.

    We should find a way to also build universal MacOS YARI wheels.

    • [ ] The first step should be to mention our current limitations in README
    • [ ] Then find and document a way to build it on MacOS
    • [ ] Optionally prepare a GithubActions workflow for that
    help wanted 
    opened by MatejKastak 2
Owner
Avast
https://avast.github.io
Avast
GitHub https://avast.github.io/yls/
A simple interactive OSC (Open Sound Control) debugger for terminal

oscd, a simple interactive OSC debugger for the terminal by using nom as a lexer/parser, oscd offers auto type casting and support sending multiple osc arguments.

Karnpapon Boonput 5 Oct 19, 2022
interactcli-rs is a command-line program framework used to solve the problem of the integration of command-line and interactive modes, including functions such as unification of command-line interactive modes and sub-command prompts. The framework integrates clap and shellwords.

interactcli-rs 简体中文 interactcli-rs is a command-line program framework used to solve the problem of the integration of command-line and interactive mo

JiaShiwen 12 Nov 5, 2022
LOKI2 - Simple IOC and YARA Scanner

LOKI2 LOKI - Simple IOC and YARA Scanner Status Work in Progress. This version is not ready for use. There's still some work to do for a first release

Florian Roth 34 Dec 20, 2022
A command line tool that resembles a debugger as well as Cheat Engine, to search for values in memory

Summary This is a small command-line tool designed to peek around memory of a running Linux process. It also provides filtering mechanisms similar to

null 213 Jul 4, 2023
Configurable, extensible, interactive line reader

linefeed linefeed is a configurable, concurrent, extensible, interactive input reader for Unix terminals and Windows console. API Documentation linefe

Murarth 176 Jan 3, 2023
An interactive cheatsheet tool for the command-line

navi An interactive cheatsheet tool for the command-line. navi allows you to browse through cheatsheets (that you may write yourself or download from

Denis Isidoro 12.2k Dec 30, 2022
Simple Interactive Terminal Todo App in Rust

todo-rs Simple Interactive Terminal Todo App in Rust Quick Start $ cargo run TODO Controls Keys Description k, j Move cursor up and down Shift+K, Shif

Tsoding 56 Dec 8, 2022
Coinlive is an interactive command line tool that displays live cryptocurrency prices.

Coinlive is an interactive command line tool that displays live cryptocurrency prices. It can also display simple historical price charts.

Mayer Analytics 9 Dec 7, 2022
A Rust library for building interactive prompts

inquire is a library for building interactive prompts on terminals. Demo Source Usage Put this line in your Cargo.toml, under [dependencies]. inquire

Mikael Mello 426 Dec 26, 2022
ruborute is an interactive command-line tool to get asphyxia@sdvx gaming data.

ruborute Are you 暴龍天 ?. The ruborute is an interactive command-line tool to get asphyxia@sdvx gaming data. asphyxia-core/plugins: https://github.com/a

RinChanNOW! 9 Sep 28, 2022
An interactive shell environment for exploring the p2panda protocol

An interactive shell environment for exploring the p2panda protocol. Uses a mock node and clients to simulate network logic.

null 4 Dec 12, 2021
Native cross-platform full feature terminal-based sequence editor for git interactive rebase.

Native cross-platform full feature terminal-based sequence editor for git interactive rebase.

Tim Oram 1.2k Jan 2, 2023
Requestty - An easy-to-use collection of interactive cli prompts inspired by Inquirer.js.

Requestty requestty (request-tty) is an easy-to-use collection of interactive cli prompts inspired by Inquirer.js. Easy-to-use - The builder API and m

null 160 Dec 28, 2022
Terminal based, feature rich, interactive SQL tool

datafusion-tui (dft) DataFusion-tui provides a feature rich terminal application, built with tui-rs, for using DataFusion (and eventually Ballista). I

null 49 Dec 24, 2022
Non-interactive nREPL client for shell scripts and command-line

nreplops-tool (nr) nreplops-tool (nr) is a non-interactive nREPL client designed to be used in shell scripts and on the command-line. Early α warning:

Matti Hänninen 3 Jul 1, 2022
A toolkit for building your own interactive command-line tools in Rust

promkit A toolkit for building your own interactive command-line tools in Rust, utilizing crossterm. Getting Started Put the package in your Cargo.tom

null 70 Dec 18, 2022
Tricking shells into interactive mode when local PTY's are not available

Remote Pseudoterminals Remote Pseudoterminals or "RPTY" is a Rust library which intercepts calls to the Linux kernel's TTY/PTY-related libc functions

null 135 Dec 4, 2022
Rust adaptation of sindresorhus/is-interactive from NodeJS

is-interactive Rust adaptation of sindresorhus/is-interactive from NodeJS Check if stdout or stderr is interactive It checks that stedout or stderr is

Sean Larkin 4 Jan 21, 2023
Ember is a minimalistic Rust library for creating 2D graphics, games, and interactive visualizations with ease and simplicity.

Ember Ember is a simple and fun 2D rendering library for Rust, allowing you to quickly create graphics and interactive applications with ease. It uses

null 8 May 4, 2023