yara - Online in the Cloud

Run yara in OnWorks free hosting provider over Ubuntu Online, Fedora Online, Windows online emulator or MAC OS online emulator

This is the command yara that can be run in the OnWorks free hosting provider using one of our multiple free online workstations such as Ubuntu Online, Fedora Online, Windows online emulator or MAC OS online emulator

Run in Ubuntu Run in Fedora Run in Windows Sim Run in MACOS Sim

PROGRAM:

NAME

yara - find files matching patterns and rules written in a special-purpose language.

SYNOPSIS

yara [OPTION]... [RULEFILE]... FILE | PID

DESCRIPTION

Yara scans the given FILE or the process indentified by PID looking if it matches the
patterns and rules provided in a special purpose-language. The rules are read from
RULEFILEs or standard input.

The options to yara(1) are:

-t tag --tag=tag
Print rules tagged as tag and ignore the rest. This option can be used multiple
times.

-i identifier --identifier=identifier
Print rules named identifier and ignore the rest. This option can be used multiple
times.

-n --negate
Print rules that doesn't apply (negate)

-D --print-module-data
Print module data.

-g --print-tags
Print the tags associated to the rule.

-m --print-meta
Print metadata associated to the rule.

-s --print-strings
Print strings found in the file.

-p number --threads=number
Use the specified number of threads to scan a directory.

-l number --max-rules=number
Abort scanning after a number of rules matched.

-a seconds --timeout=seconds
Abort scanning after a number of seconds has elapsed.

-d identifier=value
Define an external variable. This option can be used multiple times.

-x module=file
Pass file's content as extra data to module. This option can be used multiple
times.

-r --recursive
Scan files in directories recursively.

-f --fast-scan
Speeds up scanning by searching only for the first occurrence of each pattern.

-w --no-warnings
Disable warnings.

-v --version
Show version information.

EXAMPLES

$ yara /foo/bar/rules1 /foo/bar/rules2 .

Apply rules on /foo/bar/rules1 and /foo/bar/rules2 to all files on current
directory. Subdirectories are not scanned.

$ yara -t Packer -t Compiler /foo/bar/rules bazfile

Apply rules on /foo/bar/rules to bazfile. Only reports rules tagged as Packer or
Compiler.

$ cat /foo/bar/rules1 | yara -r /foo

Scan all files in the /foo directory and its subdirectories. Rules are read from
standard input.

$ yara -d mybool=true -d myint=5 -d mystring="my string" /foo/bar/rules bazfile

Defines three external variables mybool myint and mystring.

$ yara -x cuckoo=cuckoo_json_report /foo/bar/rules bazfile

Apply rules on /foo/bar/rules to bazfile while passing the content of
cuckoo_json_report to the cuckoo module.

Use yara online using onworks.net services