Linux iad1-shared-b7-18 6.6.49-grsec-jammy+ #10 SMP Thu Sep 12 23:23:08 UTC 2024 x86_64
Apache
: 67.205.6.31 | : 216.73.216.47
Cant Read [ /etc/named.conf ]
8.2.29
fernandoquevedo
Terminal
AUTO ROOT
Adminer
Backdoor Destroyer
Linux Exploit
Lock Shell
Lock File
Create User
CREATE RDP
PHP Mailer
BACKCONNECT
UNLOCK SHELL
HASH IDENTIFIER
README
+ Create Folder
+ Create File
/
usr /
local /
share /
man /
man1 /
[ HOME SHELL ]
Name
Size
Permission
Action
yara.1
3.88
KB
-rw-r--r--
yarac.1
1.64
KB
-rw-r--r--
Delete
Unzip
Zip
${this.title}
Close
Code Editor : yara.1
.TH yara 1 "September 22, 2008" "Victor M. Alvarez" .SH NAME yara \- find files matching patterns and rules written in a special-purpose language. .SH SYNOPSIS .B yara [OPTION]... [NAMESPACE:]RULES_FILE... FILE | DIR | PID .SH DESCRIPTION yara scans the given FILE, all files contained in directory DIR, or the process identified by PID looking for matches of patterns and rules provided in a special purpose-language. The rules are read from one or more RULES_FILE. .PP The options to .IR yara (1) are: .TP .B " --atom-quality-table" Path to a file with the atom quality table. .TP .B \-C " --compiled-rules" RULES_FILE contains rules already compiled with yarac. .TP .B \-c " --count" Print number of matches only. .TP .BI "\-d --define"=identifier=value Define an external variable. This option can be used multiple times. .TP .B " --fail-on-warnings" Treat warnings as errors. Has no effect if used with .B --no-warnings. .TP .B \-f " --fast-scan" Speeds up scanning by searching only for the first occurrence of each pattern. .TP .BI \-i " identifier" " --identifier=" identifier Print rules named .I identifier and ignore the rest. This option can be used multiple times. .TP .BI " --max-process-memory-chunk=" size While scanning process memory read data in chunks of the given .I size in bytes. .TP .BI \-l " number" " --max-rules=" number Abort scanning after a .I number of rules matched. .TP .BI " --max-strings-per-rule=" number Set maximum number of strings per rule (default=10000) .TP .BI "\-x --module-data"=module=file Pass file's content as extra data to module. This option can be used multiple times. .TP .B \-n " --negate" Print rules that doesn't apply (negate). .TP .B \-w " --no-warnings" Disable warnings. .TP .B \-m " --print-meta" Print metadata associated to the rule. .TP .B \-D " --print-module-data" Print module data. .TP .B \-M " --module-names" show module names .TP .B \-e " --print-namespace" Print namespace associated to the rule. .TP .B \-S " --print-stats" Print rules' statistics. .TP .B \-s " --print-strings" Print strings found in the file. .TP .B \-L " --print-string-length" Print length of strings found in the file. .TP .B \-X " --print-xor-key" Print xor key of matched strings. .TP .B \-g " --print-tags" Print the tags associated to the rule. .TP .B \-r " --recursive" Scan files in directories recursively. It follows symlinks. .TP .BI " --scan-list" Scan files listed in FILE, one per line. .TP .BI \-z " size" " --skip-larger=" size Skip files larger than the given .I size in bytes when scanning a directory. .TP .BI \-k " slots" " --stack-size=" slots Set maximum stack size to the specified number of .I slots. .TP .BI \-t " tag" " --tag=" tag Print rules tagged as .I tag and ignore the rest. This option can be used multiple times. .TP .BI \-p " number" " --threads=" number Use the specified .I number of threads to scan a directory. .TP .BI \-a " seconds" " --timeout=" seconds Abort scanning after a number of .I seconds has elapsed. .TP .B \-v " --version" Show version information. .SH EXAMPLES $ yara /foo/bar/rules . .RS .PP Apply rules on .I /foo/bar/rules to all files on current directory. Subdirectories are not scanned. .RE .PP $ yara -t Packer -t Compiler /foo/bar/rules bazfile .RS .PP Apply rules on .I /foo/bar/rules to .I bazfile. Only reports rules tagged as .I Packer or .I Compiler. .RE .PP $ cat /foo/bar/rules | yara -r /foo .RS .PP Scan all files in the .I /foo directory and its subdirectories. Rules are read from standard input. .RE .PP $ yara -d mybool=true -d myint=5 -d mystring="my string" /foo/bar/rules bazfile .RS .PP Defines three external variables .I mybool .I myint and .I mystring. .RE .PP $ yara -x cuckoo=cuckoo_json_report /foo/bar/rules bazfile .RS .PP Apply rules on .I /foo/bar/rules to .I bazfile while passing the content of .I cuckoo_json_report to the cuckoo module. .RE .SH AUTHOR Victor M. Alvarez <plusvic@gmail.com>;<vmalvarez@virustotal.com>
Close
