YARA包装说明
随着YARA您可以创建基于文本或二进制模式的恶意软件家族包含对这些家庭的样本描述。每个描述由一组字符串和布尔表达式,决定了它的逻辑。这个软件包包含了命令行界面。
资料来源:http://plusvic.github.io/yara/
- 作者:维克托·M.·阿尔瓦雷斯
许可:Apache的2.0
0x01 包含在亚拉包工具
亚拉 - 工具来识别和分类恶意软件样本
:~# yara usage: yara [OPTION]... [RULEFILE]... FILE | PID options: -t <tag> print rules tagged as <tag> and ignore the rest. Can be used more than once. -i <identifier> print rules named <identifier> and ignore the rest. Can be used more than once. -n print only not satisfied rules (negate). -g print tags. -m print metadata. -s print matching strings. -l <number> abort scanning after a <number> of rules matched. -d <identifier>=<value> define external variable. -r recursively search directories. -f fast matching mode. -v show version information. Report bugs to: < >0x02 亚拉用法示例
:~# coming soon
原文来自:https://www.hackfun.org/kali-tools/yara_zh.html。转载请注明原出处,商用请联系原作者授权。