-
Notifications
You must be signed in to change notification settings - Fork 10
/
yaradetection.py
50 lines (39 loc) · 1.69 KB
/
yaradetection.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
#! /usr/bin/env python
import subprocess
import sys
import os, datetime, time
import string
import honeypotconfig
import honeypotconfig
#compile the rules
def listandscan(path):
script_path = os.path.dirname(os.path.abspath( __file__ ))
start_timeYara = time.time()
with open(script_path + "/scanlogs/Yara-report.log", "w") as f:
print "\n===================================== Yara ====================================="
f.write("======================================Yara======================================\n\n")
f.write(datetime.datetime.now().strftime("%A, %d %B %Y %I:%M:%S%p") + "\n\n")
f.write("--------------------------------------------------------------------------------\n\n")
os.system("find . -type f -size 0k -exec rm {} \; | awk '{ print $8 }'")
process = subprocess.Popen("yara -r " + script_path+"/yrules/rules.yara " + script_path+"/tmp", shell=True, stdout=subprocess.PIPE)
for line in iter(process.stdout.readline, ''):
sys.stdout.write(line)
f.write(line)
f.write("\nyara -r " + script_path + "/yrules/rules.yara " + script_path +"/tmp/"+ "\n\n")
finish_time = time.time() - start_timeYara, "seconds"
f.write("Scanning time with Yara engine was: " + str(finish_time) + "\n\n")
print "================================================================================"
'''
def yaradetect(inputfile):
ruleinput='Value'
fin = open(honeypotconfig.wdir+"yrules/rules.yara", 'r')
if fin:
ruleinput = fin.read()
fin.close()
rules = yara.compile(source=ruleinput)
f = open(inputfile, 'r')
matches = rules.match(data=f.read())
for m in matches:
print "%s" % m+ " found in file: " +inputfile
yarareport=reportfile.write(inputfile+"\t\t"+"%s" % m+"\n")
'''