Parse YARA rules into a dictionary representation.
Plyara is a script and library that lexes and parses a file consisting of one more YARA rules into a python dictionary representation. The goal of this tool is to make it easier to perform bulk operations or transformations of large sets of YARA rules, such as extracting indicators, updating attributes, and analyzing a corpus. Other applications include linters and dependency checkers.
Plyara leverages the Python module Ply for lexing YARA rules.
Install with pip:
pip install plyara
Use the included plyara script from the command line:
$ plyara -h usage: plyara.py [-h] [--log] FILE Parse YARA rules into a dictionary representation. positional arguments: FILE File containing YARA rules to parse. optional arguments: -h, --help show this help message and exit --log Enable debug logging to the console.
Or, use the plyara Python library in your own applications:
>>> import plyara
>>> parser = plyara.Plyara()
>>> mylist = parser.parse_string('rule MyRule { strings: $a="1" \n condition: false }')
>>>
>>> import pprint
>>> pprint.pprint(mylist)
[{'condition_terms': ['false'],
'raw_condition': 'condition: false',
'raw_strings': 'strings: $a="1" \n',
'rule_name': 'MyRule',
'start_line': 1,
'stop_line': 2,
'strings': [{'name': '$a', 'value': '"1"'}]}]
>>>
For complete documentation, visit plyara.readthedocs.io.