A file system forensics analysis scanner and threat hunting tool. Scans file systems at the MFT and OS level and stores data in SQL, SQLite or CSV. Threats and data can be probed harnessing the power and syntax of SQL.

Stars: ✭ 66 (+127.59%)

Mutual labels: yara, yara-scanner

python-gerrit-api

Python wrapper for the Gerrit REST API.

Stars: ✭ 6 (-79.31%)

Mutual labels: wrapper, wrapper-api

BitLens

🔎 Have your bits and eat them too! A C++17 bit lens container for vector types.

Stars: ✭ 20 (-31.03%)

Mutual labels: wrapper

detection

Detection in the form of Yara, Snort and ClamAV signatures.

Stars: ✭ 70 (+141.38%)

Mutual labels: yara

wrapper.py

Wrapper.py is a Minecraft server wrapper that adds additional features to a vanilla server, including backups, dashboard access, plugins, and more.

Stars: ✭ 34 (+17.24%)

Mutual labels: wrapper

Plotty

C language compiler from scratch for a custom architecture, with virtual machine and all

Stars: ✭ 33 (+13.79%)

Mutual labels: net

WPFControls-ThemePack

Custom designed themes for WPF controls to make your app look better. Simple to modify.

Stars: ✭ 28 (-3.45%)

Mutual labels: net

ScintillaNET.WPF

A WPF Wrapper around the ScintillaNET v3 control

Stars: ✭ 30 (+3.45%)

Mutual labels: wrapper

FigmaPy

An unofficial Python3+ wrapper for Figma API

Stars: ✭ 19 (-34.48%)

Mutual labels: wrapper-api

nimtesseract

A Tesseract OCR wrapper for Nim

Stars: ✭ 23 (-20.69%)

Mutual labels: wrapper

Google-Docs-Desktop-OSX

A Super Simple Google Docs Desktop Client for Mac OSX Built in Javascript and MacGap

Stars: ✭ 35 (+20.69%)

Mutual labels: wrapper

wumpy

Discord API Wrapper - Easy enough for Wumpus, and fast enough for Clyde!

Stars: ✭ 25 (-13.79%)

Mutual labels: wrapper

sandboxed-fs

Sandboxed Wrapper for Node.js File System API

Stars: ✭ 41 (+41.38%)

Mutual labels: wrapper

mole

Yara powered NIDS with high speed packet capture powered by PF_RING

Stars: ✭ 51 (+75.86%)

Mutual labels: yara

PoShLog

🔩 PoShLog is PowerShell cross-platform logging module. It allows you to log structured event data into console, file and much more places easily. It's built upon great C# logging library Serilog - https://serilog.net/

Stars: ✭ 108 (+272.41%)

Mutual labels: wrapper

glow

OpenGL Object Wrapper (GLOW)

Stars: ✭ 18 (-37.93%)

Mutual labels: wrapper

View All Similar Projects ➔

YaraSharp

C# wrapper around the Yara pattern matching library.

Use signatures form Loki or Yara.

Nuget package is available

Usage

//  All API calls happens here
YSInstance YSInstance = new YSInstance();
        
//  Declare external variables (could be null)
Dictionary<string, object> externals = new Dictionary<string, object>()
{
    { "filename", string.Empty },
    { "filepath", string.Empty },
    { "extension", string.Empty }
};

//	Get list of YARA rules
List<string> ruleFilenames = Directory.GetFiles(@"D:\Test\yara", "*.yar", SearchOption.AllDirectories).ToList();

//  Context is where yara is initialized
//  From yr_initialize() to yr_finalize()
using (YSContext context = new YSContext())
{
    //	Compiling rules
    using (YSCompiler compiler = instance.CompileFromFiles(ruleFilenames, externals))
    {
        //  Get compiled rules
        YSRules rules = compiler.GetRules();

        //  Get errors
        YSReport errors = compiler.GetErrors();
        //  Get warnings
        YSReport warnings = compiler.GetWarnings();


        //  Some file to test yara rules
        string Filename = @"";

		//  Get matches
		List<YSMatches> Matches = instance.ScanFile(Filename, rules,
				new Dictionary<string, object>()
				{
					{ "filename", Alphaleonis.Win32.Filesystem.Path.GetFileName(Filename) },
					{ "filepath", Alphaleonis.Win32.Filesystem.Path.GetFullPath(Filename) },
					{ "extension", Alphaleonis.Win32.Filesystem.Path.GetExtension(Filename) }
				}, 
				0);

		//  Iterate over matches
		foreach (YSMatches Match in Matches)
		{
			//...
		}
	}
	//  Log errors
}

For async scanning use must call destroy methods:

YaraSharp.CYaraSharp YSInstance = new CYaraSharp();
YaraSharp.CContext YSContext = new YaraSharp.CContext();
YaraSharp.CRules YSRules = YSInstance.CompileFromFiles(RuleFilenames, null, out Errors);

//  Async here

YSRules.Destroy();
YSContext.Destroy();

Reference

Libyara C API documentation for a general overview on how to use libyara.

Features and limitations

Metadata supported
Externals supported
Async scanning supported
It seems (through debug sessions) that modules are supported, but i haven't had cases that certanly used them. So this question is opened

Note

Soultion contains 2 projects:

yara-master - where you can update yara sources for a new version
YaraSharp - where you can modify sources in order to add / repair wrapper features

Other

Build in vs 2017

Compiled with yara 3.8.1

Yara patched to support unicode paths

You can use or modify the sources however you want

Special thanks to kallanreed

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

stellarbear / YaraSharp

Programming Languages

Labels

Projects that are alternatives of or similar to YaraSharp

YaraSharp

Usage

Reference

Features and limitations

Note

Other