The author Giles tells us:
Obviously, the most important thing we did was to switch out our javascript console for a new one that supports 256 colours! And slightly more sane copy + paste. And it works on Android, or at least it does on Lollipop. Giles recommends the Hackers keyboard. Still doesn't work on my blackberry though.
As you know :
PythonAnywhere is a Python development and hosting environment that displays in your web browser and runs on our servers. They're already set up with everything you need. It's easy to use, fast, and powerful. There's even a useful free plan.
I worked with PythonAnywhere and is very good. Thank you Giles.
Is a blog about python programming language. You can see my work with python programming language, tutorials and news.
Wednesday, December 3, 2014
Saturday, November 29, 2014
YARA python module - part 001 .
You can also see more python tutorial on free-tutorials.org.
YARA is a multi-platform program running on Windows, Linux and Mac OS X.
More about yara python module can be see it here
YARA used this keywords with rules under files.
The Yara documentation can be found in this link.
The yara python module use version 1.7.7 and this will need to use when make rules.
Instalation with pip :
First you need to make your user under your_user account.
I make one folder named yara to keep the my rules, see:
The print will show the rule compiled and the result.
YARA is a multi-platform program running on Windows, Linux and Mac OS X.
More about yara python module can be see it here
YARA used this keywords with rules under files.
all and any ascii at condition contains
entrypoint false filesize fullword for global in
import include int8 int16 int32 int8be int16be
int32be matches meta nocase not or of
private rule strings them true uint8 uint16
uint32 uint8be uint16be uint32be wide
The Yara documentation can be found in this link.
The yara python module use version 1.7.7 and this will need to use when make rules.
Instalation with pip :
C:\Python34>cd Scripts
C:\Python34\Scripts>pip install yara
Downloading/unpacking yara
Installing collected packages: yara
Running setup.py install for yara
Installing yara-ctypes-script.py script to C:\Python34\Scripts
Installing yara-ctypes.exe script to C:\Python34\Scripts
Successfully installed yara
Cleaning up...
Let's see this in action.First you need to make your user under your_user account.
I make one folder named yara to keep the my rules, see:
C:\\Users\\your_user\\Dropbox\\yara\\
and I test this file named doc_data.txt, from here:C:\\Users\\your_user\\Dropbox\\
The file has this text :InfoKey: Creator
InfoValue: TeX
InfoKey: Producer
InfoValue: pdfTeX-1.40.3
InfoKey: PTEX.Fullbanner
InfoValue: This is pdfTeX using libpoppler, Version 3.141592-1.40.3-2.2 (Web2C 7.5.6) kpathsea version 3.5.6
InfoKey: ModDate
InfoValue: D:20110210185614-08'00'
InfoKey: CreationDate
InfoValue: D:20110210185614-08'00'
PdfID0: 5691a9b61e98f4c329d4f9f6deb5363c
PdfID1: 5691a9b61e98f4c329d4f9f6deb5363c
NumberOfPages: 24
and the rule file detectstring has this rule:rule detectstring
{
strings:
$my_text_string = "5691a9b61e98f4c329d4f9f6deb5363c"
condition:
$my_text_string
}
You can use python shell with this source code:import yara
from yara import *
dir(yara)
['CALLBACK_ABORT', 'CALLBACK_CONTINUE', 'INCLUDE_PATH', 'Rules', 'YARA_RULES_ROO
T', 'YaraSyntaxError', '__builtins__', '__cached__', '__doc__', '__file__', '__l
oader__', '__name__', '__package__', '__path__', '__spec__', '__version__', 'com
pile', 'libyara_wrapper', 'load_rules', 'preprocessor', 'rules', 'version']
print(yara.version.__version__)
1.7.7
rules=yara.compile("C:\\Users\\your_user\\Dropbox\\yara\\detectstring")
matches=rules.match("C:\\Users\\your_user\\Dropbox\\doc_data.txt")
print(matches)
{'main': [{'tags': [], 'matches': True, 'rule': 'detectstring', 'meta': {}, 'str
ings': [{'flags': 19, 'identifier': '$my_text_string', 'data': '5691a9b61e98f4c3
29d4f9f6deb5363c', 'offset': 326}, {'flags': 19, 'identifier': '$my_text_string'
, 'data': '5691a9b61e98f4c329d4f9f6deb5363c', 'offset': 367}]}]}
The above rule is telling YARA that the file containing the string must be reported.The print will show the rule compiled and the result.
Subscribe to:
Posts (Atom)