mirror of
https://github.com/ivuorinen/cheatsheet-tldr.git
synced 2026-01-26 11:33:59 +00:00
39 lines
1.2 KiB
Plaintext
39 lines
1.2 KiB
Plaintext
---
|
|
syntax: markdown
|
|
tags: [tldr, common]
|
|
source: https://github.com/tldr-pages/tldr.git
|
|
---
|
|
# yara
|
|
|
|
> Pattern matching tool for identifying and classifying malware.
|
|
> See also: `yarac`.
|
|
> More information: <https://yara.readthedocs.io/en/stable/commandline.html>.
|
|
|
|
- Scan a specific file with a rule file:
|
|
|
|
`yara {{path/to/rule.yar}} {{path/to/file}}`
|
|
|
|
- Recursively scan a directory and subdirectories containing possible threats:
|
|
|
|
`yara {{path/to/rule.yar}} {{[-r|--recursive]}} {{path/to/directory}}`
|
|
|
|
- Scan a running process by its PID using multiple rules:
|
|
|
|
`yara {{path/to/rule1.yar path/to/rule2.yar ...}} {{PID}}`
|
|
|
|
- Print metadata associated with the matching rules:
|
|
|
|
`yara {{[-m|--print-meta]}} {{path/to/rule.yar}} {{path/to/file}}`
|
|
|
|
- Print the strings that caused the rule to match:
|
|
|
|
`yara {{[-s|--print-strings]}} {{path/to/rule.yar}} {{path/to/file}}`
|
|
|
|
- Use a specific number of threads for parallel scanning:
|
|
|
|
`yara {{[-p|--threads]}} {{number_of_threads}} {{path/to/rule.yar}} {{path/to/directory}}`
|
|
|
|
- Use compiled YARA rules file to scan a directory recursively:
|
|
|
|
`yara {{[-C|--compiled-rules]}} {{path/to/rules.bin}} {{[-r|--recursive]}} {{path/to/directory}}`
|