Table of Contents
This script is a parsing tool for Yara Scan Service's JSON output file. Yara Scan Service allows to quickly test your YARA rule against a large collection of malicious samples. It helps assure your rule only matches the malware family you are looking for. The output is a JSON file containing all the matched samples. The JSON file contains a lot of information, and yaraScanParser is meant to help you maximize its benefits.
yaraScanParser allows you to:
- Save time by parsing the Yara Scan Service results automatically
- Get information about wanted matches and false positives of your rule
- Get the matched files' hash values in a format that can be easily inserted to your Yara rule's metadata section
To use this tool, you must have Python installed.
Clone the repo
git clone https://github.com/Sh3llyR/yaraScanParser.git
- Parameters -o and -m are OPTIONAL
- When -o parameter is omitted, the output file is saved in the script's directory
- When -m parameter is omitted, the value of the first 'malware' key in the JSON file is used
Usage examples:
- python yaraScanParser.py -i yara_scan_service_results.json -o output.txt -m CobaltStrike
- python yaraScanParser.py -i yara_scan_service_results.json -o output.txt -m CobaltStrike,DarkComet,QuasarRAT
- python3 yaraScanParser.py -i yara_scan_service_results.json
Project Link: https://github.com/Sh3llyR/yaraScanParser