Class YaraScanMixin

source code

A common implementation of yara scanner.

This should be mixed with the OS specific Scanner (e.g. WinScanner) and plugin.TypedProfileCommand.

Instance Methods

__init__(self, *args, **kwargs)
Scan using yara signatures.

source code

compile_rule(self, rule)

source code

generate_hits(self, run)

source code

collect(self)
Render output.

source code

Inherited from object: __delattr__, __format__, __getattribute__, __hash__, __new__, __reduce__, __reduce_ex__, __repr__, __setattr__, __sizeof__, __str__, __subclasshook__

Class Variables
	name = `'yarascan'`
	table_header = `[{'name': 'Owner', 'width': 20}, {'name': 'Rule...`
	scanner_defaults = `{'scan_physical': True}`

Properties
Inherited from `object`: `__class__`

Method Details

init(self, *args, **kwargs)
(Constructor)

source code

Scan using yara signatures.

Overrides: object.__init__

Class Variable Details

table_header

Value:

[{'name': 'Owner', 'width': 20},
 {'name': 'Rule', 'width': 10},
 {'hidden': True, 'name': 'Match'},
 {'name': 'Offset', 'style': 'address'},
 {'hex_width': 16, 'name': 'hexdump', 'width': 67},
 {'hidden': True, 'name': 'run'},
 {'hidden': True, 'name': 'address_space'},
 {'name': 'Context'}]

Class YaraScanMixin

__init__(self, *args, **kwargs) (Constructor)

table_header

init(self, *args, **kwargs)
(Constructor)