diff options
| author | jvoisin | 2015-06-30 17:28:16 +0200 |
|---|---|---|
| committer | jvoisin | 2015-06-30 17:28:16 +0200 |
| commit | d37e79625075b65449d79d546df3afcbe7698c16 (patch) | |
| tree | 670adc32062da4a58053fdc7dc0a3668d4f876c5 /poc.py | |
| parent | 97b60696b0a676a297cd8212f67507e7bebd21af (diff) | |
Python bindings, fuck yeah!
Diffstat (limited to 'poc.py')
| -rw-r--r-- | poc.py | 27 |
1 files changed, 27 insertions, 0 deletions
| @@ -0,0 +1,27 @@ | |||
| 1 | import fnmatch | ||
| 2 | import glob | ||
| 3 | import os | ||
| 4 | import sys | ||
| 5 | |||
| 6 | try: | ||
| 7 | import yara | ||
| 8 | except ImportError: | ||
| 9 | print 'Please install python-yara' | ||
| 10 | sys.exit(0) | ||
| 11 | |||
| 12 | if len(sys.argv) != 2: | ||
| 13 | print 'Usage: %s folder_to_scan' % sys.argv[0] | ||
| 14 | |||
| 15 | rules = yara.compile('malwares.yara') | ||
| 16 | |||
| 17 | for root, dirnames, filenames in os.walk(sys.argv[1]): | ||
| 18 | for filename in fnmatch.filter(filenames, '*.ph*'): | ||
| 19 | fname = os.path.join(root, filename) | ||
| 20 | if os.stat(fname).st_size: | ||
| 21 | matches = rules.match(os.path.join(root, filename), fast=True) | ||
| 22 | if matches: | ||
| 23 | matches=matches.pop() | ||
| 24 | print str(matches) + fname | ||
| 25 | print '\n'.join(hex(m[0]) + ':' + m[1] + ': ' + m[2] for m in matches.strings) | ||
| 26 | |||
| 27 | |||