From d37e79625075b65449d79d546df3afcbe7698c16 Mon Sep 17 00:00:00 2001
From: jvoisin
Date: Tue, 30 Jun 2015 17:28:16 +0200
Subject: Python bindings, fuck yeah!

---
 poc.py | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)
 create mode 100644 poc.py

diff --git a/poc.py b/poc.py
new file mode 100644
index 0000000..1ddbefd
--- /dev/null
+++ b/poc.py
@@ -0,0 +1,27 @@
+import fnmatch
+import glob
+import os
+import sys
+
+try:
+    import yara
+except ImportError:
+    print 'Please install python-yara'
+    sys.exit(0)
+
+if len(sys.argv) != 2:
+    print 'Usage: %s folder_to_scan' % sys.argv[0]
+
+rules = yara.compile('malwares.yara')
+
+for root, dirnames, filenames in os.walk(sys.argv[1]):
+    for filename in fnmatch.filter(filenames, '*.ph*'):
+        fname = os.path.join(root, filename)
+        if os.stat(fname).st_size:
+            matches = rules.match(os.path.join(root, filename), fast=True)
+            if matches:
+                matches=matches.pop()
+                print str(matches) + fname
+                print '\n'.join(hex(m[0]) + ':' + m[1] + ': ' + m[2] for m in matches.strings)
+
+
-- 
cgit v1.3