yaralyzer 1.0.11__py3-none-any.whl

.yaralyzer.example

@@ -0,0 +1,65 @@
+# If you place a filed called '.yaralyzer' in your home dir or the current dir environment variables specified
+# in that .yaralyzer file will be added to the environment each time yaralyzer is invoked. (See the `dotenv`
+# package for more details.) This file contains environment variables you can use to configure
+# the application above and beyond providing command line options on each invocation.  Useful if you want to permanently
+# configure options you tend to reuse (e.g. '--maximize-width') so you can stop remembering to type them.
+#
+# Almost all of the command line options can be configured in this file by capitalizing them and prefixing
+# with 'YARALYZER'. e.g. to configure the --maximize-width option for every invocation, you would set:
+# YARALYZER_MAXIMIZE_WIDTH=True
+
+
+
+# Expand the width of the output to the fit the display window (same as the --maximize-width options)
+#    YARALYZER_MAXIMIZE_WIDTH=True
+
+# yara-python internal options passed through to yara.set_config() as the stack_size and max_match_data arguments
+#    YARALYZER_STACK_SIZE=10485760
+#    YARALYZER_MAX_MATCH_LENGTH=10737418240
+
+# Suppress all attempts to decode bytes into various text encodings
+#    YARALYZER_SUPPRESS_DECODES_TABLE=False
+
+# Suppress the display of the table showing the the encoding assessments given by `chardet.detect()`
+# about a particular chunk of binary data. (The most important data in the chardet confidence table is
+# redunandant anyways. Only the low likelihood encodings are hidden from the usef)
+#    YARALYZER_SUPPRESS_CHARDET_TABLE=False
+# Minimum confidence to display an encoding in the chardet results table
+#    YARALYZER_MIN_CHARDET_CONFIDENCE=2.0
+
+# Configure how many bytes before and after any binary data should be included in scans and visualizations
+#    YARALYZER_SURROUNDING_BYTES=64
+
+
+
+# Size thresholds (in bytes) under/over which yaralyzer will NOT make attempts to decode a match.
+# Longer byte sequences are for obvious reasons slower to decode by force.
+# It may feel counterintuitive but larger chunks of random binary are also harder to examine and
+# (in my experience) less likely to be maningful. Consider it - two frontslash characters 20,000 lines apart
+# are more likely to be random than those same frontslashes when placed nearer to each other and
+# in the vicinity of lot of computerized sigils of internet power like `.', `+bacd*?`,. and other regexes.*
+# Keeping the max value number low will do more to affect the speed of the app than anything else you
+# can easily configure.
+#
+#    YARALYZER_MIN_DECODE_LENGTH=1
+#    YARALYZER_MAX_DECODE_LENGTH=256
+
+# Minimum bytes to run chardet.detect() on a sequence of bytes
+#    YARALYZER_MIN_BYTES_TO_DETECT_ENCODING
+
+
+
+# Directory to write application logs to. Must be an absolute path, not a relative one.
+# These logs are not normally written to a file and the default log level means that the standard behavior
+# is to more or less discard them. Be aware that if you configure this variable a few things will change:
+#
+#   1. Logs WILL NOT be written to STDOUT. They will stream ONLY to files in the configured directory.
+#      This is true even with the -D option.
+#   2. The default log_level will be decreased from WARN (extremely spartan) to INFO (fairly verbose).
+#      The -D option, which sets the log level to DEBUG, will be respected whether or not
+#      YARALYZER_LOG_DIR is configured.
+#
+#    YARALYZER_LOG_DIR=/path/to/yaralyzer/log_dir/
+
+# Log level
+#    YARALYZER_LOG_LEVEL='WARN'

CHANGELOG.md

@@ -0,0 +1,128 @@
+# NEXT RELEASE
+
+### 1.0.11
+* Catch yara internal errors in `yaralyze()` script so they are still raised when `Yaralyzer` used as a library
+
+### 1.0.10
+* Better handling and messaging around internal YARA errors
+* Make `DecodingTableRow` and `BytesMatch` into dataclasses
+* `print_bytes()` takes an `indent` argument
+
+### 1.0.9
+* Raise `FileNotFoundError` instead of `ValueError` if provided YARA rules files or dirs don't exist
+
+### 1.0.8
+* Bump `python-dotenv` to v1.1.1
+* Use `mkdocs` and `lazydocs` to build automatic API documentation at https://michelcrypt4d4mus.github.io/yaralyzer/
+* Drop python 3.9 support (required by `mkdocs-awesome-nav` package)
+
+### 1.0.7
+* Add `Changelog` to PyPi URLs, add some more PyPi classifiers
+* Add `.flake8` config file and fix style errors
+* Rename `prefix_with_plain_text_obj()` to `prefix_with_style()`
+
+### 1.0.6
+* Add `Environment :: Console` and `Programming Language :: Python` to PyPi classifiers
+* Add `LICENSE` to PyPi package
+
+### 1.0.5
+* Add `Development Status :: 5 - Production/Stable` to pypi classifiers
+
+### 1.0.4
+* Lock `chardet` library to 5.x
+
+### 1.0.3
+* Upgrade `rich` to 14.1.0
+
+### 1.0.2
+* Upgrade `yara-python` to 4.5.4
+
+### 1.0.1
+* Fix iteration of byte offsets during attempted decodes for UTF-16 and UTF-32 (was starting at second byte instead of first)
+* Label the byte offset for forced UTF-16 and UTF-32 decodes
+* Show helpful message if logs are being sent to files in `YaralyzerConfig.LOG_DIR` instead of being written to stderr/stdout
+* Warn if `--debug` and `--log-level` args both provided
+
+# 1.0.0
+* Add `--export-json` option
+
+### 0.9.6
+* Fix help message
+
+### 0.9.5
+* Use all files in a directory specified by `--rule-dir` instead of just those with the extension `.yara`
+* Fix bug where `--rule-dir` is prefixed by `./`
+
+### 0.9.4
+* Bump `yara-python` to 4.3.0+ and deal with backwards incompatibility
+
+### 0.9.3
+* Lock `yara-python` at 4.2.3 bc 4.3.x causes problems
+
+### 0.9.2
+* Fix PyPi screenshots
+* Raise better error message if yara rules file doesn't exist
+
+### 0.9.1
+* Fix PyPi screenshots
+
+# 0.9.0
+* All command lines args configurable via environment variables or `.yaralyzer` file
+* Improve decoding attempt statistics tracking
+* Add suppression notices
+* Expose `--min-chardet-table-confidence` option
+
+# 0.8.0
+* Add `--log-level` option
+* `BytesMatch.is_decodable()` method
+
+### 0.7.1
+* Bump deps
+
+# 0.7.0
+* Show hex and ascii side by side in decodes table
+
+### 0.6.2
+* Remove `cairosvg` dependency
+
+### 0.6.1
+* Use `rich_argparse_plus` for help formatting
+
+# 0.6.0
+* Add `--max-match-length` and `--yara-stack-size` args
+* Increase max returned bytes (was stuck at 512)
+* Tweak unprintable char format for ASCII C1 control range, minor style changes
+* Show color key for raw YARA match panel
+
+### 0.5.2
+* Properly escape bytes previews for rich
+
+### 0.5.1
+* Add Pdfalyzer info message when scanning PDFs
+
+# 0.5.0
+* Show MD5, SHA1, and SHA256 hashes for each match
+
+# 0.4.0
+* Add `--hex-pattern` command line option
+* Add `--patterns-label` command line option
+
+### 0.3.3
+* Refactor `file_export` and `rich_console`
+
+### 0.3.2
+* help screen displays defaults and valid ranges for int types
+
+### 0.3.1
+* yara-python compiles files directly
+
+# 0.3.0
+* Add `--rule-dir` option for loading all `.yara` files in directories
+* Add `--regex_modifier` option
+
+# 0.2.0
+* Add `Yaralyzer.for_rules_dir()` constructor to load all `.yara` files in a directory
+* Change command line arguments `-y` to `-Y` and `-r` to `-re`
+* Respect the `--suppress-decodes` option and min / max decode length options
+* Add `highlight_style` argument to `Yaralyzer`
+* Expose `Yaralyzer.match_iterator()` that calls back with `BytesMatch` objects