yaralyzer 1.0.7__py3-none-any.whl → 1.0.9__py3-none-any.whl

yaralyzer/yaralyzer.py

@@ -1,19 +1,11 @@
-"""
-Central class that handles setting up / compiling rules and reading binary data from files as needed.
-Alternate constructors are provided depending on whether:
-    1. YARA rules are already compiled
-    2. YARA rules should be compiled from a string
-    3. YARA rules should be read from a file
-    4. YARA rules should be read from a directory of .yara files
-
-The real action happens in the __rich__console__() dunder method.
-"""
+"""Main Yaralyzer class and alternate constructors."""
 from os import path
-from typing import Iterator, List, Optional, Tuple, Union
+from typing import Callable, Iterator, List, Optional, Tuple, Union
 
 import yara
 from rich.console import Console, ConsoleOptions, RenderResult
 from rich.padding import Padding
+from rich.style import Style
 from rich.text import Text
 
 from yaralyzer.bytes_match import BytesMatch
@@ -34,6 +26,33 @@ YARA_FILE_DOES_NOT_EXIST_ERROR_MSG = "is not a valid yara rules file (it doesn't
 
 # TODO: might be worth introducing a Scannable namedtuple or similar
 class Yaralyzer:
+    """
+    Central class that handles setting up / compiling YARA rules and reading binary data from files as needed.
+
+    Alternate constructors are provided depending on whether:
+
+    * YARA rules are already compiled
+
+    * YARA rules should be compiled from a string
+
+    * YARA rules should be read from a file
+
+    * YARA rules should be read from a directory of .yara files
+
+    The real action happens in the `__rich__console__()` dunder method.
+
+    Attributes:
+        bytes (bytes): The binary data to scan.
+        bytes_length (int): The length of the binary data.
+        scannable_label (str): A label for the binary data, typically the filename or a user-provided label.
+        rules (yara.Rules): The compiled YARA rules to use for scanning.
+        rules_label (str): A label for the ruleset, typically derived from filenames or user input.
+        highlight_style (str): The style to use for highlighting matches in the output.
+        non_matches (List[dict]): A list of YARA rules that did not match the binary data.
+        matches (List[YaraMatch]): A list of YaraMatch objects representing the matches found.
+        extraction_stats (RegexMatchMetrics): Metrics related to decoding attempts on matched data
+    """
+
     def __init__(
         self,
         rules: Union[str, yara.Rules],
@@ -43,10 +62,22 @@ class Yaralyzer:
         highlight_style: str = YaralyzerConfig.HIGHLIGHT_STYLE
     ) -> None:
         """
-        If rules is a string it will be compiled by yara
-        If scannable is bytes then scannable_label must be provided.
-        If scannable is a string it is assumed to be a file that bytes should be read from
-        and the scannable_label will be set to the file's basename.
+        Initialize a `Yaralyzer` instance for scanning binary data with YARA rules.
+
+        Args:
+            rules (Union[str, yara.Rules]): YARA rules to use for scanning. Can be a string or a pre-compiled
+                `yara.Rules` object (strings will be compiled to an instance of `yara.Rules`).
+            rules_label (str): Label to identify the ruleset in output and logs.
+            scannable (Union[bytes, str]): The data to scan. If it's `bytes` type then that data is scanned;
+                if it's a string it is treated as a file path to load bytes from.
+            scannable_label (Optional[str], optional): Label for the `scannable` arg data.
+                Required if `scannable` is `bytes`.
+                If `scannable` is a file path `scannable_label` will default to the file's basename.
+            highlight_style (str, optional): Style to use for highlighting matches in output.
+                Defaults to `YaralyzerConfig.HIGHLIGHT_STYLE`.
+
+        Raises:
+            TypeError: If `scannable` is `bytes` and `scannable_label` is not provided.
         """
         if 'args' not in vars(YaralyzerConfig):
             YaralyzerConfig.set_default_args()
@@ -58,7 +89,7 @@ class Yaralyzer:
 
         if isinstance(scannable, bytes):
             if scannable_label is None:
-                raise TypeError("Must provide scannable_label arg when yaralyzing raw bytes")
+                raise TypeError("Must provide 'scannable_label' arg when yaralyzing raw bytes")
 
             self.bytes: bytes = scannable
             self.scannable_label: str = scannable_label
@@ -87,13 +118,26 @@ class Yaralyzer:
         scannable: Union[bytes, str],
         scannable_label: Optional[str] = None
     ) -> 'Yaralyzer':
-        """Alternate constructor loads yara rules from files, labels rules w/filenames"""
+        """
+        Alternate constructor to load YARA rules from files and label rules with the filenames.
+
+        Args:
+            yara_rules_files (List[str]): List of file paths to YARA rules files.
+            scannable (Union[bytes, str]): The data to scan. If `bytes`, raw data is scanned;
+                if `str`, it is treated as a file path to load bytes from.
+            scannable_label (Optional[str], optional): Label for the `scannable` data.
+                Required if `scannable` is `bytes`. If scannable is a file path, defaults to the file's basename.
+
+        Raises:
+            TypeError: If `yara_rules_files` is not a list.
+            FileNotFoundError: If any file in `yara_rules_files` does not exist.
+        """
         if not isinstance(yara_rules_files, list):
             raise TypeError(f"{yara_rules_files} is not a list")
 
         for file in yara_rules_files:
             if not path.exists(file):
-                raise ValueError(f"'{file}' {YARA_FILE_DOES_NOT_EXIST_ERROR_MSG}")
+                raise FileNotFoundError(f"'{file}' {YARA_FILE_DOES_NOT_EXIST_ERROR_MSG}")
 
         filepaths_arg = {path.basename(file): file for file in yara_rules_files}
 
@@ -112,9 +156,21 @@ class Yaralyzer:
         scannable: Union[bytes, str],
         scannable_label: Optional[str] = None
     ) -> 'Yaralyzer':
-        """Alternate constructor that will load all .yara files in yara_rules_dir"""
+        """
+        Alternate constructor that will load all `.yara` files in `yara_rules_dir`.
+
+        Args:
+            dirs (List[str]): List of directories to search for `.yara` files.
+            scannable (Union[bytes, str]): The data to scan. If `bytes`, raw data is scanned;
+                if `str`, it is treated as a file path to load bytes from.
+            scannable_label (Optional[str], optional): Label for the `scannable` data.
+                Required if `scannable` is `bytes`. If scannable is a file path, defaults to the file's basename.
+
+        Raises:
+            FileNotFoundError: If `dirs` is not a list of valid directories.
+        """
         if not (isinstance(dirs, list) and all(path.isdir(dir) for dir in dirs)):
-            raise TypeError(f"'{dirs}' is not a list of valid directories")
+            raise FileNotFoundError(f"'{dirs}' is not a list of valid directories")
 
         rules_files = [path.join(dir, f) for dir in dirs for f in files_in_dir(dir)]
         return cls.for_rules_files(rules_files, scannable, scannable_label)
@@ -130,7 +186,22 @@ class Yaralyzer:
         pattern_label: Optional[str] = None,
         regex_modifier: Optional[str] = None,
     ) -> 'Yaralyzer':
-        """Constructor taking regex pattern strings. Rules label defaults to patterns joined by comma"""
+        """
+        Alternate constructor taking regex pattern strings. Rules label defaults to the patterns joined by comma.
+
+        Args:
+            patterns (List[str]): List of regex or hex patterns to build rules from.
+            patterns_type (str): Either `"regex"` or `"hex"` to indicate the type of patterns provided.
+            scannable (Union[bytes, str]): The data to scan. If `bytes`, raw data is scanned;
+                if `str`, it is treated as a file path to load bytes from.
+            scannable_label (Optional[str], optional): Label for the `scannable` data.
+                Required if `scannable` is `bytes`.
+                If scannable is a file path, defaults to the file's basename.
+            rules_label (Optional[str], optional): Label for the ruleset. Defaults to the patterns joined by comma.
+            pattern_label (Optional[str], optional): Label for each pattern in the YARA rules. Defaults to "pattern".
+            regex_modifier (Optional[str], optional): Optional regex modifier (e.g. "nocase", "ascii", "wide", etc).
+                Only valid if `patterns_type` is `"regex"`.
+        """
         rule_strings = []
 
         for i, pattern in enumerate(patterns):
@@ -149,11 +220,16 @@ class Yaralyzer:
         return cls(rules_string, rules_label, scannable, scannable_label)
 
     def yaralyze(self) -> None:
-        """Use YARA to find matches and then force decode them"""
+        """Use YARA to find matches and then force decode them."""
         console.print(self)
 
     def match_iterator(self) -> Iterator[Tuple[BytesMatch, BytesDecoder]]:
-        """Iterator version of yaralyze. Yields match and decode data tuple back to caller."""
+        """
+        Iterator version of `yaralyze()`.
+
+        Yields:
+            Tuple[BytesMatch, BytesDecoder]: Match and decode data tuple.
+        """
         self.rules.match(data=self.bytes, callback=self._yara_callback)
 
         for yara_match in self.matches:
@@ -167,7 +243,16 @@ class Yaralyzer:
 
         self._print_non_matches()
 
-    def _yara_callback(self, data: dict):
+    def _yara_callback(self, data: dict) -> Callable:
+        """
+        Callback invoked by `yara-python` to handle matches and non-matches as they are discovered.
+
+        Args:
+            data (dict): Data provided when `yara-python` invokes the callback.
+
+        Returns:
+            Callable: Always returns `yara.CALLBACK_CONTINUE` to signal `yara-python` should continue processing.
+        """
         if data['matches']:
             self.matches.append(YaraMatch(data, self._panel_text()))
         else:
@@ -176,7 +261,7 @@ class Yaralyzer:
         return yara.CALLBACK_CONTINUE
 
     def _print_non_matches(self) -> None:
-        """Print info about the YARA rules that didn't match the bytes"""
+        """Print info about the YARA rules that didn't match the bytes."""
         if len(self.non_matches) == 0:
             return
 
@@ -193,21 +278,21 @@ class Yaralyzer:
         console.print(Padding(Text(', ', 'white').join(non_matches_text), (0, 0, 1, 4)))
 
     def _panel_text(self) -> Text:
-        """Inverted colors for the panel at the top of the match section of the output"""
+        """Inverted colors for the panel at the top of the match section of the output."""
         styles = [reverse_color(YARALYZER_THEME.styles[f"yara.{s}"]) for s in ('scanned', 'rules')]
         return self.__text__(*styles)
 
-    def _filename_string(self):
-        """The string to use when exporting this yaralyzer to SVG/HTML/etc"""
+    def _filename_string(self) -> str:
+        """The string to use when exporting this yaralyzer to SVG/HTML/etc."""
         return str(self).replace('>', '').replace('<', '').replace(' ', '_')
 
-    def __text__(self, byte_style: str = 'yara.scanned', rule_style: str = 'yara.rules') -> Text:
-        """Text representation of this YARA scan (__text__() was taken)"""
+    def __text__(self, byte_style: Style | str = 'yara.scanned', rule_style: Style | str = 'yara.rules') -> Text:
+        """Text representation of this YARA scan (__text__() was taken)."""
         txt = Text('').append(self.scannable_label, style=byte_style or 'yara.scanned')
         return txt.append(' scanned with <').append(self.rules_label, style=rule_style or 'yara.rules').append('>')
 
     def __rich_console__(self, _console: Console, options: ConsoleOptions) -> RenderResult:
-        """Does the stuff. TODO: not the best place to put the core logic"""
+        """Does the stuff. TODO: not the best place to put the core logic."""
         yield bytes_hashes_table(self.bytes, self.scannable_label)
 
         for _bytes_match, bytes_decoder in self.match_iterator():
@@ -215,4 +300,5 @@ class Yaralyzer:
                 yield attempt
 
     def __str__(self) -> str:
+        """Plain text (no rich colors) representation of the scan for display."""
         return self.__text__().plain

{yaralyzer-1.0.7.dist-info → yaralyzer-1.0.9.dist-info}/METADATA

@@ -1,20 +1,19 @@
 Metadata-Version: 2.1
 Name: yaralyzer
-Version: 1.0.7
-Summary: Visualize and force decode YARA and regex matches found in a file or byte stream. With colors. Lots of colors.
+Version: 1.0.9
+Summary: Visualize and force decode YARA and regex matches found in a file or byte stream with colors. Lots of colors.
 Home-page: https://github.com/michelcrypt4d4mus/yaralyzer
 License: GPL-3.0-or-later
 Keywords: ascii art,binary,character encoding,color,cybersecurity,data visualization,decode,DFIR,encoding,infosec,maldoc,malicious,malware,malware analysis,regex,regular expressions,reverse engineering,reversing,security,threat assessment,threat hunting,threat intelligence,threat research,threatintel,visualization,yara
 Author: Michel de Cryptadamus
 Author-email: michel@cryptadamus.com
-Requires-Python: >=3.9,<4.0
+Requires-Python: >=3.10,<4.0
 Classifier: Development Status :: 5 - Production/Stable
 Classifier: Environment :: Console
 Classifier: Intended Audience :: Information Technology
 Classifier: License :: OSI Approved :: GNU General Public License v3 or later (GPLv3+)
 Classifier: Programming Language :: Python
 Classifier: Programming Language :: Python :: 3
-Classifier: Programming Language :: Python :: 3.9
 Classifier: Programming Language :: Python :: 3.10
 Classifier: Programming Language :: Python :: 3.11
 Classifier: Programming Language :: Python :: 3.12
@@ -23,12 +22,12 @@ Classifier: Topic :: Artistic Software
 Classifier: Topic :: Scientific/Engineering :: Visualization
 Classifier: Topic :: Security
 Requires-Dist: chardet (>=5.0.0,<6.0.0)
-Requires-Dist: python-dotenv (>=0.21.0,<0.22.0)
+Requires-Dist: python-dotenv (>=1.1.1,<2.0.0)
 Requires-Dist: rich (>=14.1.0,<15.0.0)
 Requires-Dist: rich-argparse-plus (>=0.3.1,<0.4.0)
 Requires-Dist: yara-python (>=4.5.4,<5.0.0)
 Project-URL: Changelog, https://github.com/michelcrypt4d4mus/yaralyzer/blob/master/CHANGELOG.md
-Project-URL: Documentation, https://github.com/michelcrypt4d4mus/yaralyzer
+Project-URL: Documentation, https://michelcrypt4d4mus.github.io/yaralyzer/
 Project-URL: Repository, https://github.com/michelcrypt4d4mus/yaralyzer
 Description-Content-Type: text/markdown
 
@@ -79,7 +78,7 @@ YARA just tells you the byte position and the matched string but it can't tell y
 
 Enter **The Yaralyzer**, which lets you quickly scan the regions around matches while also showing you what those regions would look like if they were forced into various character encodings.
 
-It's important to note that **The Yaralyzer** isn't a full on malware reversing tool. It can't do all the things a tool like [CyberChef](https://gchq.github.io/CyberChef/) does and it doesn't try to. It's more intended to give you a quick visual overview of suspect regions in the binary so you can hone in on the areas you might want to inspect with a more serious tool like [CyberChef](https://gchq.github.io/CyberChef/).
+**The Yaralyzer** isn't a malware reversing tool. It can't do all the things a tool like [CyberChef](https://gchq.github.io/CyberChef/) does and it doesn't try to. It's more intended to give you a quick visual overview of suspect regions in the binary so you can hone in on the areas you might want to inspect with a more serious tool like [CyberChef](https://gchq.github.io/CyberChef/).
 
 # Installation
 Install it with [`pipx`](https://pypa.github.io/pipx/) or `pip3`. `pipx` is a marginally better solution as it guarantees any packages installed with it will be isolated from the rest of your local python environment. Of course if you don't really have a local python environment this is a moot point and you can feel free to install with `pip`/`pip3`.
@@ -87,6 +86,7 @@ Install it with [`pipx`](https://pypa.github.io/pipx/) or `pip3`. `pipx` is a ma
 pipx install yaralyzer
 ```
 
+
 # Usage
 Run `yaralyze -h` to see the command line options (screenshot below).
 
@@ -100,7 +100,7 @@ If you place a file called `.yaralyzer` in your home directory or the current wo
 Only one `.yaralyzer` file will be loaded and the working directory's `.yaralyzer` takes precedence over the home directory's `.yaralyzer`.
 
 ### As A Library
-[`Yaralyzer`](yaralyzer/yaralyzer.py) is the main class. It has a variety of constructors supporting:
+[`Yaralyzer`](yaralyzer/yaralyzer.py) is the main class. Auto generated documentation for `Yaralyzer`'s various classes and methods can be found [here](https://michelcrypt4d4mus.github.io/yaralyzer/). It has a variety of [alternate constructors](https://michelcrypt4d4mus.github.io/yaralyzer/api/yaralyzer/) supporting:
 
 1. Precompiled YARA rules
 1. Creating a YARA rule from a string
@@ -109,7 +109,7 @@ Only one `.yaralyzer` file will be loaded and the working directory's `.yaralyze
 1. Scanning `bytes`
 1. Scanning a file
 
-Should you want to iterate over the `BytesMatch` (like a `re.Match` object for a YARA match) and `BytesDecoder` (tracks decoding attempt stats) objects returned by The Yaralyzer, you can do so like this:
+Should you want to iterate over the [`BytesMatch`](https://michelcrypt4d4mus.github.io/yaralyzer/api/bytes_match/) (like a `re.Match` object for a YARA match) and [`BytesDecoder`](https://michelcrypt4d4mus.github.io/yaralyzer/api/bytes_decoder/) (tracks decoding attempt stats) objects used by The Yaralyzer, you can do so like this:
 
 ```python
 from yaralyzer.yaralyzer import Yaralyzer
@@ -120,6 +120,7 @@ for bytes_match, bytes_decoder in yaralyzer.match_iterator():
     do_stuff()
 ```
 
+
 # Example Output
 The Yaralyzer can export visualizations to HTML, ANSI colored text, and SVG vector images using the file export functionality that comes with [Rich](https://github.com/Textualize/rich) as well as a (somewhat limited) plain text JSON format. SVGs can be turned into `png` format images with a tool like [Inkscape](https://inkscape.org/) or `cairosvg`. In our experience they both work though we've seen some glitchiness with `cairosvg`.
 

yaralyzer-1.0.9.dist-info/RECORD

@@ -0,0 +1,32 @@
+.yaralyzer.example,sha256=z3_mk41xxm0Pr_8MGM7AKQG0xEFRtGcyJLboMuelRp4,3504
+CHANGELOG.md,sha256=lepFLLmnoHWaac4ae49WqSbpqXXxge2S2mDvE2qbixE,3408
+LICENSE,sha256=OXLcl0T2SZ8Pmy2_dmlvKuetivmyPd5m1q-Gyd-zaYY,35149
+yaralyzer/__init__.py,sha256=FHfzll5jfldsqx3pXVBPu9xwDqFKjEVfTL7dha9BYX8,2793
+yaralyzer/bytes_match.py,sha256=ROMv9gK0R1bDP5IpheNyxQ44_oEJPkHn_XYwkoIYKdQ,10901
+yaralyzer/config.py,sha256=uVT8Jjw6kViH_PvBQ0etaH3JXPWOIXgiaoAv3ompnJA,4558
+yaralyzer/decoding/bytes_decoder.py,sha256=8uKmqXEchjhTFULrcIKk699bfbBJrwvr9A8GlzCq0Z0,10200
+yaralyzer/decoding/decoding_attempt.py,sha256=gUroTUSgWrgD-EZH8t5vsdDk0DSPqHMt0ow947sSFok,10290
+yaralyzer/encoding_detection/character_encodings.py,sha256=_b3Vk5abAcKVDZ7QQyrAMQODAgMjG54AjqxdSGSdaj0,5637
+yaralyzer/encoding_detection/encoding_assessment.py,sha256=q7wa2rls5nXEioX9UqzaNk4TxdW5WKzXjQik9e9AHs4,3262
+yaralyzer/encoding_detection/encoding_detector.py,sha256=9zV1ZA6D3z9t6-Bz2IhcmqufJ_7zGJ0Rzh2gn0fmaO8,6487
+yaralyzer/helpers/bytes_helper.py,sha256=7l0EycirLsPl--BakAEH-P7ruAgGgu75zYEfiw0OwO4,10212
+yaralyzer/helpers/dict_helper.py,sha256=rhyu-xlpl4yevXdLZUIgVwap0b57O9I3DNAEv8MfTlI,186
+yaralyzer/helpers/file_helper.py,sha256=tjiwCr8EMFHHmX4R13J4Sba5xv0IWXhEGyWUvGvCSa8,1588
+yaralyzer/helpers/list_helper.py,sha256=zX6VzJDbnyxuwQpth5Mc7k7yeJytqWPzpo1v5nXCMtE,394
+yaralyzer/helpers/rich_text_helper.py,sha256=7h3MOORdfZ8vrfUJ5sei4GOMxyfTonxmzii_VhrJZ6U,4383
+yaralyzer/helpers/string_helper.py,sha256=8XsvYlKn-fGhKihfJBOG6mqi5nV_8LM-IWgHzvkRgCc,933
+yaralyzer/output/decoding_attempts_table.py,sha256=wQ3cyN9czZkC3cbwjgflSu0t4wDKGDIs5NPOE6UwBLk,5004
+yaralyzer/output/file_export.py,sha256=iTlCYErquuy6tqBZ1_BQHxBk-6jZ2ihTnGe83HEI_5o,3300
+yaralyzer/output/file_hashes_table.py,sha256=pKbIc1bHJIIorqk9R2gz3IhTxKJpYU1TioGgceyoxiI,2615
+yaralyzer/output/regex_match_metrics.py,sha256=ZQjzePPXpq_g99KNQjHrRQ1N6u_OUxD32uf9xnqcOw8,4341
+yaralyzer/output/rich_console.py,sha256=mQEK0hq2qyCzqebzNDmNTqG2O8pqwBKs_UFIC0DEvxM,5124
+yaralyzer/util/argument_parser.py,sha256=ZOsBf5xkAWHFSWPbZt7_OdkYHIY3RIjtK1QIXOj2g6U,13281
+yaralyzer/util/logging.py,sha256=aBvpNukwZTGOgzm_zpwWzTWFrptThk-g2cqi8D4Fkmo,4616
+yaralyzer/yara/yara_match.py,sha256=BwWbVgYYCybT9TMhWgkT5vA54C9XJ7fAmGf6JKncjhA,5845
+yaralyzer/yara/yara_rule_builder.py,sha256=PeuhPtO4FvXJoTegQr0NXwGpX7wxPfGzAO1tMozaZd8,4535
+yaralyzer/yaralyzer.py,sha256=CLczlTW2ppyoChkPIGvQWwAo-5F0LG_rMEJpCy4cucg,13813
+yaralyzer-1.0.9.dist-info/LICENSE,sha256=OXLcl0T2SZ8Pmy2_dmlvKuetivmyPd5m1q-Gyd-zaYY,35149
+yaralyzer-1.0.9.dist-info/METADATA,sha256=sN9ZZxRsjj79m5miQ535kers7OVuSYLcvB6Uuu8COqY,11255
+yaralyzer-1.0.9.dist-info/WHEEL,sha256=d2fvjOD7sXsVzChCqf0Ty0JbHKBaLYwDbGQDwQTnJ50,88
+yaralyzer-1.0.9.dist-info/entry_points.txt,sha256=7LnLJrNTfql0vuctjRWwp_ZD-BYvtv9ENVipdjuT7XI,136
+yaralyzer-1.0.9.dist-info/RECORD,,

yaralyzer-1.0.7.dist-info/RECORD

@@ -1,32 +0,0 @@
-.yaralyzer.example,sha256=z3_mk41xxm0Pr_8MGM7AKQG0xEFRtGcyJLboMuelRp4,3504
-CHANGELOG.md,sha256=UHpQ3BD0GvGKBE6uX9MrUvLyK0qDi_bY7BlElM9JuWk,3001
-LICENSE,sha256=OXLcl0T2SZ8Pmy2_dmlvKuetivmyPd5m1q-Gyd-zaYY,35149
-yaralyzer/__init__.py,sha256=xR5L4w3HQYiQeRUmhI89G4z0mgGF5tFZ4s5DibVbMiQ,2619
-yaralyzer/bytes_match.py,sha256=HiN5Afnx64ReolQuLJzx827VOZ9Okb7ix2GfZNUEe4U,8091
-yaralyzer/config.py,sha256=zQbDFlTxNrA_ViBJ6ocpGQFaPBCJNWPxgSwNwVspzuE,3942
-yaralyzer/decoding/bytes_decoder.py,sha256=3AT1xvHd2Uh-5lVRAq-iybtw4w-iZtTMeqD-5qVq8zc,8596
-yaralyzer/decoding/decoding_attempt.py,sha256=Wi82uQHsz7-GBvt7i6QbaxgGBIU9o1t-VyqpEmBuQE0,8460
-yaralyzer/encoding_detection/character_encodings.py,sha256=DvsBcUFLLsd5yzv3kGtGMhEME2noELysq-pZMjt17ZU,5463
-yaralyzer/encoding_detection/encoding_assessment.py,sha256=fmA3XlFw3-s7rMgn-E_DTnZk2JDGcw93bGvSkjNI2WM,2350
-yaralyzer/encoding_detection/encoding_detector.py,sha256=xpyWyIpcFzR84Hx_HnlekLQsAjUhP6etwYjZ11myPG0,4683
-yaralyzer/helpers/bytes_helper.py,sha256=MZakPrba_8CRUFx60Z8vwf7tozYX8ZuyCN2FudJYfcY,7440
-yaralyzer/helpers/dict_helper.py,sha256=hp96ZLzKDvacb9iJh1386ciXx-XejSGiPzllB7WhDZw,185
-yaralyzer/helpers/file_helper.py,sha256=uf8dTOhRrJng0V36o7Mwk5t-L5gc4_uOaGj9F0s5OBA,1254
-yaralyzer/helpers/list_helper.py,sha256=zX6VzJDbnyxuwQpth5Mc7k7yeJytqWPzpo1v5nXCMtE,394
-yaralyzer/helpers/rich_text_helper.py,sha256=PYHne9bBVnotb0d7i55TETJjOTshEVU87i0gE0MLOuc,4195
-yaralyzer/helpers/string_helper.py,sha256=AT2_CAgpvtp8GiUSKLTiDoToDD3tBB9BbrlX-s2bL7o,932
-yaralyzer/output/decoding_attempts_table.py,sha256=x6AViJqAj7ept92OXWl9-PVk8MyBSyYt62mUgJjsP7U,4040
-yaralyzer/output/file_export.py,sha256=J7La_7ryg6mMipbeBUYGPFJrkgshn14ERoayCrnFHtc,2901
-yaralyzer/output/file_hashes_table.py,sha256=bM7xl8ucgrNxWVSUXfOLrtei2rDbrL1a8nV-Q2uGtok,1616
-yaralyzer/output/regex_match_metrics.py,sha256=deJPaVnhpy-AUX6PCE_jbPLIlmfIOtl-cEVWsiFp3KY,3003
-yaralyzer/output/rich_console.py,sha256=yME6giQosel8XlEnnHhQGMYishGCRWL9wrpkoyrICjc,4249
-yaralyzer/util/argument_parser.py,sha256=tLLTet7I3LBnvMxJ3epcSIrbKkwjqGzSipO2netZTsw,12924
-yaralyzer/util/logging.py,sha256=tPtAeZQf1VassyHTxgR69Y7t1Y6v6SmDWel2-Og93kA,4239
-yaralyzer/yara/yara_match.py,sha256=F_1tn1ynbTwzOWSblis02DlVunn-vY3IPX8QjJhukMs,5118
-yaralyzer/yara/yara_rule_builder.py,sha256=P7NPzMMz03V1rDH3PMwb3VAbpBFD-oLNkiCIJAtLa7A,2990
-yaralyzer/yaralyzer.py,sha256=3EIiDHHbi_fjWdCmMnDEW8ZGWxL6xPeNxt58oTeZxJw,9291
-yaralyzer-1.0.7.dist-info/LICENSE,sha256=OXLcl0T2SZ8Pmy2_dmlvKuetivmyPd5m1q-Gyd-zaYY,35149
-yaralyzer-1.0.7.dist-info/METADATA,sha256=a3aiyG-MzWHoiJ55dkDSOkC_G4gFCeIHfhpjh2F2zS4,10993
-yaralyzer-1.0.7.dist-info/WHEEL,sha256=d2fvjOD7sXsVzChCqf0Ty0JbHKBaLYwDbGQDwQTnJ50,88
-yaralyzer-1.0.7.dist-info/entry_points.txt,sha256=7LnLJrNTfql0vuctjRWwp_ZD-BYvtv9ENVipdjuT7XI,136
-yaralyzer-1.0.7.dist-info/RECORD,,