spyre
spyre copied to clipboard
spyre-project
Scan Modules
Hi, as I'm trying to use spyre, I successfully installed all packages. On a Kali Linux, I'm trying to launch the spyre running file. As I don't know much about yara scanning modules, I copy/pasted the filescan.yar and procscan.yar files from spyre/scanner.yara. Then, launching the running program, here's the error that pops up : 2021/10/25 14:26:13 Error initializing YARA-file module: syntax error, unexpected identifier 2021/10/25 14:26:13 Error initializing YARA-proc module: syntax error, unexpected identifier
Would you mind providing me with help concerning this error ? If it wouldnt bother you, maybe having an example file of these .yara files, and kind of a userguide to know how and where to put these said-scanning modules. Thank you very much for your help and for providing such an interesting tool,
Sure. It looks like libyara is not able to parse your rule files. Can you provide the spyre.yaml and the YARA rule files you are using?
You may also be able to use the yara command line tool to get better diagnostics about the syntax errors in the rule files.
Hi, actually, I'm using the example-file spyre.yaml that was provided raw on the rep, I pasted it on the wanted _build, and I have really small clues on where to find/provide yara rules and files, and also where to actually put these files. It is actually my first time with yara modules.
Thank you so much, would you mind upping this issue topic whenever an example is provided on the project source ? A kind of "default version" would really help ! Thanks again for your dedication
I have just pushed a change that contains some example config + ruleset. Would this have helped you enough if it had been there when you found Spyre? If you feel that there's room for improvement in the example, feel free to open a PR.
('m aware that configuration for custom modules is still missing, I'll need to look around for some indicators that demonstrate general usefulness.)