Skip to content

Instantly share code, notes, and snippets.

@xorhex

xorhex/Dockerfile

Last active December 6, 2021 00:10
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save xorhex/62d648ded7c5f002a95e23d506b6e80d to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save xorhex/62d648ded7c5f002a95e23d506b6e80d to your computer and use it in GitHub Desktop.
Download ZIP
YARA Console Branch - Docker
Raw
README.md

Build

  • Save below Dockerfile gist as Dockerfile
  • Build docker build Dockerfile -t yara_console

Run

docker run -v <local_rule_dir>:/home/yara/rules -v <local_malware_dir>:/home/yara/malware -t yara_console <rule_file_name.yar> ../malware/<malware_file_name>

docker-yara-console-example

Raw
Dockerfile
FROM debian:bookworm-slim
RUN apt update && apt -y upgrade && apt install -y git automake libtool make gcc pkg-config libssl-dev libjansson-dev libmagic-dev bash && apt clean
RUN addgroup --gid 1835 yara; adduser --system -uid 1835 --gid 1835 --shell /bin/bash yara
RUN mkdir /home/yara/app && mkdir /home/yara/rules && mkdir /home/yara/malware
RUN chown -R yara:yara /home/yara/app; chown -R yara:yara /home/yara/rules; chown -R yara:yara /home/yara/malware;
USER yara
WORKDIR /home/yara/app
RUN git clone https://github.com/wxsBSD/yara.git console
WORKDIR /home/yara/app/console
RUN git checkout console
RUN ./bootstrap.sh && ./configure --enable-cuckoo --enable-magic --enable-dotnet --enable-console
RUN make
USER root
RUN make install
RUN echo "/usr/local/lib" >> /etc/ld.so.conf; ldconfig
USER yara
WORKDIR /home/yara/rules
ENTRYPOINT [ "yara"]
Raw
rule.yar
import "pe"
import "console"
rule console_test {
meta:
author = "xorhex"
description = "Example rule showing how to use the YARA console plugin"
strings:
$1 = { 48 83 3D 54 }
condition:
console.hex(int32(@1))
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment