A Go library that parses and manipulates YARA rulesets using the exact grammar of libyara for seamless rule editing and conversion.
Tools for parsing rulesets using the exact grammar as YARA. Written in Go.
This tool is designed for developers and security researchers who need to programmatically read, modify, and serialize YARA rulesets without altering their original syntax or behavior. It is particularly useful for automating rule management, integrating YARA rules into security automation workflows, and converting rules to and from JSON for cross-language manipulation.
The tool requires Go 1.10 or newer due to usage of modern Go features. The grammar and lexer files are frozen to maintain compatibility with libyara, so rebuilding them is unnecessary. While `j2y` supports JSON to YARA conversion, users should be aware of potential limitations in this process. Ensure that `$GOPATH/bin` is included in your system PATH to access installed CLI tools.
Ensure Go version 1.10 or higher is installed
Run `go get -u github.com/Northern-Lights/yara-parser/...` to install or update the entire project
Run `go get -u github.com/Northern-Lights/yara-parser/cmd/y2j` to install the YARA to JSON converter
Run `go get -u github.com/Northern-Lights/yara-parser/cmd/j2y` to install the JSON to YARA converter
Run `go get -u github.com/Northern-Lights/yara-parser/grammar` to install the grammar library aloney2j --help
Displays help and usage options for the YARA to JSON conversion tool
y2j -indent 4 -o output.json sample.yar
Converts a YARA ruleset file 'sample.yar' to a JSON file 'output.json' with 4 spaces indentation
go get -u github.com/Northern-Lights/yara-parser/cmd/y2j
Installs the `y2j` command line tool for YARA to JSON conversion
go get -u github.com/Northern-Lights/yara-parser/cmd/j2y
Installs the `j2y` command line tool for JSON to YARA conversion