This script is a parsing tool for Yara Scan Service's JSON output file. Yara Scan Service allows to quickly test your YARA rule against a large collection of malicious samples. It helps assure your rule only matches the malware family you are looking for. The output is a JSON file containing all the matched samples. The JSON file contains a lot of information, and yaraScanParser is meant to help you maximize its benefits.

yaraScanParser allows you to:

• Save time by parsing the Yara Scan Service results automatically
• Get information about wanted matches and false positives of your rule
• Get the matched files' hash values in a format that can be easily inserted to your Yara rule's metadata section

• Python

To use this tool, you must have Python installed.

Clone the repo

git clone https://github.com/Sh3llyR/yaraScanParser.git

• Parameters -o and -m are OPTIONAL
• When -o parameter is omitted, the output file is saved in the script's directory
• When -m parameter is omitted, the value of the first 'malware' key in the JSON file is used

Usage examples:

• python yaraScanParser.py -i yara_scan_service_results.json -o output.txt -m CobaltStrike
• python yaraScanParser.py -i yara_scan_service_results.json -o output.txt -m CobaltStrike,DarkComet,QuasarRAT
• python3 yaraScanParser.py -i yara_scan_service_results.json

Project Link: https://github.com/Sh3llyR/yaraScanParser

• Yara Scan Service
• Yara Scan Service Github Repository
• Img Shields