A simple service to test your Yara rules against a large set of malicious and identified files
Did it happen to you that you wanted to quickly test a Yara rule your created, but you are missing a large enough data set to test your rule against? This is exactly where Yara Scan is designed for. You submit your Yara rule to the service and a short while later you will receive an email with the results of Yara scan over our large collection of malicious samples. And the best part? Most files are identified by a signature, making it easier to identify if your rule matches for the right malware samples.
Upload your Yara rule, share your username and email address and a few minutes later you will get the results in a nicely formatted JSON file.
You can also submit your Yara rule via the API endpoint to start a Yara scan. Simple use the examples below to submit your rules.
Please reach out to obtain your personal API key.
curl -X POST --header "APIKEY: YOURKEY" -F file[]=@"myrule.yar" "https://riskmitigation.ch/yara-scan/api/"
You can submit several Yara rules with one request by using the file[] array.
You can use the below script as following
$ ./yara_scan_upload.py -h
usage: yara_scan_upload.py [-h] -f FILE [FILE ...] [-a apikey]
Upload a Yara rule to be scanned on Yara Scan Service
optional arguments:
-h, --help show this help message and exit
-f FILE [FILE ...], --file FILE [FILE ...]
Yara rules(s) to upload (required)
-a apikey, --apikey apikey
Your personal API key
Source code of yara_scan_upload.py: yara-scan-service GitHub repository
As of October 2024, the API will always respond with:
Send us your question with the form below.
By using the Yara Scan Service, you accept the following terms of service: