Happy120312/YARA-Malware-Scanner

# 🛡️ YARA Malware Detection Scanner A Python-based **YARA rule scanner** that detects malicious patterns in files using custom YARA signatures. Built as a cybersecurity college project to demonstrate how security tools identify threats through pattern matching. ## 📸 Screenshots ### 🖥️ Scanner Output  ### 🏗️ Architecture  ## ✨ Features - 🔍 **Pattern-Based Detection** — Uses YARA rules to scan files for malicious signatures - 📁 **Directory Scanning** — Recursively scan entire directories - 📄 **Single File Scanning** — Scan individual files on demand - 🎨 **Color-Coded Output** — Green (clean), Red (malware), Magenta (rule details) - 📋 **Detailed Reports** — Shows matched rule name, description & severity - ⚙️ **Custom Rules** — Easily add your own YARA detection rules - 🧪 **Test Files Included** — Comes with sample clean & malicious files for testing ## 🛠️ Tech Stack | Technology | Purpose | |------------|---------| | Python 3 | Core language | | yara-python | YARA rule compilation & matching | | colorama | Colored terminal output | | argparse | CLI argument parsing | ## 🚀 Getting Started ### Prerequisites - Python 3.8+ installed - pip package manager ### Installation # Clone the repository git clone https://github.com/Happy120312/YARA-Malware-Scanner.git cd YARA-Malware-Scanner # Install dependencies pip install -r requirements.txt ### Usage # Scan the current directory (default) python scanner.py # Scan a specific directory python scanner.py --target /path/to/scan # Use custom YARA rules python scanner.py --rules my_rules.yar --target /path/to/scan # Scan a single file python scanner.py --target suspicious_document.pdf ## 📂 Project Structure YARA-Malware-Scanner/ ├── scanner.py # Main scanner engine ├── requirements.txt # Python dependencies ├── README.md # Documentation ├── output.png # Scanner terminal output screenshot ├── architecture.png # Project architecture diagram ├── detect.yar # YARA detection rules ├── clean_file.txt # ✅ Benign test file (no matches) ├── malicious_file.bin # 🚨 Contains mock malware payload └── suspicious_file.txt # ⚠️ Contains simulated data leak ## 📜 YARA Rules The project includes 2 custom detection rules: | Rule | Severity | Detects | |------|----------|---------| | `Detect_Dummy_Malware` | 🔴 High | Mock malware payload signature | | `Detect_Confidential_Leak` | 🟡 Medium | Simulated data leak patterns | ### Adding Custom Rules Create a `.yar` file in the repository folder: rule My_Custom_Rule { meta: description = "Detects custom malicious pattern" author = "Your Name" severity = "High" strings: $pattern = "MALICIOUS_STRING" condition: $pattern } ## 🔄 How It Works ┌─────────────────┐ ┌──────────────────┐ ┌─────────────────┐ │ YARA Rules │────▶│ Python Scanner │────▶│ Target Files │ │ (detect.yar) │ │ (scanner.py) │ │ (current dir) │ └─────────────────┘ └──────────────────┘ └─────────────────┘ │ ▼ ┌──────────────────────┐ │ Scan Results │ │ ✅ CLEAN / 🚨 ALARM │ └──────────────────────┘ 1. **Compile** — YARA rules are compiled from `.yar` files 2. **Scan** — Each file is matched against all compiled rules 3. **Report** — Results displayed with color-coded severity ## 📊 Sample Output [*] Compiling YARA rules from 'detect.yar'... [+] Rules compiled successfully. === Starting Scan on directory '.' === [+] CLEAN: .\clean_file.txt [!] ALARM: .\malicious_file.bin -> Rule matched: Detect_Dummy_Malware Description: Detects a mock malware payload for testing purposes [!] ALARM: .\suspicious_file.txt -> Rule matched: Detect_Confidential_Leak Description: Detects a test string simulating a data leak === Scan Complete === Total files scanned: 3 Total files flagged: 2 ## ⚠️ Disclaimer This project is built **strictly for educational purposes** as part of a college cybersecurity course. The test files contain mock/dummy data and are NOT actual malware. The tool demonstrates the concept of signature-based threat detection used in real-world antivirus and security products. ## 👨‍💻 Author **Happy Soni** — [GitHub](https://github.com/Happy120312) *"Know your enemy's tools to build better defenses."* 🔐