Allow `rz-find` to use the Yara plugin for searching among files

rizinorg / rizin

UNIX-like reverse engineering framework and command-line toolset.

https://rizin.re

GNU Lesser General Public License v3.0

2.73k stars 363 forks source link

Allow `rz-find` to use the Yara plugin for searching among files #4406

Open XVilka opened 8 months ago

XVilka commented 8 months ago

Currently, rizin has the Yara plugin: https://github.com/rizinorg/rz-libyara Also, rz-find is able to search among directories and files recursively.

We should allow rz-find to use Yara signatures as well if rz-libyara is installed.

LukeTheEngineer commented 8 months ago

Seems like something nice for the backburner. I'll look into it.

XVilka commented 7 months ago

One way to approach this would be modifying rz-libyara plugin to use the RzIO instead of the RzCore, and RzIO is easily accessible in librz/main/rz-diff.c file.