Skip to main content
VulHunt rules are written in Lua; however, you don’t need to be proficient in Lua to write rules. Lua is used primarily as a container format, and the language is extended with functions that simplify rule creation. VulHunt rules are collections of fields, as defined in the following table: These rule fields can be roughly divided into three categories:
  1. Metadata: Includes information such as the author and rule name, providing context about the rule itself.
  2. Filtering: Defines the conditions under which the rule should be executed, such as the target platform or architecture.
  3. Detection: Specifies the core logic of the rule, including signatures, types, and scopes used to identify a vulnerability in a binary file.

Example

The following example shows a sample value for each of the rule fields. A comprehensive overview and the valid values for the fields can be found in the VulHunt Reference.
examples/rule-fields.lua