Ghidraaas

  •        45

Ghidraaas is a simple web server that exposes Ghidra analysis through REST APIs. The project includes three Ghidra plugins to analyze a sample, get the list of functions and to decompile a function. Ghidraaas is also the backend of GhIDA, the IDA plugin that integrates the Ghidra decompiler in IDA Pro.

https://github.com/Cisco-Talos/Ghidraaas

Tags
Implementation
License
Platform

   




Related Projects

GhIDA

  •    Python

GhIDA is an IDA Pro plugin that integrates the Ghidra decompiler in IDA. Select a function, both in the Graph view or in the Text View. Then, Press CTRL+ALT+D or (Edit > Plugins > GhIDA Decompiler). Wait a few seconds and a new window will open showing the decompiled code of the function.

rz-ghidra - Deep ghidra decompiler and sleigh disassembler integration for rizin

  •    C++

This package only installs the rizin part. To use rz-ghidra from cutter, either use a provided pre-built release starting with Cutter 1.9, which bundles rz-ghidra, or follow the build instructions below. Here, ghidra.sleighhome must point to a directory containing the *.sla, *.lspec, ... files for the architectures that should supported by the decompiler. This is however set up automatically when using the rz-pm package or installing as shown below.

MBRFilter - Cisco Talos MBR Filter Driver

  •    C

Cisco Talos MBR Filter Driver

flare-ida - IDA Pro utilities from FLARE team

  •    Python

This repository contains a collection of IDA Pro scripts and plugins used by the FireEye Labs Advanced Reverse Engineering (FLARE) team. To install, copy the contents of the plugins directory in this repository to your %PROGRAMFILES%\IDA\plugins folder.

clamav-devel - ClamAV Development - FAQ is here: https://github.com/Cisco-Talos/clamav-faq

  •    C++

ClamAV® is an open source antivirus engine for detecting trojans, viruses, malware & other malicious threats. The ClamAV documentation can be found in locally in docs/UserManual.md with additional information online in our FAQ.


Sark - IDAPython Made Easy

  •    Python

IDA Plugins & IDAPython Scripting Library. For documentation, see sark.rtfd.io.

ida

  •    Python

Collection of IDA Python plugins/scripts/modules.

ipyida - IPython console integration for IDA Pro

  •    Python

IPyIDA is a python-only solution to add an IPython console to IDA Pro. Use <Shift-.> to open a window with an embedded Qt console. You can then benefit from IPython’s autocompletion, online help, monospaced font input field, graphs, and so on. You can also connect to the kernel outside of IDA using ipython console --existing.

Talos

  •    VB

Talos is a flexible automated software deployment tool/framework intended for small/medium size enterprises. Software, updates and patches can be automatically scheduled, deployed and installed on the desktop from source repositories across a network.

talos

  •    C

Talos is a *MALWARE-PROOF* operation system.

sk3wldbg - Debugger plugin for IDA Pro backed by the Unicorn Engine

  •    C++

This is the Sk3wlDbg plugin for IDA Pro. It's purpose is to provide a front end for using the Unicorn Engine to emulate machine code that you are viewing with IDA. The plugin is dependent on the Unicorn engine. Because IDA is 32-bit, you MUST have a 32-bit build of the Unicorn library for your IDA platform (Windows, Linux, OS X).

FLIRTDB - A community driven collection of IDA FLIRT signature files

  •    Max

Fast Library Identification and Recognition Technology, also known as FLIRT, is IDA's internal symbols identifier that searches through disassembled binaries in order to locate, rename, and highlight known library subroutines. FLIRT elimates the need to analyze functions that could be understood simply by reading documentation or source code from the library it came from and reduces the amount of work required in order to reverse and understand symbol-stripped binaries by a considerable amount. The input to the system is a library file (.lib on Windows) from a library of choice while the output is a signature file (.sig) stored under /sig (and only there or else IDA won't find it). Using one of the tools (plb/pcf/pelf) (provided here for paying customers) you convert all the functions in the library to signatures stored in a PAT file (.pat). The final stage in creating a signature file involves converting the generated PAT file into a .sig file usable by IDA with the use of sigmake. The problem with this is that sometimes collisions will exist for signatures since the method Hex-Rays uses is not fool proof. When an error occurs an EXC (.exc) file is created. In order to ignore collisions, simply edit this file by removing the first few comments (lines that start with ';') and re-run sigmake.

ida-efiutils - Some scripts for IDA Pro to assist with reverse engineering EFI binaries

  •    C

Some IDA scripts to assist with reverse engineering EFI executables. This is my first attempt at IDA scripting, so please forgive me and let me know if I've reinvented wheels/done anything silly.

IDA-Pro-Code

  •    

The goal of IDA-Pro-Code is to provide support for auditing applications including binary audits through extensions of the IDA Pro disassembler by DataRescue sa/nv and/or HexRays.com.

python-idb - Pure Python parser and analyzer for IDA Pro database files (.idb).

  •    Python

python-idb is a library for accessing the contents of IDA Pro databases (.idb files). It provides read-only access to internal structures such as the B-tree (ID0 section), name address index (NAM section), and flags index (ID2 section). The library also provides analysis of B-tree entries to expose logical structures like functions, cross references, bytes, and disassembly (via Capstone). An example use for python-idb might be to run IDA scripts in a pure-Python environment. Willem Hengeveld (mailto:itsme@xs4all.nl) provided the initial research into the low-level structures in his projects pyidbutil and idbutil. Willem deserves substantial credit for reversing the .idb file format and publishing his results online. This project heavily borrows from his knowledge, though there is little code overlap.

IDASkins - Advanced skinning plugin for IDA Pro

  •    Python

Plugin providing advanced skinning support for IDA Pro utilizing Qt stylesheets, similar to CSS. The screenshot above shows the "IDASkins Dark" theme in combination with the idaConsonance theme.

retdec-idaplugin - IDA plugin for RetDec.

  •    C++

RetDec plugin for IDA (Interactive Disassembler). Currently, we officially support only Windows and Linux. It may be possible to build macOS version from the sources, but since we do not own a macOS version of IDA, we cannot create a pre-built package, or continually make sure the macOS build is not broken.

ScyllaHide - Fork of ScyllaHide: https://bitbucket.org/NtQuery/scyllahide, Releases:

  •    C++

ScyllaHide is an advanced open-source x64/x86 usermode Anti-Anti-Debug library. It hooks various functions in usermode to hide debugging. This tool is intended to stay in usermode (ring3). If you need kernelmode (ring0) Anti-Anti-Debug please see TitanHide https://github.com/mrexodia/titanhide. PE x64 debugging is fully supported with plugins for x64dbg and IDA.

Cisco voice web interface

  •    Perl

Cisco voice web interface is a web tool designed to help maintaining VoIP on cisco platforms. Based on a set of perl parser's it now allow's to perform quite all operation's needed to check voice call's. In close future planned to add dial-peer crea






We have large collection of open source products. Follow the tags from Tag Cloud >>


Open source products are scattered around the web. Please provide information about the open source projects you own / you use. Add Projects.