GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → Cisco-Talos → Ghidraaas

Cisco-Talos / Ghidraaas

Licence: apache-2.0

Programming Languages

python
139335 projects - #7 most used programming language

Labels

ida

Projects that are alternatives of or similar to Ghidraaas

Necromancer
IDA Pro V850 Processor Module Extension
Stars: ✭ 21 (-87.79%)
Mutual labels:  ida
Flare Ida
IDA Pro utilities from FLARE team
Stars: ✭ 1,374 (+698.84%)
Mutual labels:  ida
Rematch
REmatch, a complete binary diffing framework that is free and strives to be open source and community driven.
Stars: ✭ 141 (-18.02%)
Mutual labels:  ida
Etwbreaker
An IDA plugin to deal with Event Tracing for Windows (ETW)
Stars: ✭ 39 (-77.33%)
Mutual labels:  ida
Androidattacher
IDA debugging plugin for android armv7 so
Stars: ✭ 87 (-49.42%)
Mutual labels:  ida
Reversing List
Reversing list
Stars: ✭ 106 (-38.37%)
Mutual labels:  ida
Keypatch
Multi-architecture assembler for IDA Pro. Powered by Keystone Engine.
Stars: ✭ 939 (+445.93%)
Mutual labels:  ida
Dwarfexport
Export dwarf debug information from IDA Pro
Stars: ✭ 164 (-4.65%)
Mutual labels:  ida
Ida For Delphi
IDA Python Script to Get All function names from Event Constructor (VCL)
Stars: ✭ 92 (-46.51%)
Mutual labels:  ida
Jarvis
"Just Another ReVersIng Suite" or whatever other bullshit you can think of
Stars: ✭ 137 (-20.35%)
Mutual labels:  ida
Redasm
The OpenSource Disassembler
Stars: ✭ 1,042 (+505.81%)
Mutual labels:  ida
Defcon 2017 Tools
DEFCON CTF 2017 Stuff of Shit by HITCON
Stars: ✭ 86 (-50%)
Mutual labels:  ida
Ida nightfall
A dark color theme for IDA Pro
Stars: ✭ 129 (-25%)
Mutual labels:  ida
Ida Cmake
IDA plugin CMake build-script
Stars: ✭ 30 (-82.56%)
Mutual labels:  ida
Swissarmyknife
x64dbg utility for linker map files, diff files, PEiD/IDA signatures, and code signature generation
Stars: ✭ 147 (-14.53%)
Mutual labels:  ida
Hexrayspytools
IDA Pro plugin which improves work with HexRays decompiler and helps in process of reconstruction structures and classes
Stars: ✭ 873 (+407.56%)
Mutual labels:  ida
Applysig
Apply IDA FLIRT signatures for Ghidra
Stars: ✭ 106 (-38.37%)
Mutual labels:  ida
Mcsema
Framework for lifting x86, amd64, aarch64, sparc32, and sparc64 program binaries to LLVM bitcode
Stars: ✭ 2,198 (+1177.91%)
Mutual labels:  ida
Jni helper
Find JNI function signatures in APK and apply to reverse tools.
Stars: ✭ 154 (-10.47%)
Mutual labels:  ida
Amie
A Minimalist Instruction Extender for the ARM architecture and IDA Pro
Stars: ✭ 136 (-20.93%)
Mutual labels:  ida
View All Similar Projects ➔

Ghidraaas - Ghidra as a Service

Ghidraaas is a simple web server that exposes Ghidra analysis through REST APIs. The project includes three Ghidra plugins to analyze a sample, get the list of functions and to decompile a function.

Ghidraaas is also the backend of GhIDA, the IDA plugin that integrates the Ghidra decompiler in IDA Pro.

How does it work?

Ghidraaas uses Ghidra Headless Analyzer to analyze the submitted sample. Then, the Ghidra project (the *.gpr file and the *.rep folder) is kept on the server until the analysis_terminated API is called. Three Ghidra Python plugins are called by the Headless Analyzer on the sample's project to extract the list of functions and to decompile the requested function.

Features

Ghidraaas implements generic APIs to analyze a sample, get the list of functions and the decompiled code of a function, but it also includes some specific APIs to interact with the GhIDA plugin.

Ghidraaas generic APIs:

  • api/analyze_sample/ Submit a sample for the analysis

  • api/get_functions_list/<sha256> Request the list of functions

  • api/get_functions_list_detailed/<sha256> Request the list of functions with additional details

  • api/get_decompiled_function/<sha256>/<offset> Request to decompile a function

  • api/analysis_terminated/<sha256> Remove the *.gpr file and *.rep project folder related to the sample.

GhIDA specific APIs:

  • api/ida_plugin_checkin/ Sample check-in

  • api/ida_plugin_get_decompiled_function/ Decompile function

  • api/ida_plugin_checkout/ Sample check-out.

An example on how to use the APIs can be found in test.py.

Installation

Lazy installation with Docker

docker_config.json contains the configuration file of Ghidraaas (no changes are needed).

  • Build ghidraaas 
docker build -t ghidraaas .
  • Run ghidraaas docker
docker run -p 8080:8080 -t ghidraaas
  • Test the APIs
cd tests
python3 test.py

Manual installation (no docker)

  • Create a Python3 virtual env
python3 -m virtualenv env
source env/bin/activate
  • Install the required packages
pip install -r requirements.txt
  • Download and unzip the latest Ghidra release
wget -O ghidra.zip https://ghidra-sre.org/ghidra_9.1.2_PUBLIC_20200212.zip
unzip ghidra.zip
rm ghidra.zip

  • Set the ghidra_9.1.2_PUBLIC folder path in GHIDRA_PATH of config.json

  • Launch the server

gunicorn -w 2 -t 300 -b 0.0.0.0:8080 flask_api:app
  • Test the APIs. Open another terminal and type:
cd tests
python3 test.py

Bugs and suggestion

If you discover a bug, or you have any improvements or suggestions, please open an issue.

Be sure to include as many details as possible in order to reproduce the bug.

License

Ghidraaas is licensed under the Apache License 2.0

The original Dockerfile and launch.sh.patch are from bskaggs/ghidra-docker.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].