gitea-mirror/capa
1
0
Fork 0
mirror of https://github.com/mandiant/capa.git synced 2025-12-05 20:40:05 -08:00
Code Issues Packages Projects Releases Wiki Activity
5,848 Commits 42 Branches 48 Tags
master
Commit Graph

343 Commits

Author SHA1 Message Date
Matthew Haigh
503c34b8f9 added mailinglist cta (#2744) 
* added mailinglist cta

* Update README.md

Added mailto: link for better user experience

Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>

---------

Co-authored-by: Matt Haigh <matthaigh@google.com>
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
 2025-11-03 09:11:14 -07:00
Willi Ballenthin
2b46796d08 Update README.md 
Co-authored-by: Mike Hunhoff <mike.hunhoff@gmail.com>
 2024-12-12 18:49:39 +01:00
Willi Ballenthin
81f7f43b5b readme: avoid scroll on github homepage 2024-12-12 14:17:46 +01:00
Moritz
e07ff1c76c Update web pages (#2354) 
* extend descriptions and improve styling

* s/capa explorer web/capa Explorer Web

* set htmlWhitespaceSensitivity to ignore and reformat
 2024-09-11 20:28:04 +02:00
Moritz
d98c315eb4 Merge branch 'master' into vmray-extractor 2024-08-26 11:31:18 +02:00
Moritz
a5c14c32b8 Merge pull request #2312 from s-ff/edit-explorer-landing-page 
Edit explorer landing page
 2024-08-23 17:30:38 +02:00
Willi Ballenthin
4df8b2b7ed readme: add quick links to header 
closes #2321
 2024-08-22 13:11:07 +02:00
Soufiane Fariss
5b583bdf35 edit main README.md 2024-08-21 18:36:25 +02:00
Yacine
6ff08aeeaf Merge branch 'master' into vmray-extractor 2024-08-17 02:15:01 +01:00
Ana Maria Martinez Gomez
be8499238c ida extractor: extract APIs from renamed globals 
Add support to extract dynamically resolved APIs stored in global
variables that have been renamed (for example using the `renimp.idc`
script included with IDA Pro).
 2024-08-13 17:15:14 +02:00
Moritz
239ad4a17e reorganize and extend readme (#2258) 
* reorganize and extend readme
 2024-08-12 12:50:19 +02:00
Mike Hunhoff
b8d3d77829 vmray: document vmray support in README 2024-07-24 10:35:34 -06:00
Mike Hunhoff
9a1364c21c vmray: document vmray support in README 2024-07-24 10:32:22 -06:00
Yacine
cf3494d427 Add a Feature Extractor for the Drakvuf Sandbox (#2143) 
* initial commit

* update changelog

* Update CHANGELOG.md

* Update pyproject.toml

* Apply suggestions from code review: Typos

Co-authored-by: Vasco Schiavo <115561717+VascoSch92@users.noreply.github.com>

* capa/helpers.py: update if/else statement

Co-authored-by: Vasco Schiavo <115561717+VascoSch92@users.noreply.github.com>

* loader.py: replace print() statement with log.info()

* Update capa/features/extractors/drakvuf/models.py

Co-authored-by: Moritz <mr-tz@users.noreply.github.com>

* extractors/drakvuf/call.py: yield arguments right to left

* extractors/drakvuf/file.py: add a TODO comment for extracting more file features

* extractors/drakvuf/global_.py: add arch extraction

* extractors/drakvuf/helpers.py: ignore null pids

* capa/helpers.py: mention msgspec.json explicitely

* capa/helpers.py: generalize empty sandbox reports error logging

* capa/loader.py: log jsonl garbage collection into debug

* features/extractors/drakvuf/models.py: add documentation for SystemCall class

* capa/main.py: fix erroneous imports

* drakvuf extractor: fixed faulty type annotations

* fix black formatting

* fix flake8 issues

* drakvuf file extraction: add link to tracking issue

* drakvuf reports: add the ability to read gzip-compressed report files

* capa/helpers.py: fix mypy issues

* apply review comments

* drakvuf/helpers.py: add more information about null pid

* drakvuf/file.py: remove discovered_dlls file strings extraction

* capa/helpers.py: add comments for the dynamic extensions

* capa/helpers.py: log bad lines

* capa/helpers.py: add gzip support for reading one jsonl line

* drakvuf/helpers.py: add comment for sort_calls()

* tests/fixtures.py: add TODO for unifying CAPE and Drakvuf tests

* drakvuf/models.py: add TODO comment for supporting more drakvuf plugins

* tests/fixtures.py: remove obsolete file strings tests

* Update capa/main.py

Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com>

* Update capa/features/extractors/drakvuf/models.py

Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com>

* Update capa/features/extractors/drakvuf/models.py

Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com>

* Update capa/features/extractors/drakvuf/call.py

Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com>

* Update CHANGELOG.md

Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com>

* Update capa/features/extractors/drakvuf/helpers.py

Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com>

* review comments

* Update capa/features/extractors/drakvuf/extractor.py

Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com>

* Update capa/features/extractors/drakvuf/models.py

Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com>

* styling

* drakvuf/extractor.py: black linting

* drakvuf/models.py: remove need to empty report checking

* tests: add drakvuf models test

* Update capa/features/extractors/drakvuf/global_.py

Co-authored-by: msm-cert <156842376+msm-cert@users.noreply.github.com>

* Update tests/test_cape_features.py

Co-authored-by: msm-cert <156842376+msm-cert@users.noreply.github.com>

* Update capa/features/extractors/drakvuf/models.py

Co-authored-by: msm-cert <156842376+msm-cert@users.noreply.github.com>

* Apply suggestions from code review: rename Drakvuf to DRAKVUF

Co-authored-by: msm-cert <156842376+msm-cert@users.noreply.github.com>

* drakvuf/call.py: use int(..., 0) instead of str_to_number()

* remove str_to_number

* drakvuf/call.py: yield argument memory address value as well

* Update call.py: remove verbosity in yield statement

* Update call.py: yield missing address as well

* drakvuf/call.py: yield entire argument string only

* update readme.md

* Update README.md: typo

* Update CHANGELOG.md

Co-authored-by: msm-cert <156842376+msm-cert@users.noreply.github.com>

---------

Co-authored-by: Vasco Schiavo <115561717+VascoSch92@users.noreply.github.com>
Co-authored-by: Moritz <mr-tz@users.noreply.github.com>
Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com>
Co-authored-by: msm-cert <156842376+msm-cert@users.noreply.github.com>
 2024-07-24 14:22:21 +02:00
RainRat
a4a4016463 fix typos 2024-04-29 23:31:15 -07:00
Ana Maria Martinez Gomez
2252e69eed [CI] Use badge in gist for rules number in README 
Since mandiant/capa-rules#882, the README badge in capa is not updated
anymore via commits anymore, but in a gist.
 2024-02-23 08:40:05 +01:00
Capa Bot
1d78900862 Sync capa rules submodule 2024-02-14 13:57:16 +00:00
Mike Hunhoff
05fb1a5c00 Update Ghidra README (#1979) 2024-02-09 08:58:47 -07:00
Capa Bot
fde1de3250 Sync capa rules submodule 2024-02-05 09:34:46 +00:00
Moritz
034894330b Update blog links 2024-02-01 15:51:49 +01:00
Capa Bot
009cf0c854 Sync capa rules submodule 2024-01-23 09:56:05 +00:00
Capa Bot
0676e80c20 Sync capa rules submodule 2024-01-23 09:42:16 +00:00
Capa Bot
efc26be196 Sync capa rules submodule 2024-01-11 14:20:33 +00:00
Capa Bot
3214ecf0ee Sync capa rules submodule 2024-01-03 16:32:40 +00:00
mr-tz
73ea822123 Merge branch 'master' into dynamic-feature-extraction 2023-11-29 16:17:09 +01:00
Capa Bot
277d7e0687 Sync capa rules submodule 2023-11-29 13:33:01 +00:00
Yacine
e66c2efcf5 add documentation for dynamic capa capabilties (#1837) 
* README: adapt for dynamic capa

* README.md: fix duplication error

* Update README.md

Co-authored-by: Moritz <mr-tz@users.noreply.github.com>

* documentation: add review suggestions

* documentation: newline fix

* Update README.md

Co-authored-by: Moritz <mr-tz@users.noreply.github.com>

* Update README.md

Co-authored-by: Moritz <mr-tz@users.noreply.github.com>

* Update README.md

Co-authored-by: Moritz <mr-tz@users.noreply.github.com>

---------

Co-authored-by: Moritz <mr-tz@users.noreply.github.com>
Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com>
 2023-11-29 14:26:29 +01:00
Capa Bot
347687579c Sync capa rules submodule 2023-11-22 18:05:52 +00:00
Capa Bot
d61d1dc591 Sync capa rules submodule 2023-11-22 13:10:44 +00:00
Capa Bot
235a3bede0 Sync capa rules submodule 2023-11-21 10:52:38 +00:00
Capa Bot
fb1235d26f Sync capa rules submodule 2023-11-20 10:27:11 +00:00
Capa Bot
c37a0e525c Sync capa rules submodule 2023-10-16 14:53:14 +00:00
Capa Bot
77de088ac9 Sync capa rules submodule 2023-10-12 09:01:30 +00:00
Capa Bot
cd268d6327 Sync capa rules submodule 2023-10-10 13:34:52 +00:00
Capa Bot
248a51c15f Sync capa rules submodule 2023-10-10 09:55:31 +00:00
Capa Bot
174c8121ca Sync capa rules submodule 2023-10-09 18:01:23 +00:00
Capa Bot
fa1371cfa8 Sync capa rules submodule 2023-10-09 18:00:29 +00:00
Capa Bot
a0a2b07b85 Sync capa rules submodule 2023-10-09 16:35:56 +00:00
Capa Bot
b315aacd73 Sync capa rules submodule 2023-10-09 16:22:26 +00:00
Capa Bot
3dd051582a Sync capa rules submodule 2023-10-09 16:01:44 +00:00
Capa Bot
5f7b4fbf74 Sync capa rules submodule 2023-10-06 15:20:18 +00:00
Capa Bot
e006702245 Sync capa rules submodule 2023-09-05 13:02:13 +00:00
Colton Gabertan
9cea7346b2 ghidra: documentation (#1759) 
* Implement ghidra documentation
 2023-08-27 19:21:36 -07:00
Capa Bot
0265657937 Sync capa rules submodule 2023-08-19 09:36:35 +00:00
Capa Bot
ec93ca5b21 Sync capa rules submodule 2023-08-11 07:07:57 +00:00
Capa Bot
298a07dc07 Sync capa rules submodule 2023-08-07 13:31:25 +00:00
Capa Bot
95ffdf19ff Sync capa rules submodule 2023-08-02 11:03:52 +00:00
Capa Bot
4eabee7329 Sync capa rules submodule 2023-07-19 13:49:59 +00:00
Capa Bot
87a6459278 Sync capa rules submodule 2023-07-12 10:13:13 +00:00
Capa Bot
78a6d9a511 Sync capa rules submodule 2023-07-12 09:06:40 +00:00