gitea-mirror/capa
1
0
Fork 0
mirror of https://github.com/mandiant/capa.git synced 2025-12-05 20:40:05 -08:00
Code Issues Packages Projects Releases Wiki Activity
5,372 Commits 42 Branches 48 Tags
729a1a85b7b6d6dd2f6ddc89c7cf5998b1c2f01d
Commit Graph

709 Commits

Author SHA1 Message Date
mr-tz
8298347c19 support more report formats 2024-05-07 15:24:21 +02:00
Capa Bot
0488c86bc7 Sync capa rules submodule 2024-04-29 09:49:01 +00:00
Capa Bot
f1c4ff8e17 Sync capa rules submodule 2024-04-22 08:33:05 +00:00
Moritz
9a5f4562b8 Merge branch 'master' into test_binja_4_0 2024-03-21 12:13:41 +01:00
Abdul Samad Siddiqui
7bc298de1a Emit "dotnet" as format to ResultDocument when processing .NET files (#2024) 
* Refactor format in `capa/features/extractors/dotnetfile.py`

Signed-off-by: samadpls <abdulsamadsid1@gmail.com>

* updated chanalog.md with the changes

Signed-off-by: samadpls <abdulsamadsid1@gmail.com>

* Refractor CHANGELOG.md

Co-authored-by: Mike Hunhoff <mike.hunhoff@gmail.com>

---------

Signed-off-by: samadpls <abdulsamadsid1@gmail.com>
Co-authored-by: Mike Hunhoff <mike.hunhoff@gmail.com>
 2024-03-20 11:07:05 -06:00
Moritz
cbadab8521 Add faq (#2032) 
* Create faq.md

---------

Co-authored-by: Vasco Schiavo <115561717+VascoSch92@users.noreply.github.com>
 2024-03-20 14:59:02 +01:00
Fariss
9d1f110d24 ida-explorer: replace deprecated IDA API find_binary with bin_search (#2011) 
* ida-explorer: replace deprecated IDA API find_binary with bin_search

* Fix packages import sort order

* Modify code style: return on error in find_byte_sequence

* Declare global variables for find_byte_sequence

* Declare global variables for find_byte_sequence

* Declare global variables for find_byte_sequence

* remove IDA_BYTES_PATTERNS, because ida_bytes.parse_bin_pat_str modifies first param
 2024-03-11 13:04:16 -06:00
Willi Ballenthin
fe13f9ce76 Merge branch 'master' into test_binja_4_0 2024-03-03 07:20:56 +01:00
P.Sahithi Reddy
04e3f268f3 Update github ci workflow to reflect new ghidrathon installation (#2020) 
* Update github ci workflow to reflect new ghidrathon release installation

* Update CHANGELOG
 2024-03-01 16:24:02 -07:00
Xusheng
12234c3572 Update changelog 2024-02-29 17:07:37 +08:00
Ana Maria Martinez Gomez
f5893d7bd3 [changelog] Add actions update 2024-02-27 12:49:28 +01:00
Ana María Martínez Gómez
c28f4fc890 Merge pull request #2004 from Ana06/changelog-review 
Fix CHANGELOG PR review & update Ana06/automatic-pull-request-review
 2024-02-26 17:49:28 +01:00
Rohit Konakalla
9a449b6bd9 Load .json.gz files directly (#1990) 
* Load .json.gz files directly

* Add helper function to load .json and replace json.load references

* add test and update change log

* add .json.gz in EXTENSIONS_DYNAMIC

Co-authored-by: Moritz <mr-tz@users.noreply.github.com>

---------

Co-authored-by: Moritz <mr-tz@users.noreply.github.com>
 2024-02-25 16:01:36 +01:00
Ana Maria Martinez Gomez
65b5c46029 [changelog] Add gist badge 
I didn't originally add the gist badge to the CHANGELOG in #2001, but I
am thinking now that it may be a good idea to track it.
 2024-02-23 20:22:44 +01:00
Ana Maria Martinez Gomez
8857511e55 [CI] Fix CHANGELOG PR review 
Sending a PR review with a message about the CHANGELOG needing to be
updated has been broken since July, where the permissions were changed.
 2024-02-23 16:25:49 +01:00
Sahil
5e85fc9ede update github workflows to use latest version for depricated actions (checkout, setup-python, upload-artifact, download-artifact) 2024-02-23 02:57:07 +05:30
Willi Ballenthin
b163f82a71 changelog 2024-02-14 15:57:24 +01:00
Capa Bot
1d78900862 Sync capa rules submodule 2024-02-14 13:57:16 +00:00
Capa Bot
fde1de3250 Sync capa rules submodule 2024-02-05 09:34:46 +00:00
Moritz
2ddb6b0773 update to v7.0.1 (#1972) 2024-02-02 11:21:50 +01:00
Willi Ballenthin
2a59284621 freeze: remove unused import (#1969) 
* freeze: remove unused import

potentially causing circular import errors

---------

Co-authored-by: Moritz <mr-tz@users.noreply.github.com>
 2024-02-01 19:41:44 +01:00
Moritz
a3a8e36911 Release capa version 7.0.0 (#1958) 
* bump version to 7.0.0

---------

Co-authored-by: Willi Ballenthin <wballenthin@google.com>
 2024-02-01 15:21:20 +01:00
Willi Ballenthin
9929967634 changelog 2024-01-31 14:16:23 +01:00
Jensen Coonradt
1a4f2559fa Change log update to show the removal of the scripts/vivisect-py2-vs-py3.sh file (#1952) 
* remove scripts/vivisect-py2-vs-py3.sh

---------

Co-authored-by: Moritz <mr-tz@users.noreply.github.com>
 2024-01-31 11:37:46 +01:00
Colton Gabertan
3e4479e3bb ghidra: UI integration (#1786) 2024-01-30 22:58:35 -07:00
Willi Ballenthin
c3301d3b3f refactor main to for ease of integration (#1948) 
* main: split main into a bunch of "main routines"

[wip] since there are a few references to BinExport2
that are in progress elsewhre. Next commit will remove them.

* main: remove references to wip BinExport2 code

* changelog

* main: rename first position argument "input_file"

closes #1946

* main: linters

* main: move rule-related routines to capa.rules

ref #1821

* main: extract routines to capa.loader module

closes #1821

* add loader module

* loader: learn to load freeze format

* freeze: use new cli arg handling

* Update capa/loader.py

Co-authored-by: Moritz <mr-tz@users.noreply.github.com>

* main: remove duplicate documentation

* main: add doc about where some functions live

* scripts: migrate to new main wrapper helper functions

* scripts: port to main routines

* main: better handle auto-detection of backend

* scripts: migrate bulk-process to main wrappers

* scripts: migrate scripts to main wrappers

* main: rename *_from_args to *_from_cli

* changelog

* cache-ruleset: remove duplication

* main: fix tag handling

* cache-ruleset: fix cli args

* cache-ruleset: fix special rule cli handling

* scripts: fix type bytes

* main: remove old TODO message

* loader: fix references to binja extractor

---------

Co-authored-by: Moritz <mr-tz@users.noreply.github.com>
 2024-01-29 13:59:05 +01:00
Willi Ballenthin
d2e1a47192 more ELF OS detection techniques (#1947) 
* elf: os: deprioritize .ident strategy due to potential for FPs

* elf: os: same as parent, fix .ident FP

* elf: os: detect Android via clang compiler .ident note

* elf: os: detect Android via dependency on liblog.so

* changelog
 2024-01-25 16:26:31 +01:00
Moritz
85e1495fed update to v7-beta (#1942) 
* update to v7-beta
 2024-01-24 14:55:54 +01:00
Capa Bot
009cf0c854 Sync capa rules submodule 2024-01-23 09:56:05 +00:00
Capa Bot
0676e80c20 Sync capa rules submodule 2024-01-23 09:42:16 +00:00
mr-tz
734bfd4ad2 fix setuptools package discovery 2024-01-18 11:56:00 +01:00
mr-tz
9bc04ec612 update data via script 2024-01-16 15:29:25 +01:00
Willi Ballenthin
1dc72a3183 elf: detect linux via GCC .ident directives (#1928) 
* elf: detect linux via GCC .ident directives

* changelog

* pep8
 2024-01-11 16:15:26 +01:00
Capa Bot
efc26be196 Sync capa rules submodule 2024-01-11 14:20:33 +00:00
Blas
7584e4a5e6 dotnet: emit enclosing class information for nested classes (#1913) 
* Update helpers.py

* Update helpers.py

* TypeRef correction in helpers.py

* Fixed TypeRef to proper functionality

* Accounts for TypeRef updated tuple

* Corrected TypeDef tuple creation in helpers.py

* Update types.py

* Update types.py

* Create helpers_draft.py

* Update capa/features/extractors/dnfile/helpers.py

Co-authored-by: Mike Hunhoff <mike.hunhoff@gmail.com>

* Update helper functions, variables, and draft further implementations

* Update helpers.py

* Update types.py

* Directly access TypeDef and TypeRef tables

* Update helpers.py

* Update helpers.py

* Delete capa/features/extractors/dnfile/helpers_draft.py

* Update types.py

* Update dotnetfile.py

* Update types.py comment

* Clean extract_file_class_features in dotnetfile.py

* Cleaned up callers, var names, and other small items

* Update dotnetfile.py

* Clean up caller logic in dotnetfile.py

* Clean up callers and update helper logic in helpers.py

* Linter corrections for types.py

* Linter corrections for dotnetfile.py

* Linter corrections and caller functions cleanup for helpers.py

* Update capa/features/extractors/dnfile/helpers.py

Co-authored-by: Mike Hunhoff <mike.hunhoff@gmail.com>

* Update capa/features/extractors/dnfile/helpers.py

Co-authored-by: Mike Hunhoff <mike.hunhoff@gmail.com>

* Update capa/features/extractors/dnfile/helpers.py

Co-authored-by: Mike Hunhoff <mike.hunhoff@gmail.com>

* Update capa/features/extractors/dnfile/helpers.py

Co-authored-by: Mike Hunhoff <mike.hunhoff@gmail.com>

* Update capa/features/extractors/dnfile/helpers.py

Co-authored-by: Mike Hunhoff <mike.hunhoff@gmail.com>

* Update capa/features/extractors/dnfile/helpers.py

Co-authored-by: Mike Hunhoff <mike.hunhoff@gmail.com>

* Update capa/features/extractors/dnfile/helpers.py

Co-authored-by: Mike Hunhoff <mike.hunhoff@gmail.com>

* Update capa/features/extractors/dnfile/helpers.py

Co-authored-by: Mike Hunhoff <mike.hunhoff@gmail.com>

* Update capa/features/extractors/dnfile/helpers.py

Co-authored-by: Mike Hunhoff <mike.hunhoff@gmail.com>

* Update helpers.py

* Update dotnetfile.py

* Update tuple type in types.py

* Update dotnetfile.py

* Update return value annotations in helpers.py

* Linting update types.py

* Linting update dotnetfile.py

* Added unit tests to fixtures.py

* Update types.py

* Linting fix for types.py

* Update CHANGELOG.md

* Small changes to return types in helpers.py

---------

Co-authored-by: Mike Hunhoff <mike.hunhoff@gmail.com>
 2024-01-05 10:09:38 -07:00
Capa Bot
3214ecf0ee Sync capa rules submodule 2024-01-03 16:32:40 +00:00
mr-tz
73ea822123 Merge branch 'master' into dynamic-feature-extraction 2023-11-29 16:17:09 +01:00
Capa Bot
277d7e0687 Sync capa rules submodule 2023-11-29 13:33:01 +00:00
Willi Ballenthin
b4c6bf859e changelog 2023-11-29 13:12:30 +00:00
Capa Bot
347687579c Sync capa rules submodule 2023-11-22 18:05:52 +00:00
Capa Bot
d61d1dc591 Sync capa rules submodule 2023-11-22 13:10:44 +00:00
Capa Bot
235a3bede0 Sync capa rules submodule 2023-11-21 10:52:38 +00:00
Capa Bot
fb1235d26f Sync capa rules submodule 2023-11-20 10:27:11 +00:00
Yacine
0097822e51 Merge pull request #1820 from yelhamer/capabilities-module 
add a capabilities module
 2023-10-27 13:39:49 +02:00
Moritz
c9df78252a Ignore DLL names for API features (#1824) 
* ignore DLL name for api features

* keep DLL name for import features

* fix tests
 2023-10-20 13:39:15 +02:00
Willi Ballenthin
1143f2ba56 changelog 2023-10-20 07:11:42 +00:00
Yacine
0ae8f34aff Merge branch 'dynamic-feature-extraction' into capabilities-module 2023-10-20 08:55:49 +02:00
Willi Ballenthin
288313a300 changelog 2023-10-19 10:28:37 +00:00
Willi Ballenthin
7bc3fba7b0 Merge branch 'dynamic-feature-extraction' into fix/dynamic-proto 2023-10-19 09:20:15 +00:00
Willi Ballenthin
d5e187bc70 Merge branch 'master' into dynamic-feature-extraction 2023-10-19 09:15:57 +00:00