search

mandiant / VM-Packages

Chocolatey packages supporting the analysis environment projects FLARE-VM & Commando VM.
Apache License 2.0
123 stars 61 forks source link

Add issue template for IDA plugins && support automate package creation #996

Closed Ana06 closed 1 month ago

Ana06 commented 2 months ago

Details

Introduce a new helper for IDA plugins and an issue template so that we can create packages that install ida plugins automatically.

Split https://github.com/mandiant/VM-Packages/issues/719 using the new template

stevemk14ebr commented 2 months ago

You can use the IDAUSR https://hex-rays.com/blog/igors-tip-of-the-week-33-idas folder for partial configs and plugin folder merging without needing to put them in the IDA directory. Works for python and binary plugins

My personal plugins and configs https://github.com/stevemk14ebr/RETools/tree/master/IdaScripts

This could end up being a lot, I'd recommend a pretty minimal default set if any are default at all.

Ana06 commented 2 months ago

@stevemk14ebr

You can use the IDAUSR https://hex-rays.com/blog/igors-tip-of-the-week-33-idas folder for partial configs and plugin folder merging without needing to put them in the IDA directory

This is how we are doing it already (for the only plugin we have: capa plugin) :wink: IDAUSR is shared between IDA versions.

Ana06 commented 2 months ago

@stevemk14ebr

This could end up being a lot, I'd recommend a pretty minimal default set if any are default at all.

There has been some discussions in https://github.com/mandiant/VM-Packages/issues/719 about what the default should be.

Ana06 commented 2 months ago

I am adding a helper function in https://github.com/mandiant/VM-Packages/pull/1013 that downloads a single file to the plugins directory. This seems to be how most plugins distributed as a DLL are installed. The following Python plugins can also be installed in this way:

I have checked several IDA plugins and the other common case seems to be copying a folder to the plugins directory (normally downloaded from GH in a ZIP). Plugins that can be installed in this way:

I suggest extending the helper to support this second case after #1013 has been merged and create a new issue template for automation for both cases and that allow to provide installation details for the rest. After that we can trigger automation to generate the packages mentioned above!

Ana06 commented 2 months ago

https://github.com/gaasedelen/tenet doesn't work with Python 3.10: https://github.com/gaasedelen/tenet/issues/15#issuecomment-2084743150 which means we can't add it until the bug is fixed.