search

mandiant / flare-vm

A collection of software installations scripts for Windows systems that allows you to easily setup and maintain a reverse engineering environment on a VM.
Apache License 2.0
6.45k stars 906 forks source link

Add IDA plugins to default configuration #593

Closed Ana06 closed 4 months ago

Ana06 commented 5 months ago

Details

At the moment, the only IDA plugin we have in the default configuration is capa explorer. This is nice as when you install IDA Pro, it detects the Python3 installation and the capa explorer plugin is available without any extra steps. We have recently added some more IDA plugins to VM-Packages that we could add to the FLARE-VM default configuration too:

  1. https://github.com/A200K/IDA-Pro-SigMaker
  2. https://github.com/danigargu/deREferencing
  3. https://github.com/gaasedelen/lighthouse
  4. https://github.com/hasherezade/ida_ifl
  5. https://github.com/airbus-cert/comida

@mandiant/flare-vm opinions on which ones we should add to the default config?

thejoelpatrol commented 5 months ago

I would like to see these four, especially the shellcode hashes: https://github.com/mandiant/flare-ida/tree/master/plugins

A big priority for me would also be the MSDN documentation annotator: https://github.com/mandiant/flare-ida/blob/master/python/flare/annotate_IDB_MSDN.py That one does rely on a database file which would probably contain copyrighted material so it's a little more complicated. It's also not structured as a plugin, but as a script.

Ana06 commented 5 months ago

@thejoelpatrol thanks for the feedback. I was asking in this issue about the already created packages, as we would just need to add them to the config. I have created a new issue in VM-Packages to discuss the addition of flare-ida (so that we keep the discussions separated): https://github.com/mandiant/VM-Packages/issues/1032

mr-tz commented 5 months ago

I vote to add comida.

Ana06 commented 4 months ago

Two more candidates that are being currently added:

Ana06 commented 4 months ago

I have been testing the plugins and I would like to add:

@mandiant/flare-vm anything against it? any other package you would like to get added?

mr-tz commented 4 months ago

no concerns on my side, thanks