Plugins

[kevthehermit]

Have you considered a method of adding plugins/modules?

I have some scripts i use to de-obfuscate rig EK and a couple of others. Would love to add them along with some basic html analysis tools

[omriher]

Hi, This is a good idea and indeed I have considered it.

Unfortunately, I don't have a precise timetable at the moment. I am currently working on a new version that contains many other new features and tools that I consider more urgent. But plugins support is surely something I plan on adding at some point.

How do you see the plugin integration implemented? Access to the internal tools and object's information, and the ability to create new objects?

[kevthehermit]

The other project i spend a lot of time on is viper. Its a console based malware analysis platform that uses plugins and modules. - https://github.com/botherder/viper

The concept is you open a session on an object, from there you choose a module to run against it. The modules are placed in to a plugins folder and dynamically imported when the console is loaded.

In the first instance the modules would only need the ability to access an object then create new ones. This would allow for things like deobfuscators, js beautify and pretty much anything you can do in beautiful soup for searching tags etc.

If there is anything i can do to help please let me know.

[kevthehermit]

for swf, pdf files etc i can see this would be more useful in a dedicated malware tool like viper. so i would like to add the ability to connect to Vipers API to send extracted files there

[omriher]

First: Very cool project ! will look into it

OK, so we're on the same page regarding the modules. jsbeautify is actually one of the features that will be included in the new version, along with PE info, file identification, regex search and more...

Thank you for offering your help :+1: will contact you when relevant.

[cbalanescu]

first thanks for this tool. second (feature request) : ability to parse nanosecond type pcaps

[omriher]

I finally got around to it... and I'm putting the finishing touches to the plugins infrastructure :)

Created a new branch for it: https://github.com/omriher/CapTipper/tree/plugin (Will merge for BlackHat Arsenal this August). Documentation (In progress) can be found here: http://captipper.readthedocs.org/en/latest/Plugins.html

You are welcome to take a look at it and let me know of any issues.

Thanks !

[omriher]

Merged with master

[kevthehermit]

Excellent. Will read the docs and start to convert my scripts to plugins :) As always great work.