{"id":37238799,"url":"https://github.com/user1342/ThingFinder","last_synced_at":"2026-01-22T10:01:21.462Z","repository":{"id":243413070,"uuid":"812359867","full_name":"user1342/ThingFinder","owner":"user1342","description":"ThingFinder is a tool designed to facilitate searching and analysing code, whether it's source code or compiled binary executables. It provides a modular interface for adding new parsers for identifying new 'things'.","archived":false,"fork":false,"pushed_at":"2024-06-16T18:32:28.000Z","size":2737,"stargazers_count":38,"open_issues_count":0,"forks_count":7,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-12-13T20:45:03.360Z","etag":null,"topics":["binary-analysis","malware-analysis","reverse-engineering","vulnerability-research"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/user1342.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-06-08T17:01:00.000Z","updated_at":"2025-05-17T23:41:22.000Z","dependencies_parsed_at":"2024-06-15T09:23:37.691Z","dependency_job_id":null,"html_url":"https://github.com/user1342/ThingFinder","commit_stats":null,"previous_names":["user1342/thingfinder"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/user1342/ThingFinder","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/user1342%2FThingFinder","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/user1342%2FThingFinder/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/user1342%2FThingFinder/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/user1342%2FThingFinder/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/user1342","download_url":"https://codeload.github.com/user1342/ThingFinder/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/user1342%2FThingFinder/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28661007,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-22T01:17:37.254Z","status":"online","status_checked_at":"2026-01-22T02:00:07.137Z","response_time":144,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["binary-analysis","malware-analysis","reverse-engineering","vulnerability-research"],"created_at":"2026-01-15T06:00:38.747Z","updated_at":"2026-01-22T10:01:21.456Z","avatar_url":"https://github.com/user1342.png","language":"Python","funding_links":[],"categories":["Python"],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\n \u003cimg width=100% src=\"banner.png\"\u003e\n \u003c/a\u003e\n\u003c/p\u003e\n\u003cp align=\"center\"\u003e πŸ”¦ Finding β€˜things’ in binaries and source code πŸ”Ž \u003c/p\u003e\n\n\u003cdiv align=\"center\"\u003e\n\n![GitHub contributors](https://img.shields.io/github/contributors/user1342/ThingFinder)\n![GitHub Repo stars](https://img.shields.io/github/stars/user1342/ThingFinder?style=social)\n![GitHub watchers](https://img.shields.io/github/watchers/user1342/ThingFinder?style=social)\n![GitHub last commit](https://img.shields.io/github/last-commit/user1342/ThingFinder)\n\u003cbr\u003e\n\n\u003c/div\u003e\n\nThingFinder is a python tool designed to facilitate searching and analysing code, whether it's source code or compiled binary executables. It provides a modular interface for adding new parsers for identifying new 'things' in that code, be it vulnerabilities, malware, or other patterns. \n\n\n# βš™οΈ Setup\n\n\n## System Requirements\nWhen using ThingFinder for binary analysis it utilises [GhidraBridge](https://github.com/user1342/GhidraBridge) which requires [Ghidra](https://ghidra-sre.org/) to be installed and accessible. Ensure that `analyzeHeadless` is available in your environment.\n\n**ThingFinder has been tested on Windows 11; however, it should be compatible with Unix and other systems.**\n\n## Install\n```\npip install -r requirements.txt\n```\n\nThingFinder can then be installed using the `./setup.py` script as below:\n\n```\npython -m pip install .\n```\n\n# πŸƒ Running\n## For source code analysis\n\n```bash\nThingFinder --code \u003cpath-to-code-folder\u003e [--output \u003coutput json file\u003e]\n```\n## For binary analysis\nThingFinder uses [GhidraBridge](https://github.com/user1342/GhidraBridge) to decompile the binary and uses the Ghidra CFG to identify which functions may be reachable from anouther function (allowing you to provide the ```--reachable_from_function``` argument to limit your search to such functions.\n\n```bash\nThingFinder --binary \u003cpath-to-binary\u003e [--reachable_from_function \u003cfunction-name\u003e] [--output \u003coutput json file\u003e]\n```\n\n\u003cp align=\"center\"\u003e\n \u003cimg width=100% src=\"demo.gif\"\u003e\n \u003c/a\u003e\n\u003c/p\u003e\n\n# πŸ”¨ Building 'things' parsers\nThingFinder is modular, and all parsers present in the ```things``` folder when built will be used on target binaries and code when run. These parsers may be to identify vulnerabilities, interesting code elements, etc.\n\nTo write your own thing parser follow the below:\n1) Create a file in the ```things``` folder, ending in ```_parser.py```. Ensure to have a good name for the rest of the file as that will be used to identify what was found. \n2) Create a class that inherits from the ```IngestClass``` class.\n3) Ensure your class has a ```parser``` function that takes ```self``` and ```code```.\n4) Your function should then take the code and review it for what your parser is looking for. If it's been found it should return ```True``` else ```False```.\n\nAn example of this can be seen below (named ```passwords_parser.py```):\n\n```python\ntry:\n from ThingFinder.ingest_class import IngestClass\nexcept:\n from ingest_class import IngestClass \n\nclass SimplePasswordFinder(IngestClass):\n\n def parser(self, code):\n if \"password\" in code:\n return True\n else:\n return False\n```\n\n# πŸ“¦ Example output\nThe below is an example of running ThingFinder with the ```cwe122_parser.py``` parser against a portion of the [Juliet vulnerable code dataset](https://samate.nist.gov/SARD/test-suites/112).\n\n```bash\nThingFinder.exe --code \"2017-10-01-juliet-test-suite-for-c-cplusplus-v1-3\\C\\testcases\\CWE122_Heap_Based_Buffer_Overflow\\s11\"\n```\n\n```\n 'Things' Found'\n┏━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━┓\n┃ Location ┃ Thing ┃\n┑━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━┩\nβ”‚ CWE122_Heap_Based_Buffer_Overflow__wchar_t_type_overrun_memcpy_01.c β”‚ CWE122 β”‚\nβ”‚ CWE122_Heap_Based_Buffer_Overflow__wchar_t_type_overrun_memcpy_02.c β”‚ CWE122 β”‚\nβ”‚ CWE122_Heap_Based_Buffer_Overflow__wchar_t_type_overrun_memcpy_03.c β”‚ CWE122 β”‚\nβ”‚ CWE122_Heap_Based_Buffer_Overflow__wchar_t_type_overrun_memcpy_04.c β”‚ CWE122 β”‚\nβ”‚ CWE122_Heap_Based_Buffer_Overflow__wchar_t_type_overrun_memcpy_05.c β”‚ CWE122 β”‚\nβ”‚ CWE122_Heap_Based_Buffer_Overflow__wchar_t_type_overrun_memcpy_06.c β”‚ CWE122 β”‚\nβ”‚ CWE122_Heap_Based_Buffer_Overflow__wchar_t_type_overrun_memcpy_07.c β”‚ CWE122 β”‚\nβ”‚ CWE122_Heap_Based_Buffer_Overflow__wchar_t_type_overrun_memcpy_08.c β”‚ CWE122 β”‚\nβ”‚ CWE122_Heap_Based_Buffer_Overflow__wchar_t_type_overrun_memcpy_09.c β”‚ CWE122 β”‚\nβ”‚ CWE122_Heap_Based_Buffer_Overflow__wchar_t_type_overrun_memcpy_10.c β”‚ CWE122 β”‚\nβ”‚ CWE122_Heap_Based_Buffer_Overflow__wchar_t_type_overrun_memcpy_11.c β”‚ CWE122 β”‚\nβ”‚ CWE122_Heap_Based_Buffer_Overflow__wchar_t_type_overrun_memcpy_12.c β”‚ CWE122 β”‚\nβ”‚ CWE122_Heap_Based_Buffer_Overflow__wchar_t_type_overrun_memcpy_13.c β”‚ CWE122 β”‚\nβ”‚ CWE122_Heap_Based_Buffer_Overflow__wchar_t_type_overrun_memcpy_14.c β”‚ CWE122 β”‚\nβ”‚ CWE122_Heap_Based_Buffer_Overflow__wchar_t_type_overrun_memcpy_15.c β”‚ CWE122 β”‚\nβ”‚ CWE122_Heap_Based_Buffer_Overflow__wchar_t_type_overrun_memcpy_16.c β”‚ CWE122 β”‚\nβ”‚ CWE122_Heap_Based_Buffer_Overflow__wchar_t_type_overrun_memcpy_17.c β”‚ CWE122 β”‚\nβ”‚ CWE122_Heap_Based_Buffer_Overflow__wchar_t_type_overrun_memcpy_18.c β”‚ CWE122 β”‚\nβ””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”˜\n```\n\n# βš–οΈ Code of Conduct\nThingFinder follows the Contributor Covenant Code of Conduct. Please make sure to review and adhere to this code of conduct when contributing to ThingFinder.\n\n# πŸ› Bug Reports and Feature Requests\nIf you encounter a bug or have a suggestion for a new feature, please open an issue in the GitHub repository. Please provide as much detail as possible, including steps to reproduce the issue or a clear description of the proposed feature. Your feedback is valuable and will help improve ThingFinder for everyone.\n\n# πŸ“œ License\n\n[GNU General Public License v3.0](https://choosealicense.com/licenses/gpl-3.0/)\n\n# ⭐ Thanks\nThe name and high-level idea for ThingFinder came from the tool [FlawFinder](https://github.com/david-a-wheeler/flawfinder) check it out!\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fuser1342%2FThingFinder","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fuser1342%2FThingFinder","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fuser1342%2FThingFinder/lists"}