https://github.com/0xdea/haruspex
Vulnerability research assistant that extracts pseudo-code from the IDA Hex-Rays decompiler.
https://github.com/0xdea/haruspex
ida-plugin ida-pro idalib reverse-engineering vulnerability-research
Last synced: about 1 month ago
JSON representation
Vulnerability research assistant that extracts pseudo-code from the IDA Hex-Rays decompiler.
- Host: GitHub
- URL: https://github.com/0xdea/haruspex
- Owner: 0xdea
- License: mit
- Created: 2024-11-18T14:09:55.000Z (6 months ago)
- Default Branch: master
- Last Pushed: 2025-03-24T13:30:43.000Z (2 months ago)
- Last Synced: 2025-03-24T14:31:38.374Z (2 months ago)
- Topics: ida-plugin, ida-pro, idalib, reverse-engineering, vulnerability-research
- Language: Rust
- Homepage: https://hex-rays.com/ida-pro
- Size: 94.8 MB
- Stars: 24
- Watchers: 3
- Forks: 2
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE
Awesome Lists containing this project
- awesome-rust - 0xdea/haruspex - Vulnerability research assistant that extracts pseudo-code from the IDA Hex-Rays decompiler [](https://github.com/0xdea/haruspex/actions/workflows/build.yml) (Applications / Security tools)
- fucking-awesome-rust - 0xdea/haruspex - Vulnerability research assistant that extracts pseudo-code from the IDA Hex-Rays decompiler [](https://github.com/0xdea/haruspex/actions/workflows/build.yml) (Applications / Security tools)
- trackawesomelist - 0xdea/haruspex (⭐10) - Vulnerability research assistant that extracts pseudo-code from the IDA Hex-Rays decompiler [](https://github.com/0xdea/haruspex/actions/workflows/build.yml) (Recently Updated / [Feb 05, 2025](/content/2025/02/05/README.md))
README
# haruspex
[](https://github.com/0xdea/haruspex)
[](https://crates.io/crates/haruspex)
[](https://crates.io/crates/haruspex)
[](https://twitter.com/0xdea)
[](https://infosec.exchange/@raptor)
[](https://github.com/0xdea/haruspex/actions/workflows/build.yml)
[](https://github.com/0xdea/haruspex/actions/workflows/doc.yml)
> "Hacking is the discipline of questioning all your assumptions all of the time."
>
> -- Dave Aitel
Haruspex is a blazing fast IDA Pro headless plugin that extracts pseudo-code generated by IDA Pro's
decompiler in a format that should be suitable to be imported into an IDE or parsed by static
analysis tools such as [Semgrep](https://semgrep.dev/), [weggli](https://github.com/weggli-rs/weggli),
or [oneiromancer](https://crates.io/crates/oneiromancer).
## Features
* Blazing fast, headless user experience courtesy of IDA Pro 9 and Binarly's idalib Rust bindings.
* Support for binary targets for any architecture implemented by IDA Pro's Hex-Rays decompiler.
* Pseudo-code of each function is stored in a separated file in the output directory for easy inspection.
* External crates can invoke `decompile_to_file` to decompile a function and save its pseudo-code to disk.
## Blog post
*
## See also
*
*
*
*
*
*
*
## Installing
The easiest way to get the latest release is via [crates.io](https://crates.io/crates/haruspex):
1. Download, install, and configure IDA Pro (see ).
2. Download and extract the IDA SDK (see ).
3. Install LLVM/Clang (see ).
4. On Linux/macOS, install as follows:
```sh
export IDASDKDIR=/path/to/idasdk
export IDADIR=/path/to/ida # if not set, the build script will check common locations
cargo install haruspex
```
On Windows, instead, use the following commands:
```powershell
$env:LIBCLANG_PATH="\path\to\clang+llvm\bin"
$env:PATH="\path\to\ida;$env:PATH"
$env:IDASDKDIR="\path\to\idasdk"
$env:IDADIR="\path\to\ida" # if not set, the build script will check common locations
cargo install haruspex
```
## Compiling
Alternatively, you can build from [source](https://github.com/0xdea/haruspex):
1. Download, install, and configure IDA Pro (see ).
2. Download and extract the IDA SDK (see ).
3. Install LLVM/Clang (see ).
4. On Linux/macOS, compile as follows:
```sh
git clone --depth 1 https://github.com/0xdea/haruspex
cd haruspex
export IDASDKDIR=/path/to/idasdk # or edit .cargo/config.toml
export IDADIR=/path/to/ida # if not set, the build script will check common locations
cargo build --release
```
On Windows, instead, use the following commands:
```powershell
git clone --depth 1 https://github.com/0xdea/haruspex
cd haruspex
$env:LIBCLANG_PATH="\path\to\clang+llvm\bin"
$env:PATH="\path\to\ida;$env:PATH"
$env:IDASDKDIR="\path\to\idasdk"
$env:IDADIR="\path\to\ida" # if not set, the build script will check common locations
cargo build --release
```
## Usage
1. Make sure IDA Pro is properly configured with a valid license.
2. Run as follows:
```sh
haruspex
```
3. Find the extracted pseudo-code of each decompiled function in the `binary_file.dec` directory:
```sh
vim .dec
code .dec
```
## Compatibility
* IDA Pro 9.0.240925 - Latest compatible: v0.1.3.
* IDA Pro 9.0.241217 - Latest compatible: v0.4.2.
* IDA Pro 9.1.250226 - Latest compatible: current version.
*Note: check [idalib](https://github.com/binarly-io/idalib) documentation for additional information.*
## Changelog
* [CHANGELOG.md](CHANGELOG.md)
## TODO
* Integrate with Semgrep scanning (see ).
* Integrate with weggli scanning (see ).
* Improve decompiler output in the style of [HexRaysPyTools](https://github.com/igogo-x86/HexRaysPyTools)
and [abyss](https://github.com/patois/abyss).
* Implement parallel analysis (see ).