Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/0xdea/haruspex

Vulnerability research assistant that extracts pseudo-code from the IDA Hex-Rays decompiler.
https://github.com/0xdea/haruspex

ida-plugin ida-pro idalib reverse-engineering vulnerability-research

Last synced: 6 days ago
JSON representation

Vulnerability research assistant that extracts pseudo-code from the IDA Hex-Rays decompiler.

Host: GitHub
URL: https://github.com/0xdea/haruspex
Owner: 0xdea
License: mit
Created: 2024-11-18T14:09:55.000Z (3 months ago)
Default Branch: master
Last Pushed: 2025-01-30T08:10:49.000Z (13 days ago)
Last Synced: 2025-01-30T09:22:22.014Z (13 days ago)
Topics: ida-plugin, ida-pro, idalib, reverse-engineering, vulnerability-research
Language: Rust
Homepage: https://hex-rays.com/ida-pro
Size: 45.4 MB
Stars: 10
Watchers: 1
Forks: 1
Open Issues: 0
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE

Awesome Lists containing this project

awesome-rust - 0xdea/haruspex - Vulnerability research assistant that extracts pseudo-code from the IDA Hex-Rays decompiler [![build](https://github.com/0xdea/haruspex/actions/workflows/build.yml/badge.svg)](https://github.com/0xdea/haruspex/actions/workflows/build.yml) (Applications / Vulnerability Research)
fucking-awesome-rust - 0xdea/haruspex - Vulnerability research assistant that extracts pseudo-code from the IDA Hex-Rays decompiler [![build](https://github.com/0xdea/haruspex/actions/workflows/build.yml/badge.svg)](https://github.com/0xdea/haruspex/actions/workflows/build.yml) (Applications / Vulnerability Research)
trackawesomelist - 0xdea/haruspex (⭐10) - Vulnerability research assistant that extracts pseudo-code from the IDA Hex-Rays decompiler [![build](https://github.com/0xdea/haruspex/actions/workflows/build.yml/badge.svg)](https://github.com/0xdea/haruspex/actions/workflows/build.yml) (Recently Updated / [Feb 05, 2025](/content/2025/02/05/README.md))

README

        # haruspex

[![](https://img.shields.io/github/stars/0xdea/haruspex.svg?style=flat&color=yellow)](https://github.com/0xdea/haruspex)

[![](https://img.shields.io/crates/v/haruspex?style=flat&color=green)](https://crates.io/crates/haruspex)

[![](https://img.shields.io/crates/d/haruspex?style=flat&color=red)](https://crates.io/crates/haruspex)

[![](https://img.shields.io/badge/twitter-%400xdea-blue.svg)](https://twitter.com/0xdea)

[![](https://img.shields.io/badge/mastodon-%40raptor-purple.svg)](https://infosec.exchange/@raptor)

[![build](https://github.com/0xdea/haruspex/actions/workflows/build.yml/badge.svg)](https://github.com/0xdea/haruspex/actions/workflows/build.yml)

[![doc](https://github.com/0xdea/haruspex/actions/workflows/doc.yml/badge.svg)](https://github.com/0xdea/haruspex/actions/workflows/doc.yml)

> "Hacking is the discipline of questioning all your assumptions all of the time."

>

> -- Dave Aitel

Haruspex is a blazing fast IDA Pro headless plugin that extracts pseudo-code generated by IDA Pro's

decompiler in a format that should be suitable to be imported into an IDE or parsed by static

analysis tools such as [Semgrep](https://semgrep.dev/) or [weggli](https://github.com/weggli-rs/weggli).

![](https://raw.githubusercontent.com/0xdea/haruspex/master/.img/screen01.png)

## Features

* Blazing fast, headless user experience courtesy of IDA Pro 9 and Binarly's idalib Rust bindings.

* Support for binary targets for any architecture implemented by IDA Pro's Hex-Rays decompiler.

* Pseudo-code of each function is stored in a separated file in the output directory for easy inspection.

* External crates can invoke `decompile_to_file` to decompile a function and save its pseudo-code to disk.

## Blog post

*  (*coming soon*)

## See also

* 

* 

* 

* 

* 

* 

* 

## Installing

The easiest way to get the latest release is via [crates.io](https://crates.io/crates/haruspex):

1. Download, install, and configure IDA Pro (see ).

2. Download and extract the IDA SDK (see ).

3. Install haruspex as follows:

    ```sh

    $ export IDASDKDIR=/path/to/idasdk90

    $ export IDADIR=/path/to/ida # if not set, the build script will check common locations

    $ cargo install haruspex

    ```

## Compiling

Alternatively, you can build from [source](https://github.com/0xdea/haruspex):

1. Download, install, and configure IDA Pro (see ).

2. Download and extract the IDA SDK (see ).

3. Compile haruspex as follows:

    ```sh

    $ git clone https://github.com/0xdea/haruspex

    $ cd haruspex

    $ export IDASDKDIR=/path/to/idasdk90 # or edit .cargo/config.toml

    $ export IDADIR=/path/to/ida # if not set, the build script will check common locations

    $ cargo build --release

    ```

## Usage

1. Make sure IDA Pro is properly configured with a valid license.

2. Run haruspex as follows:

    ```sh

    $ haruspex 

    ```

3. Find the extracted pseudo-code of each decompiled function in the `binary_file.dec` directory:

    ```sh

    $ vim .dec

    $ code .dec

    ```

## Tested with

* IDA Pro 9.0.240925 on macOS arm64 and Linux x64.

* IDA Pro 9.0.241217 on macOS arm64 and Linux x64.

*Note: only the `unix` target family is currently supported, check [idalib](https://github.com/binarly-io/idalib)

documentation if you want to port it to `windows` yourself.*

## Changelog

* [CHANGELOG.md](CHANGELOG.md)

## TODO

* Implement support for the `windows` target family.

* Integrate with Semgrep scanning (see ).

* Integrate with weggli scanning (see ).

* Improve decompiler output in the style of [HexRaysPyTools](https://github.com/igogo-x86/HexRaysPyTools)

  and [abyss](https://github.com/patois/abyss).

* Implement parallel analysis (see ).