Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/Sentinel-One/VTgrepGHIDRA
https://github.com/Sentinel-One/VTgrepGHIDRA
Last synced: about 2 months ago
JSON representation
- Host: GitHub
- URL: https://github.com/Sentinel-One/VTgrepGHIDRA
- Owner: Sentinel-One
- License: other
- Created: 2020-05-05T08:05:29.000Z (over 4 years ago)
- Default Branch: master
- Last Pushed: 2021-02-18T19:03:33.000Z (almost 4 years ago)
- Last Synced: 2024-08-04T01:02:20.485Z (5 months ago)
- Language: Java
- Size: 1.84 MB
- Stars: 90
- Watchers: 15
- Forks: 5
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: License.md
Awesome Lists containing this project
- awesome-ghidra - vtgrepghidra - VT-GHIDRA Plugin (Ghidra Scripts/Plugins/Extension)
README
# ``vtgrepghidra`` - VT-GHIDRA Plugin
![Main image](./pics/main.png)
This is a non official VirusTotal plugin for GHIDRA. This plugin integrates functionality from VirusTotal web services into the GHIDRA's user interface.
The current version is v0.1, This plugin is not production-ready yet, and unexpected behavior can still occur and released without any warranty. This release integrates VTGrep into GHIDRA, facilitating the searching for similar code, strings, or sequences of bytes.## Requirements
###### Windows
No requirements.
###### Linux
`apt-get install osslsigncode` or compile from source code (https://github.com/mtrojnar/osslsigncode) if you are experiencing any problems.
###### MacOS`brew install osslsigncode`, also on MacOS, for some reason we didn't want to get into, you'll need to execute in orde for it to work:
```
echo /usr/local/etc/openssl* | xargs -n1 -I{} mkdir -p {}/certs
echo /usr/local/etc/openssl* | xargs -n1 -I{} ln -s {}/cert.pem {}/certs/ca-bundle.crt
```## Installation
Place the script files in any of the ``Script Directories`` (Window->Script Manager or via the shortcut: ![Script Manager Shortcut](./pics/scriptmanager.png)):
![Scripting Directories](./pics/scriptingdirectories.png)
and then click `Refresh script list`.
## Features
- *Search for bytes*: it searches for the bytes contained in the selected area "AS IS".
- *Search for similar code*: identifies memory offsets or addresses in the currently selected area and ignores them when searching.
- *Search for similar code (strict)*: same as above but it also ignores all the constants in the currently selected area.
- *Search for same signer*: searches for files signed by the same certificate to sign the loaded file.
- *Search for ImpHash*: searches for files with the same import hash.
- *Search similar-to*: searches for files using "similar-to" attribute by VT.
- *Customizations*: a comfortable GUI allows you to customize the query by masking/unmasking opcodes and operands before querying VT.## Examples
General usage:
![General Usage](./pics/generaluse.gif)
Searching by the same certificate:
![Same Certificate](./pics/samecert.gif)
## Credits
* This open-source project is backed by [SentinelOne](https://www.sentinelone.com/blog/)
* This plugin is based on GHIDRA's YARA search plugin GUI.