-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathghidra_with_puppeteer.py
99 lines (86 loc) · 2.68 KB
/
ghidra_with_puppeteer.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
#Loads a pois.json generated by the puppeteer and loads the corresponding dumps.
#@author
#@category Puppeteering
#@keybinding
#@menupath Tools.Puppeteering Load POIs
#@toolbar
import json
import os
import glob
from java.io import File
poi_json = askFile("Please select the pois.json file.", "Select")
contents = ""
for line in file(poi_json.absolutePath):
contents += line
pois = json.loads(contents)
for poi in pois:
if type(poi["address"]) == unicode and poi["address"].startswith("0x"):
poi["address"] = int(poi["address"], 16)
notification_message = "Found " + str(len(pois)) + " POIs."
dump_dir = os.path.join(os.path.dirname(poi_json.absolutePath), "collected_data", "dump")
dumped_files = glob.glob(os.path.join(dump_dir, "*_x86.*"))
dumped_files = map(
lambda x: (x, int(x.split("_")[-2], 16)),
dumped_files
)
dumped_files = list(sorted(
dumped_files,
key=lambda x: x[1],
reverse=True
))
files_to_import = set()
for poi in pois:
for file,base in dumped_files:
if poi["address"] >= base:
files_to_import.add(file)
break
programs = []
for file in files_to_import:
pgm = importFile(File(file))
min = int(pgm.getMinAddress().toString(), 16)
max = int(pgm.getMaxAddress().toString(), 16)
programs.append((pgm, min, max))
notification_message += "\nImported " + str(len(files_to_import)) + " files."
addr_map = {}
programs_to_open = set()
for poi in pois:
for pgm,min,max in programs:
addr = poi["address"]
if addr >= min and addr <= max:
programs_to_open.add(pgm)
addr_map[addr] = pgm
for pgm in programs_to_open:
openProgram(pgm)
notification_message += "\nOpened " + str(len(programs_to_open)) + " programs."
def apply_pois(pois, name):
i = 0
for poi in pois:
if poi["address"] not in addr_map: continue
pgm = addr_map[poi["address"]]
message = "[" + poi['extractor'] + "] " + poi['details'] + " | Score: " + str(poi['confidence_score'])
pgm.getBookmarkManager().setBookmark(
toAddr(poi["address"]),
"Analysis", name,
message
)
i += 1
return i
ip_pois = list(filter(
lambda x: x['poi_type'] == "IP",
pois
))
port_pois = list(filter(
lambda x: x['poi_type'] == "PORT",
pois
))
other_pois = list(filter(
lambda x: x['poi_type'] != "IP" and x['poi_type'] != "PORT",
pois
))
ip_poi_count = apply_pois(ip_pois, "IP POI")
port_poi_count = apply_pois(port_pois, "Port POI")
other_poi_count = apply_pois(other_pois, "Other POI")
notification_message += "\nAdded " + str(ip_poi_count) + " of " + str(len(ip_pois)) + " IP POIs."
notification_message += "\nAdded " + str(port_poi_count) + " of " + str(len(port_pois)) + " port POIs."
notification_message += "\nAdded " + str(other_poi_count) + " of " + str(len(other_pois)) + " other POIs."
popup(notification_message)