intezer / analyze-community-ghidra-plugin Goto Github PK
View Code? Open in Web Editor NEWGhidra plugin for https://analyze.intezer.com
License: BSD 3-Clause "New" or "Revised" License
Ghidra plugin for https://analyze.intezer.com
License: BSD 3-Clause "New" or "Revised" License
I was attempting to analyze a file in Ghidra, but the following set of errors were returned instead, and I'm not real sure where to begin troubleshooting.
intezer_analyze_gh_community.py> Running...
>>> Program Info:
>>> winta.exe:
x86:LE:64:default_windows
(Wed Sep 02 14:52:52 CDT 2020)
/Users/dmoore/Documents/repository/samples/gotroj/winta.exe
>>> file SHA : 57150938be45c4d9c742ab24c693acc14cc071d23b088a1facc2a7512af89414
>>> Start analyzing file...
Traceback (most recent call last):
File "/Users/dmoore/ghidra_scripts/analyze-community-ghidra-plugin/intezer_analyze_gh_community.py", line 284, in run
helper.create_function_map(sha256)
File "/Users/dmoore/ghidra_scripts/analyze-community-ghidra-plugin/intezer_analyze_gh_community.py", line 242, in create_function_map
function_map = self._get_function_map(sha256)
File "/Users/dmoore/ghidra_scripts/analyze-community-ghidra-plugin/intezer_analyze_gh_community.py", line 166, in _get_function_map
result_url = self._proxy.create_plugin_report(sha256, functions_data)
File "/Users/dmoore/ghidra_scripts/analyze-community-ghidra-plugin/intezer_analyze_gh_community.py", line 104, in create_plugin_report
response = self._post(URLS['create_ghidra_plugin_report'].format(sha256), json={'functions_data': functions_data})
File "/Users/dmoore/ghidra_scripts/analyze-community-ghidra-plugin/intezer_analyze_gh_community.py", line 91, in _post
response = self.session.post(url_path, **kwargs)
File "/Users/dmoore/Library/Python/2.7/lib/python/site-packages/requests/sessions.py", line 578, in post
return self.request('POST', url, data=data, json=json, **kwargs)
File "/Users/dmoore/Library/Python/2.7/lib/python/site-packages/requests/sessions.py", line 530, in request
resp = self.send(prep, **send_kwargs)
File "/Users/dmoore/Library/Python/2.7/lib/python/site-packages/requests/sessions.py", line 643, in send
r = adapter.send(request, **kwargs)
File "/Users/dmoore/Library/Python/2.7/lib/python/site-packages/requests/adapters.py", line 498, in send
raise ConnectionError(err, request=request)
ConnectionError: ('Connection aborted.', BadStatusLine("''",))
intezer_analyze_gh_community.py> Finished!
What could be the solution for the following error?
I used python 2.7 as recommended in the description.
UnicodeEncodeError: 'ascii' codec can't encode character u'\xb5' in position 745: ordinal not in range(128)
Hello, I am running Ghidra version on 9.2.1, and the latest version of the Intezer plugin. Unfortunately, when running the script on a sample, I am getting a Python requests error. Requests is definitely installed on the system.
intezer_analyze_gh_community.py> Running...
Whelp, something went wrong.
Traceback (most recent call last):
File "/usr/bin/ghidra_9.2.1_PUBLIC/Ghidra/Processors/PIC/ghidra_scripts/analyze-community-ghidra-plugin/intezer_analyze_gh_community.py", line 26, in <module>
import requests
ImportError: No module named requests
intezer_analyze_gh_community.py> Finished!
Python sys.version
:
'2.7.2 (v2.7.2:925a3cc3b49d, Mar 21 2020, 10:03:58)\n[OpenJDK 64-Bit Server VM (Debian)]
Is there a way to resolve this without uninstalling/reinstalling requests? The sample is ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa
.
What could be the solution for the following error?
Traceback (most recent call last): File "C:\Users\PC\Desktop\analyze-community-ghidra-plugin-master\intezer_analyze_gh_community.py", line 32, in import requests ImportError: No module named requests
Hi,
I made a port for this plugin to Ghidra bridge / Python3, because using Jython is not fun.
I don't know if I should make a pull request and add a branch "Python3" to this repository or just keep it on my side.
Anyway, it exists and seems to work (based on my tests on Ubuntu 20.04).
I'm testing your script and reached the following problem:
>>> Start analyzing file...
Traceback (most recent call last):
File "/opt/analyze-community-ghidra-plugin/intezer_analyze_gh_community.py", line 272, in run
helper.create_function_map(sha256)
File "/opt/analyze-community-ghidra-plugin/intezer_analyze_gh_community.py", line 230, in create_function_map
function_map = self._get_function_map(sha256)
File "/opt/analyze-community-ghidra-plugin/intezer_analyze_gh_community.py", line 155, in _get_function_map
ghidra_plugin_report = self._proxy.get_plugin_report(result_url)
File "/opt/analyze-community-ghidra-plugin/intezer_analyze_gh_community.py", line 110, in get_plugin_report
response = self._get(API_URL + result_url)
File "/opt/analyze-community-ghidra-plugin/intezer_analyze_gh_community.py", line 89, in _get
return self.session.get(url_path, **kwargs)
File "/usr/lib/python2.7/dist-packages/requests/sessions.py", line 533, in get
return self.request('GET', url, **kwargs)
File "/usr/lib/python2.7/dist-packages/requests/sessions.py", line 520, in request
resp = self.send(prep, **send_kwargs)
File "/usr/lib/python2.7/dist-packages/requests/sessions.py", line 630, in send
r = adapter.send(request, **kwargs)
File "/usr/lib/python2.7/dist-packages/requests/adapters.py", line 430, in send
resp = conn.urlopen(
File "/usr/lib/python2.7/dist-packages/requests/adapters.py", line 430, in send
resp = conn.urlopen(
File "/usr/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 589, in urlopen
conn = self._get_conn(timeout=pool_timeout)
File "/usr/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 589, in urlopen
conn = self._get_conn(timeout=pool_timeout)
File "/usr/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 242, in _get_conn
if conn and is_connection_dropped(conn):
File "/usr/lib/python2.7/dist-packages/urllib3/util/connection.py", line 27, in is_connection_dropped
return bool(wait_for_read(sock, timeout=0.0))
File "/usr/lib/python2.7/dist-packages/urllib3/util/connection.py", line 27, in is_connection_dropped
return bool(wait_for_read(sock, timeout=0.0))
File "/usr/lib/python2.7/dist-packages/urllib3/util/wait.py", line 33, in wait_for_read
return _wait_for_io_events(socks, EVENT_READ, timeout)
File "/usr/lib/python2.7/dist-packages/urllib3/util/wait.py", line 24, in _wait_for_io_events
selector.register(sock, events)
File "/usr/lib/python2.7/dist-packages/urllib3/util/selectors.py", line 344, in register
key = super(PollSelector, self).register(fileobj, events, data)
File "/usr/lib/python2.7/dist-packages/urllib3/util/selectors.py", line 197, in register
key = SelectorKey(fileobj, self._fileobj_lookup(fileobj), events, data)
File "/usr/lib/python2.7/dist-packages/urllib3/util/selectors.py", line 181, in _fileobj_lookup
return _fileobj_to_fd(fileobj)
File "/usr/lib/python2.7/dist-packages/urllib3/util/selectors.py", line 50, in _fileobj_to_fd
raise ValueError("Invalid file object: {0!r}".format(fileobj))
ValueError: Invalid file object: <ssl.SSLSocket object at 0xc15>
I found that this error could be related to the Jython version used by Ghidra. Any idea to solve this issue?
I'm getting the following error:
>>> Start analyzing file...
Traceback (most recent call last):
File "C:\Users\Rony\Desktop\analyze-community-ghidra-plugin-master\intezer_analyze_gh_community.py", line 285, in run
helper.create_function_map(sha256)
File "C:\Users\Rony\Desktop\analyze-community-ghidra-plugin-master\intezer_analyze_gh_community.py", line 243, in create_function_map
function_map = self._get_function_map(sha256)
File "C:\Users\Rony\Desktop\analyze-community-ghidra-plugin-master\intezer_analyze_gh_community.py", line 167, in _get_function_map
result_url = self._proxy.create_plugin_report(sha256, functions_data)
File "C:\Users\Rony\Desktop\analyze-community-ghidra-plugin-master\intezer_analyze_gh_community.py", line 106, in create_plugin_report
if response.status_code == 404:
AttributeError: 'NoneType' object has no attribute 'status_code'
intezer_analyze_gh_community.py> Finished!
I added the script folder but its not showing up in the script manager
i did exactly as the instructions of github and it gives me this error on linux(Manjaro latest version):
intezer_analyze_gh_community.py> Finished!
intezer_analyze_gh_community.py> Running...
Program Info:
crackme:
x86:LE:64:default_gcc
(Thu Jul 09 21:54:10 AST 2020)
/home/user/Downloads/crackme
file SHA : 99ce00634501b4da092d0ad185bdbfe78ee67e2d7c06f1415978393bd7cd8a00
Start analyzing file...
Traceback (most recent call last):
File "/home/user/analyze-community-ghidra-plugin/intezer_analyze_gh_community.py", line 271, in run
helper.create_function_map(sha256)
File "/home/user/analyze-community-ghidra-plugin/intezer_analyze_gh_community.py", line 229, in create_function_map
function_map = self._get_function_map(sha256)
File "/home/user/analyze-community-ghidra-plugin/intezer_analyze_gh_community.py", line 153, in _get_function_map
result_url = self._proxy.create_plugin_report(sha256, functions_data)
File "/home/user/analyze-community-ghidra-plugin/intezer_analyze_gh_community.py", line 91, in create_plugin_report
print(response.status_code)
AttributeError: 'NoneType' object has no attribute 'status_code'
intezer_analyze_gh_community.py> Finished!
Traceback (most recent call last):
File "****/ghidra_scripts/analyze-community-ghidra-plugin/intezer_analyze_gh_community.py", line 30, in
import requests
ImportError: No module named requests
Probably because this script expect Python 2, but we are in 2021 now and almost no Linux dist comes with Python 2 so will this plugin be upgraded to Python 3 in the near future? Really don't want to downgrade to Python 2 so it would be nice if it would support both 2 and 3 if possible.
The first detection in the list that targets Linux is returning False on Ubuntu 22.04 LTS.
(os.name == "Posix") and (("Linux") in os.uname())
Hi,
a nice feature it's colorize the code reused in the listing of ghidra, it's very usefull to see quickly the function to analyze.
I just had the problem that the plugin doesn't want to import 'requests' despite it being installed and working from the command line.
Some analysis (ok, adding print statements to the code) indicated to me that my os.name is 'java' inside of Ghidra, not 'posix'. As a result I got the Windows path extension, and of course 'requests' wasn't anywhere to be seen. Modified line 11 of the script to
if (os.name == "posix" or os.name=='java'):
and then the script works.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.