intezer / analyze-community-ghidra-plugin Goto Github PK

View Code? Open in Web Editor NEW

69.0 69.0 12.0 2.16 MB

Ghidra plugin for https://analyze.intezer.com

License: BSD 3-Clause "New" or "Revised" License

Java 42.75% Python 57.25%

ghidra ghidra-plugin

analyze-community-ghidra-plugin's People

Contributors

Stargazers

Watchers

Forkers

shiriskumar xme itayc0hen f0829 dmoore44 jay-carter manggoguy 4rchib4ld stjordanis forbiddenprogrammer dannythehacker tobey123

analyze-community-ghidra-plugin's Issues

Error running script

I was attempting to analyze a file in Ghidra, but the following set of errors were returned instead, and I'm not real sure where to begin troubleshooting.

intezer_analyze_gh_community.py> Running...
>>> Program Info:
>>>	winta.exe:
	x86:LE:64:default_windows
	(Wed Sep 02 14:52:52 CDT 2020)
	/Users/dmoore/Documents/repository/samples/gotroj/winta.exe
>>> file SHA : 57150938be45c4d9c742ab24c693acc14cc071d23b088a1facc2a7512af89414
>>> Start analyzing file...
Traceback (most recent call last):
  File "/Users/dmoore/ghidra_scripts/analyze-community-ghidra-plugin/intezer_analyze_gh_community.py", line 284, in run
    helper.create_function_map(sha256)
  File "/Users/dmoore/ghidra_scripts/analyze-community-ghidra-plugin/intezer_analyze_gh_community.py", line 242, in create_function_map
    function_map = self._get_function_map(sha256)
  File "/Users/dmoore/ghidra_scripts/analyze-community-ghidra-plugin/intezer_analyze_gh_community.py", line 166, in _get_function_map
    result_url = self._proxy.create_plugin_report(sha256, functions_data)
  File "/Users/dmoore/ghidra_scripts/analyze-community-ghidra-plugin/intezer_analyze_gh_community.py", line 104, in create_plugin_report
    response = self._post(URLS['create_ghidra_plugin_report'].format(sha256), json={'functions_data': functions_data})
  File "/Users/dmoore/ghidra_scripts/analyze-community-ghidra-plugin/intezer_analyze_gh_community.py", line 91, in _post
    response = self.session.post(url_path, **kwargs)
  File "/Users/dmoore/Library/Python/2.7/lib/python/site-packages/requests/sessions.py", line 578, in post
    return self.request('POST', url, data=data, json=json, **kwargs)
  File "/Users/dmoore/Library/Python/2.7/lib/python/site-packages/requests/sessions.py", line 530, in request
    resp = self.send(prep, **send_kwargs)
  File "/Users/dmoore/Library/Python/2.7/lib/python/site-packages/requests/sessions.py", line 643, in send
    r = adapter.send(request, **kwargs)
  File "/Users/dmoore/Library/Python/2.7/lib/python/site-packages/requests/adapters.py", line 498, in send
    raise ConnectionError(err, request=request)
ConnectionError: ('Connection aborted.', BadStatusLine("''",))
intezer_analyze_gh_community.py> Finished!

UnicodeEncodeError

What could be the solution for the following error?
I used python 2.7 as recommended in the description.

UnicodeEncodeError: 'ascii' codec can't encode character u'\xb5' in position 745: ordinal not in range(128)

Hello, I am running Ghidra version on 9.2.1, and the latest version of the Intezer plugin. Unfortunately, when running the script on a sample, I am getting a Python requests error. Requests is definitely installed on the system.

intezer_analyze_gh_community.py> Running...
Whelp, something went wrong.
Traceback (most recent call last):
  File "/usr/bin/ghidra_9.2.1_PUBLIC/Ghidra/Processors/PIC/ghidra_scripts/analyze-community-ghidra-plugin/intezer_analyze_gh_community.py", line 26, in <module>
    import requests
ImportError: No module named requests
intezer_analyze_gh_community.py> Finished!

Python sys.version:
'2.7.2 (v2.7.2:925a3cc3b49d, Mar 21 2020, 10:03:58)\n[OpenJDK 64-Bit Server VM (Debian)]

Is there a way to resolve this without uninstalling/reinstalling requests? The sample is ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.

import requests ImportError: No module named requests

What could be the solution for the following error?

Traceback (most recent call last): File "C:\Users\PC\Desktop\analyze-community-ghidra-plugin-master\intezer_analyze_gh_community.py", line 32, in import requests ImportError: No module named requests

Ghidra Bridge / Python3 port

Hi,

I made a port for this plugin to Ghidra bridge / Python3, because using Jython is not fun.
I don't know if I should make a pull request and add a branch "Python3" to this repository or just keep it on my side.

Anyway, it exists and seems to work (based on my tests on Ubuntu 20.04).

Incompatibility with the current Jython?

I'm testing your script and reached the following problem:

>>> Start analyzing file...
Traceback (most recent call last):
  File "/opt/analyze-community-ghidra-plugin/intezer_analyze_gh_community.py", line 272, in run
    helper.create_function_map(sha256)
  File "/opt/analyze-community-ghidra-plugin/intezer_analyze_gh_community.py", line 230, in create_function_map
    function_map = self._get_function_map(sha256)
  File "/opt/analyze-community-ghidra-plugin/intezer_analyze_gh_community.py", line 155, in _get_function_map
    ghidra_plugin_report = self._proxy.get_plugin_report(result_url)
  File "/opt/analyze-community-ghidra-plugin/intezer_analyze_gh_community.py", line 110, in get_plugin_report
    response = self._get(API_URL + result_url)
  File "/opt/analyze-community-ghidra-plugin/intezer_analyze_gh_community.py", line 89, in _get
    return self.session.get(url_path, **kwargs)
  File "/usr/lib/python2.7/dist-packages/requests/sessions.py", line 533, in get
    return self.request('GET', url, **kwargs)
  File "/usr/lib/python2.7/dist-packages/requests/sessions.py", line 520, in request
    resp = self.send(prep, **send_kwargs)
  File "/usr/lib/python2.7/dist-packages/requests/sessions.py", line 630, in send
    r = adapter.send(request, **kwargs)
  File "/usr/lib/python2.7/dist-packages/requests/adapters.py", line 430, in send
    resp = conn.urlopen(
  File "/usr/lib/python2.7/dist-packages/requests/adapters.py", line 430, in send
    resp = conn.urlopen(
  File "/usr/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 589, in urlopen
    conn = self._get_conn(timeout=pool_timeout)
  File "/usr/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 589, in urlopen
    conn = self._get_conn(timeout=pool_timeout)
  File "/usr/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 242, in _get_conn
    if conn and is_connection_dropped(conn):
  File "/usr/lib/python2.7/dist-packages/urllib3/util/connection.py", line 27, in is_connection_dropped
    return bool(wait_for_read(sock, timeout=0.0))
  File "/usr/lib/python2.7/dist-packages/urllib3/util/connection.py", line 27, in is_connection_dropped
    return bool(wait_for_read(sock, timeout=0.0))
  File "/usr/lib/python2.7/dist-packages/urllib3/util/wait.py", line 33, in wait_for_read
    return _wait_for_io_events(socks, EVENT_READ, timeout)
  File "/usr/lib/python2.7/dist-packages/urllib3/util/wait.py", line 24, in _wait_for_io_events
    selector.register(sock, events)
  File "/usr/lib/python2.7/dist-packages/urllib3/util/selectors.py", line 344, in register
    key = super(PollSelector, self).register(fileobj, events, data)
  File "/usr/lib/python2.7/dist-packages/urllib3/util/selectors.py", line 197, in register
    key = SelectorKey(fileobj, self._fileobj_lookup(fileobj), events, data)
  File "/usr/lib/python2.7/dist-packages/urllib3/util/selectors.py", line 181, in _fileobj_lookup
    return _fileobj_to_fd(fileobj)
  File "/usr/lib/python2.7/dist-packages/urllib3/util/selectors.py", line 50, in _fileobj_to_fd
    raise ValueError("Invalid file object: {0!r}".format(fileobj))
ValueError: Invalid file object: <ssl.SSLSocket object at 0xc15>

I found that this error could be related to the Jython version used by Ghidra. Any idea to solve this issue?

Error while running script on Ghidra 9.2

I'm getting the following error:

>>> Start analyzing file...
Traceback (most recent call last):
  File "C:\Users\Rony\Desktop\analyze-community-ghidra-plugin-master\intezer_analyze_gh_community.py", line 285, in run
    helper.create_function_map(sha256)
  File "C:\Users\Rony\Desktop\analyze-community-ghidra-plugin-master\intezer_analyze_gh_community.py", line 243, in create_function_map
    function_map = self._get_function_map(sha256)
  File "C:\Users\Rony\Desktop\analyze-community-ghidra-plugin-master\intezer_analyze_gh_community.py", line 167, in _get_function_map
    result_url = self._proxy.create_plugin_report(sha256, functions_data)
  File "C:\Users\Rony\Desktop\analyze-community-ghidra-plugin-master\intezer_analyze_gh_community.py", line 106, in create_plugin_report
    if response.status_code == 404:
AttributeError: 'NoneType' object has no attribute 'status_code'
intezer_analyze_gh_community.py> Finished!

Ghidra 10.1.1 not showing up?

I added the script folder but its not showing up in the script manager

AttributeError

i did exactly as the instructions of github and it gives me this error on linux(Manjaro latest version):
intezer_analyze_gh_community.py> Finished!
intezer_analyze_gh_community.py> Running...

Program Info:
crackme:
x86:LE:64:default_gcc
(Thu Jul 09 21:54:10 AST 2020)
/home/user/Downloads/crackme
file SHA : 99ce00634501b4da092d0ad185bdbfe78ee67e2d7c06f1415978393bd7cd8a00
Start analyzing file...
Traceback (most recent call last):
File "/home/user/analyze-community-ghidra-plugin/intezer_analyze_gh_community.py", line 271, in run
helper.create_function_map(sha256)
File "/home/user/analyze-community-ghidra-plugin/intezer_analyze_gh_community.py", line 229, in create_function_map
function_map = self._get_function_map(sha256)
File "/home/user/analyze-community-ghidra-plugin/intezer_analyze_gh_community.py", line 153, in _get_function_map
result_url = self._proxy.create_plugin_report(sha256, functions_data)
File "/home/user/analyze-community-ghidra-plugin/intezer_analyze_gh_community.py", line 91, in create_plugin_report
print(response.status_code)
AttributeError: 'NoneType' object has no attribute 'status_code'
intezer_analyze_gh_community.py> Finished!

Error when running script

Traceback (most recent call last):
File "****/ghidra_scripts/analyze-community-ghidra-plugin/intezer_analyze_gh_community.py", line 30, in
import requests
ImportError: No module named requests

Probably because this script expect Python 2, but we are in 2021 now and almost no Linux dist comes with Python 2 so will this plugin be upgraded to Python 3 in the near future? Really don't want to downgrade to Python 2 so it would be nice if it would support both 2 and 3 if possible.

OS Name Not Detected Properly in Ubuntu 22.04 LTS

The first detection in the list that targets Linux is returning False on Ubuntu 22.04 LTS.

(os.name == "Posix") and (("Linux") in os.uname())

Feature request

Hi,

a nice feature it's colorize the code reused in the listing of ghidra, it's very usefull to see quickly the function to analyze.

os.name is 'java' for me, not 'posix'

I just had the problem that the plugin doesn't want to import 'requests' despite it being installed and working from the command line.

Some analysis (ok, adding print statements to the code) indicated to me that my os.name is 'java' inside of Ghidra, not 'posix'. As a result I got the Windows path extension, and of course 'requests' wasn't anywhere to be seen. Modified line 11 of the script to

if (os.name == "posix" or os.name=='java'):

and then the script works.