-
Notifications
You must be signed in to change notification settings - Fork 35
/
Copy pathplugin.json
27 lines (27 loc) · 2.81 KB
/
plugin.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
{
"pluginmetadataversion": 2,
"name": "VulnFanatic",
"type": ["helper"],
"api": ["python3"],
"description": "Assistant plugin for vulnerability research.",
"longdescription": "This plugin aims to assist during the vulnerability research process by providing a capability to scan the binary for potential occurrences of known vulnerabilities such as Use-after-free, buffer overflow or format string related issues. Along with the scanner, this plugin also includes a simple highlighter tool which should provide further aid during the follow-up manual analysis of the issues found by teh scanner. \n\n### Highlighter###\n\nThe highlighter part of the plugin can be used after selecting an instruction. This feature allows you to highlight Assembly and HLIL blocks that lead to current block. Another feature also allows you to highlight either HLIL or Assembly variables. This provides ability to trace all points of interest for given variables.\n\n### Scanner###\n\nScanner is using set of rules and function tracker to perform basic analysis to detect any potentially vulnerable function calls. Issues that are found by this component are marked with tags that reflect the priority for a follow-up manual analysis. Following are the priority categories:\n\n* 🟥 High - Detected conditions are likely to lead to vulnerability.\n* 🟧 Medium - Detected conditions could theoretically lead to vulnerability.\n* 🟨 Low - Detected conditions are unlikely to lead to vulnerability.\n* 🟦 Info - Detected conditions were not clear enough to determine if the call is secure or not.\n\n\nExample of discovered issue:\n\n\n\nPlease note that by no means this plugin provides a zero effort way to find vulnerabilities. However, it should assist you in prioritizing specific places in binaries which are worth investigating.\n",
"license": {
"name": "Apache-2.0",
"text": "Copyright 2020 Martin Petran\n\nLicensed under the Apache License, Version 2.0 (the \"License\"); you may not use this file except in compliance with the License. You may obtain a copy of the License at\n\n\thttp://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License."
},
"platforms": ["Darwin", "Linux", "Windows"],
"installinstructions": {
"Darwin": "N/A",
"Linux": "N/A",
"Windows": "N/A"
},
"dependencies": {
"pip": [],
"apt": [],
"installers": [],
"other": []
},
"version": "3.7",
"author": "Martin Petran",
"minimumbinaryninjaversion": 2263
}