VM-Packages
VM-Packages copied to clipboard
mandiant
Add issue template for IDA plugins && support automate package creation
Details
Introduce a new helper for IDA plugins and an issue template so that we can create packages that install ida plugins automatically.
Split https://github.com/mandiant/VM-Packages/issues/719 using the new template
You can use the IDAUSR https://hex-rays.com/blog/igors-tip-of-the-week-33-idas folder for partial configs and plugin folder merging without needing to put them in the IDA directory. Works for python and binary plugins
My personal plugins and configs https://github.com/stevemk14ebr/RETools/tree/master/IdaScripts
This could end up being a lot, I'd recommend a pretty minimal default set if any are default at all.
@stevemk14ebr
You can use the IDAUSR https://hex-rays.com/blog/igors-tip-of-the-week-33-idas folder for partial configs and plugin folder merging without needing to put them in the IDA directory
This is how we are doing it already (for the only plugin we have: capa plugin) :wink: IDAUSR is shared between IDA versions.
@stevemk14ebr
This could end up being a lot, I'd recommend a pretty minimal default set if any are default at all.
There has been some discussions in https://github.com/mandiant/VM-Packages/issues/719 about what the default should be.
I am adding a helper function in https://github.com/mandiant/VM-Packages/pull/1013 that downloads a single file to the plugins directory. This seems to be how most plugins distributed as a DLL are installed. The following Python plugins can also be installed in this way:
- https://github.com/hasherezade/ida_ifl
- https://github.com/airbus-cert/comida
I have checked several IDA plugins and the other common case seems to be copying a folder to the plugins directory (normally downloaded from GH in a ZIP). Plugins that can be installed in this way:
- https://github.com/gaasedelen/tenet (plugins folder)
- https://github.com/gaasedelen/lighthouse (plugins folder)
- https://github.com/danigargu/deREferencing (root folder, we may want to ask the maintainer for a subfolder that does not include things like the license and the readme and we can directly copy)
I suggest extending the helper to support this second case after #1013 has been merged and create a new issue template for automation for both cases and that allow to provide installation details for the rest. After that we can trigger automation to generate the packages mentioned above!
https://github.com/gaasedelen/tenet doesn't work with Python 3.10: https://github.com/gaasedelen/tenet/issues/15#issuecomment-2084743150 which means we can't add it until the bug is fixed.