Releases: MISP/misp-ghidra
Releases · MISP/misp-ghidra
v0.1.0 - Initial Release
This release includes the following scripts :
Features
- (From GUI or Headless) Export to a MISP instance :
- program metadatas to a MISP file objects (PE, ELF, MachO file/section objects)
- function metadatas, FID and BSIM hashes and decompiled code to a MISP ghidra-function object (version 1)
- (From GUI) (in development) Search similar functions in MISP using FID and BSIM hashes
Quick install
Install requirements with your pyghidra venv
$GHIDRA_VENV/bin/pip install -r requirements.txtCopy the MISP config.toml template and edit with your own API keys
cp mispghidra/misp/config/config.template.toml mispghidra/misp/config/config.tomlScripts
GUI scripts are in the /ghidra_scripts/ directory
Headless scripts are in the /headless_scripts/ directory and must be run using the pyghidraRun command (GHIDRA_INSTALL/support/pyghidraRun)
Configure MISP API
- GUI-configure-MISP-API.py
- Test-MISP-API.py
Exporting to MISP
GUI
- GUI-ghidra-all-functions-to-MISP.py
- GUI-ghidra-current-function-to-MISP.py
- GUI-ghidra-current-selection-functions-to-MISP.py
- GUI-ghidra-functions-to-MISP.py
Headless
- ghidra-functions-to-MISP.py
Recreate the call tree
(Run these after adding individual functions)
- GUI-create-MISP-call-tree.py (GUI)
- create-MISP-call-tree.py (Headless)
Searching in MISP
(experimental, GUI only)
- GUI-MISP-fetch-comments-for-all-functions.py
- GUI-MISP-fetch-comments-for-current-function.py
- GUI-MISP-fetch-comments-for-current-selection.py
Full Changelog: https://github.com/MISP/misp-ghidra/commits/v0.1.0