ghidra_tools
slsa-github-generator
ghidra_tools | slsa-github-generator | |
---|---|---|
6 | 3 | |
281 | 380 | |
1.1% | 5.8% | |
5.4 | 9.0 | |
about 1 year ago | 7 days ago | |
Python | Go | |
MIT License | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
ghidra_tools
-
LLM4Decompile: Decompiling Binary Code with LLM
relevant: https://news.ycombinator.com/item?id=34250872 (G-3PO: A protocol droid for Ghidra, or GPT-3 for reverse-engineering <https://github.com/tenable/ghidra_tools/blob/main/g3po/g3po....>; Jan, 2023; 44 comments)
-
UEFI Software Bill of Materials Proposal
https://github.com/tenable/ghidra_tools/tree/main/g3po
I suspect there are better ones being worked on though.
-
G-3PO: A Protocol Droid for Ghidra, or GPT-3 for Reverse-Engineering
Hey guys, I'm the one who wrote the post and the Ghidra plugin. Really delighted to see it get so much traction here! I just merged a couple of PRs which should improve the tool somewhat -- one from eShuttleworth, which uses GPT-3's feedback to automatically rename the function and global variables, and another from me, which does the same for what Ghidra internally refers to as HighVariables (variables visible in the decompiled code listing, as opposed to just the assembly listing). Turns out these two things only look like similar operations from the perspective of the GUI.
Here's the public github repo: <https://github.com/tenable/ghidra_tools> Please feel free to fork it and send me PRs with any features or fixes you think might be useful.
-
Ask HN: Has anyone tried throwing GPT3 at unobfuscating / disassembly?
That G-3PO script is open source, MIT license: https://github.com/tenable/ghidra_tools/tree/main/g3po
slsa-github-generator
- SLSA up to v1.9.0 (latest) breaking GHA pipelines
-
UEFI Software Bill of Materials Proposal
https://github.com/slsa-framework/slsa-github-generator#gene... :
> Supply chain Levels for Software Artifacts, or SLSA (salsa), is a security framework, a check-list of standards and controls to prevent tampering, improve integrity, and secure packages and infrastructure in your projects, businesses or enterprises.
> SLSA defines an incrementally-adoptable set of levels which are defined in terms of increasing compliance and assurance. SLSA levels are like a common language to talk about how secure software, supply chains and their component parts really are.
- slsa-github-generator: Language-agnostic SLSA provenance generation for Github Actions
What are some alternatives?
Gepetto - IDA plugin which queries OpenAI's GPT language models to speed up reverse-engineering
Open-Source-Security-Guide - Open Source Security Guide. Learn all about Security Standards (FIPS, CIS, FedRAMP, FISMA, etc.), Frameworks, Threat Models, Encryption, and Benchmarks.
gpt-wpre - Whole-Program Reverse Engineering with GPT-3
slsa-provenance-action - Github Action implementation of SLSA Provenance Generation
Ghidra-ChatGPT
trivy - Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
GhidraChatGPT - Brings the power of ChatGPT to Ghidra!
appvm - Nix-based app VMs
GptHidra - GptHidra is a Ghidra plugin that uses the OpenAI Chat GPT to explain functions. With GptHidra, you can easily understand the purpose and behavior of functions in your codebase. Now with GPT4 Support!
vuls - Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
LLM4Decompile - Reverse Engineering: Decompiling Binary Code with Large Language Models
gitleaks - Protect and discover secrets using Gitleaks 🔑