rugosa


Namerugosa JSON
Version 1.0.0 PyPI version JSON
download
home_pagehttps://github.com/Defense-Cyber-Crime-Center/rugosa
SummaryThe next generation of kordesii. This is a library for managing emulation and provides utilities for interfacing with decompiled malware samples using dragodis.
upload_time2024-06-17 18:50:42
maintainerNone
docs_urlNone
authorDC3
requires_python>=3.9
licenseMIT
keywords malware ida ghidra emulation strings
VCS
bugtrack_url
requirements No requirements were recorded.
Travis-CI No Travis.
coveralls test coverage No coveralls. 
            # Rugosa

Rugosa is a static malware analysis library and tool developed using the disassembler-agnostic 
[dragodis](https://github.com/dod-cyber-crime-center/dragodis) API. It incorporates a binary emulation framework along with
utilities for regex and YARA searching, string extraction, and function discovery within disassembled code.
These features enhance capabilities for comprehensive malware analysis and metadata extraction.

Rugosa utilizes an in-house developed emulation engine entirely written in Python to achieve full control of the execution
context and offer high-level abstractions for emulated artifacts. 
It adopts a targeted approach employing branch path tracing to emulate portions of code without the need to fully
emulate preceding code or modify the binary to accommodate such control flow.

Currently, x86 and ARM processors are supported.


## Install

```
pip install rugosa
```

You will also need to setup a backend disassembler by following [Dragodis's installation instructions](https://github.com/Defense-Cyber-Crime-Center/dragodis/blob/master/docs/install.rst).


## Utilities

The following utilities are included with Rugosa:
- [Emulation](./docs/CPUEmulation.md)
- [Extra Disssembly Interfaces](./rugosa/disassembly.py)
- [Regex](./docs/Regex.md)
- [Strings](./rugosa/strings.py)
- [YARA](./docs/YARA.md)


## Interactive Shell

Rugosa includes an interactive shell created with [cmd2](https://cmd2.readthedocs.io) for emulating and traversing a given binary.
For more information on how to use the tool, please see the [documentation](./docs/Shell.md).

![](docs/assets/shell.gif)


## Emulator Plugin

Rugosa includes a IDA and Ghidra plugin which provides a GUI for using the [emulation](./docs/CPUEmulation.md) utility.
For more information on how to install and use the plugin please see the [documentation](./docs/EmulatorPlugin.md).

![](docs/assets/ida_overview.png)

![](docs/assets/ghidra_overview.png)

Raw data

            {
    "_id": null,
    "home_page": "https://github.com/Defense-Cyber-Crime-Center/rugosa",
    "name": "rugosa",
    "maintainer": null,
    "docs_url": null,
    "requires_python": ">=3.9",
    "maintainer_email": null,
    "keywords": "malware, ida, ghidra, emulation, strings",
    "author": "DC3",
    "author_email": null,
    "download_url": "https://files.pythonhosted.org/packages/88/48/c4c05e29b74557c28dc87fbe3fde008339b67121e3f50e28ded37dcb1891/rugosa-1.0.0.tar.gz",
    "platform": null,
    "description": "# Rugosa\n\nRugosa is a static malware analysis library and tool developed using the disassembler-agnostic \n[dragodis](https://github.com/dod-cyber-crime-center/dragodis) API. It incorporates a binary emulation framework along with\nutilities for regex and YARA searching, string extraction, and function discovery within disassembled code.\nThese features enhance capabilities for comprehensive malware analysis and metadata extraction.\n\nRugosa utilizes an in-house developed emulation engine entirely written in Python to achieve full control of the execution\ncontext and offer high-level abstractions for emulated artifacts. \nIt adopts a targeted approach employing branch path tracing to emulate portions of code without the need to fully\nemulate preceding code or modify the binary to accommodate such control flow.\n\nCurrently, x86 and ARM processors are supported.\n\n\n## Install\n\n```\npip install rugosa\n```\n\nYou will also need to setup a backend disassembler by following [Dragodis's installation instructions](https://github.com/Defense-Cyber-Crime-Center/dragodis/blob/master/docs/install.rst).\n\n\n## Utilities\n\nThe following utilities are included with Rugosa:\n- [Emulation](./docs/CPUEmulation.md)\n- [Extra Disssembly Interfaces](./rugosa/disassembly.py)\n- [Regex](./docs/Regex.md)\n- [Strings](./rugosa/strings.py)\n- [YARA](./docs/YARA.md)\n\n\n## Interactive Shell\n\nRugosa includes an interactive shell created with [cmd2](https://cmd2.readthedocs.io) for emulating and traversing a given binary.\nFor more information on how to use the tool, please see the [documentation](./docs/Shell.md).\n\n![](docs/assets/shell.gif)\n\n\n## Emulator Plugin\n\nRugosa includes a IDA and Ghidra plugin which provides a GUI for using the [emulation](./docs/CPUEmulation.md) utility.\nFor more information on how to install and use the plugin please see the [documentation](./docs/EmulatorPlugin.md).\n\n![](docs/assets/ida_overview.png)\n\n![](docs/assets/ghidra_overview.png)\n",
    "bugtrack_url": null,
    "license": "MIT",
    "summary": "The next generation of kordesii. This is a library for managing emulation and provides utilities for interfacing with decompiled malware samples using dragodis.",
    "version": "1.0.0",
    "project_urls": {
        "Homepage": "https://github.com/Defense-Cyber-Crime-Center/rugosa"
    },
    "split_keywords": [
        "malware",
        " ida",
        " ghidra",
        " emulation",
        " strings"
    ],
    "urls": [
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "d7e7add3eb0e4f51b69f48e9ead14b5553ea919386ccc6019130354c8232ffae",
                "md5": "f6d3e40d09a67d1209318539245a0fde",
                "sha256": "817bb136f60206324f02ec4c95011c95b755e433eb0e3f6fcf62333e1b94f436"
            },
            "downloads": -1,
            "filename": "rugosa-1.0.0-py3-none-any.whl",
            "has_sig": false,
            "md5_digest": "f6d3e40d09a67d1209318539245a0fde",
            "packagetype": "bdist_wheel",
            "python_version": "py3",
            "requires_python": ">=3.9",
            "size": 177530,
            "upload_time": "2024-06-17T18:50:23",
            "upload_time_iso_8601": "2024-06-17T18:50:23.187748Z",
            "url": "https://files.pythonhosted.org/packages/d7/e7/add3eb0e4f51b69f48e9ead14b5553ea919386ccc6019130354c8232ffae/rugosa-1.0.0-py3-none-any.whl",
            "yanked": false,
            "yanked_reason": null
        },
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "8848c4c05e29b74557c28dc87fbe3fde008339b67121e3f50e28ded37dcb1891",
                "md5": "5313fead91bd222551ba27657d84e4fb",
                "sha256": "c1ff2e96aed914da7c9f2a2ff09ebc96abf22af3b78e1164efdd5147317424b0"
            },
            "downloads": -1,
            "filename": "rugosa-1.0.0.tar.gz",
            "has_sig": false,
            "md5_digest": "5313fead91bd222551ba27657d84e4fb",
            "packagetype": "sdist",
            "python_version": "source",
            "requires_python": ">=3.9",
            "size": 147399,
            "upload_time": "2024-06-17T18:50:42",
            "upload_time_iso_8601": "2024-06-17T18:50:42.191566Z",
            "url": "https://files.pythonhosted.org/packages/88/48/c4c05e29b74557c28dc87fbe3fde008339b67121e3f50e28ded37dcb1891/rugosa-1.0.0.tar.gz",
            "yanked": false,
            "yanked_reason": null
        }
    ],
    "upload_time": "2024-06-17 18:50:42",
    "github": true,
    "gitlab": false,
    "bitbucket": false,
    "codeberg": false,
    "github_user": "Defense-Cyber-Crime-Center",
    "github_project": "rugosa",
    "travis_ci": false,
    "coveralls": false,
    "github_actions": true,
    "lcname": "rugosa"
}
DC3
Elapsed time: 0.26607s