R0 CREW

CAPA Explorer is an IDAPython plugin that integrates the CAPA

image

CAPA Explorer is an IDAPython plugin that integrates the FLARE team’s open-source framework, capa, with IDA Pro. capa is a framework that uses a well-defined collection of rules to identify capabilities in a program. You can run capa against a PE file or shellcode and it tells you what it thinks the program can do. For example, it might suggest that the program is a backdoor, can install services, or relies on HTTP to communicate. capa explorer runs capa directly against your IDA Pro database (IDB) without requiring access to the original binary file. Once a database has been analyzed, capa explorer helps you identify interesting areas of a program and build new capa rules using features extracted from your IDB.

Github: https://github.com/fireeye/capa/tree/master/capa/ida/plugin

1 Like