Skip to content
This repository has been archived by the owner on Dec 9, 2024. It is now read-only.

A software tool kit to help identify quickly what's inside your binary files.

License

Notifications You must be signed in to change notification settings

omnissa-archive/software-forensic-kit

Repository files navigation

software-forensic-kit

Overview

Software-Forensic-Kit is a software tool kit to help identify quickly what's inside your binary files and is code reachable in your application. Often times, your binaries, including your open source libraries, will encapsulate other open source software. This makes it difficult to determine if a particular function in a certain library is being used by an application on your system. This tool kit will help you find plausible paths to functions of interest by searching through your already built binaries and generating filtered callgraphs and by injecting into the target function and providing details when that function is invoked.

Software-Forensic-Kit Deployment

Prerequisites

  • Requires Java 1.8+
  • Requires Maven 3.x+

Build & Run

  1. Setup maven
  2. Build Project
  3. Run

Setup maven

Requires Java 1.8+ and Maven 3.x+

  1. Download maven from https://maven.apache.org/download.cgi and extract it.
  2. Install JDK 8 and setup JAVA_HOME
  3. Add maven bin directory to PATH

Build Project

Ensure java and maven are setup then run the following:

mvn initialize

mvn clean package

Run

usage: Software_Forensic_Kit [-h] [-u <USERNAME>] [-p <PASSWORD>] [-d
       <DOMAIN>] [-f <FILTER>] [-s <FUNCTION>] [-cd <NUM>] [-rp <arg>]
       [-rd] [-jp] [-pp] [-g] [-gm] [-hi] [-hm] [-cgf] [-I] [-v] [-o
       <FOLDER>]
 -h,--help
 -u,--username <USERNAME>         Remote server username
 -p,--password <PASSWORD>         Remote server password
 -d,--domain <DOMAIN>             Remote server ip
 -f,--filter <FILTER>             Jar path must contain this term to be
                                  included
 -s,--searchFunction <FUNCTION>   Function to search for
 -cd,--depth <NUM>                Max callgraph depth (default is 8)
 -rp,--removePrefix <arg>         Remove Prefix from callgraph text
 -rd,--removeDuplicates           Remove Duplicate Paths
 -jp,--justPrint                  Print output to console
 -pp,--prettyPrint                Pretty Print output to console
 -g,--graphViz                    Output for Graphviz
 -gm,--graphVizM                  Output for Graphviz Multiple
 -hi,--html                       Output for HTML - https://visjs.org
 -hm,--htmlM                      Output for HTML Multiple -
                                  https://visjs.org
 -cgf,--callgraphFile             Passing in CallGraph file instead of
                                  jar(s)
 -I,--interactive                 Interactive Mode
 -v,--verbose                     Verbose
 -o,--output <FOLDER>             Output to folder
Example Usage:

>java -jar software_forensic_kit.jar -u root -d 10.160.157.187 -p test123 -s "ExampleClass:functionA" -f /var/www -hm -rp my.class.path.

Or using wildcards * for filter

>java -jar software_forensic_kit.jar -u root -d 10.160.157.187 -p test123 -s "ExampleClass*functionA" -f /var/www -pp -rp my.class.path. -o
C:\test\output

   If you want to run software forensic kit locally simply exclude (user, domain and password variables)

   >java -jar software_forensic_kit.jar -s "ExampleClass:functionA" -f C:\test -pp

For Interactive Mode:
   >java -jar software_forensic_kit.jar -I

Contributing

The software-forensic-kit project team welcomes contributions from the community. For more detailed information, refer to CONTRIBUTING.md.

Be sure to end all commits with Signed-off-by:

License

software-forensic-kit is available under the BSD-2 License. For more detailed information, refer to LICENSE.txt.

About

A software tool kit to help identify quickly what's inside your binary files.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Contributors 3

  •  
  •  
  •