BSimVis v0.2.0 - Clustering & Workflow improvements

BSimVis is a tool to analyze similarities across a collection of binaries, based on Ghidra analyzers and the BSim (Behavioral Similarity) plugin. It provides an API and Web interface to upload large quantities of decompiled binaries and BSim feature vectors to a Kvrocks database for similarity analysis, function diffing, and family clustering.

New features

This new version focuses on function clustering and improving analyst workflow.

Screenshots

Clustering

• HDBSCAN clustering
• Cluster search view
• Dendrogram and Packing diagram

Search

• Full text file search, sorting and filtering
• Full text feature search, sorting and filtering
• Matching both function filters
• Indexing configuration
• Search history and caching

Call graph

• Callees and callers navigation
• Call graph view

API

• Extended upload API: analysis config params (processor/compiler, profiling, batch metadata, similarity params)
• Swagger UI API documentation

UI Improvements

• Function code / diff selection and copy
• All dashboard tables selection and copy
• All search export to JSON and CSV
• Tag management panel and user settings panel
• Quick preview tooltips :
  • Cluster preview (scroll to view all functions code)
  • Diff preview (scroll to view all diffs)
• Job view

Setup

• install.sh: automated install of Redis, Kvrocks, Ghidra and optional Milvus
• launch.sh: one-command service launcher with screen sessions and --clear flag
• Milvus support is now optional (ENABLE_MILVUS=true in .env)
• Configurable DATA_BASE_DIR for data storage paths

Refactor

• New similarity graph using D3js, with more coloring options
• New window management, allowing multiple code preview in the same page
• Modular frontend JS

Experimental

• Tests with Milvus vector database for building similarities

Full Changelog: v0.1.0...v0.2.0