This plugin attempts to bring CAPA to BinaryNinja.
At the moment, it is capable of opening an json output from capa command line and import it in Binary Ninja.
Copy (or clone) the content of this git into your plugins folder :
- macOS:
~/Library/Application Support/Binary Ninja/plugins/
- Linux:
~/.binaryninja/plugins/
- Windows:
%APPDATA%\Binary Ninja\plugins
In the future, this plugin will be added to Binary Ninja’s plugin manager.
-
You need to analyze the binary you want using CAPA cli, using verbose (—verbose) and redirecting json output to a file :
capa Malwares/Pikabot/pikabot.dll --verbose -j > output.json
-
Load the binary you analyzed in Binary Ninja
-
Load the plugin by Plugins > CAPA > Load input file
- Now every capability is tagged in the binary and you can follow it using addresses :
- Be more precise where matches are located in the code, by reusing blocks like IDA script
- Find a way to run CAPA inside binja, either by launching a subprocess in the plugin running capa or understanding the library to use it directly