├── .coveragerc ├── .gitignore ├── GhidraScout.java ├── LICENSE ├── Makefile ├── README.md ├── apiscout ├── ApiQR.py ├── ApiQRContext.py ├── ApiScout.py ├── ApiVector.py ├── FingerprintCrawler.py ├── IdaForm.py ├── IdaProxy.py ├── IdaTools.py ├── ImportTableLoader.py ├── OrdinalHelper.py ├── PeTools.py ├── __init__.py ├── data │ ├── html_frame.html │ ├── winapi1024v1.txt │ └── winapi_contexts.csv ├── db_builder │ ├── DatabaseBuilder.py │ ├── DllBaseChecker │ │ ├── DllBaseChecker.c │ │ ├── DllBaseChecker32.exe │ │ └── DllBaseChecker64.exe │ ├── PEFILE_LICENSE │ ├── ThreadedCommand.py │ ├── config.py │ ├── ordlookup │ │ ├── __init__.py │ │ ├── oleaut32.py │ │ └── ws2_32.py │ ├── pefile.py │ └── peutils.py └── utility.py ├── collect.py ├── dbs ├── collection_example.csv ├── win7_prof-n_sp1_example.json └── winxp_prof_sp3_example.json ├── export.py ├── ida_scout.py ├── match.py ├── requirements.txt ├── scout.py ├── setup.py ├── template.config.py ├── tests ├── __init__.py ├── context.py ├── example_dump.bin ├── minimal_db.json ├── testImportTableLoader.py ├── testScout.py └── testVector.py └── update.py /.coveragerc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielplohmann/apiscout/HEAD/.coveragerc -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielplohmann/apiscout/HEAD/.gitignore -------------------------------------------------------------------------------- /GhidraScout.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielplohmann/apiscout/HEAD/GhidraScout.java -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielplohmann/apiscout/HEAD/LICENSE -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielplohmann/apiscout/HEAD/Makefile -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielplohmann/apiscout/HEAD/README.md -------------------------------------------------------------------------------- /apiscout/ApiQR.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielplohmann/apiscout/HEAD/apiscout/ApiQR.py -------------------------------------------------------------------------------- /apiscout/ApiQRContext.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielplohmann/apiscout/HEAD/apiscout/ApiQRContext.py -------------------------------------------------------------------------------- /apiscout/ApiScout.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielplohmann/apiscout/HEAD/apiscout/ApiScout.py -------------------------------------------------------------------------------- /apiscout/ApiVector.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielplohmann/apiscout/HEAD/apiscout/ApiVector.py -------------------------------------------------------------------------------- /apiscout/FingerprintCrawler.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielplohmann/apiscout/HEAD/apiscout/FingerprintCrawler.py -------------------------------------------------------------------------------- /apiscout/IdaForm.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielplohmann/apiscout/HEAD/apiscout/IdaForm.py -------------------------------------------------------------------------------- /apiscout/IdaProxy.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielplohmann/apiscout/HEAD/apiscout/IdaProxy.py -------------------------------------------------------------------------------- /apiscout/IdaTools.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielplohmann/apiscout/HEAD/apiscout/IdaTools.py -------------------------------------------------------------------------------- /apiscout/ImportTableLoader.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielplohmann/apiscout/HEAD/apiscout/ImportTableLoader.py -------------------------------------------------------------------------------- /apiscout/OrdinalHelper.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielplohmann/apiscout/HEAD/apiscout/OrdinalHelper.py -------------------------------------------------------------------------------- /apiscout/PeTools.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielplohmann/apiscout/HEAD/apiscout/PeTools.py -------------------------------------------------------------------------------- /apiscout/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /apiscout/data/html_frame.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielplohmann/apiscout/HEAD/apiscout/data/html_frame.html -------------------------------------------------------------------------------- /apiscout/data/winapi1024v1.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielplohmann/apiscout/HEAD/apiscout/data/winapi1024v1.txt -------------------------------------------------------------------------------- /apiscout/data/winapi_contexts.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielplohmann/apiscout/HEAD/apiscout/data/winapi_contexts.csv -------------------------------------------------------------------------------- /apiscout/db_builder/DatabaseBuilder.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielplohmann/apiscout/HEAD/apiscout/db_builder/DatabaseBuilder.py -------------------------------------------------------------------------------- /apiscout/db_builder/DllBaseChecker/DllBaseChecker.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielplohmann/apiscout/HEAD/apiscout/db_builder/DllBaseChecker/DllBaseChecker.c -------------------------------------------------------------------------------- /apiscout/db_builder/DllBaseChecker/DllBaseChecker32.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielplohmann/apiscout/HEAD/apiscout/db_builder/DllBaseChecker/DllBaseChecker32.exe -------------------------------------------------------------------------------- /apiscout/db_builder/DllBaseChecker/DllBaseChecker64.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielplohmann/apiscout/HEAD/apiscout/db_builder/DllBaseChecker/DllBaseChecker64.exe -------------------------------------------------------------------------------- /apiscout/db_builder/PEFILE_LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielplohmann/apiscout/HEAD/apiscout/db_builder/PEFILE_LICENSE -------------------------------------------------------------------------------- /apiscout/db_builder/ThreadedCommand.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielplohmann/apiscout/HEAD/apiscout/db_builder/ThreadedCommand.py -------------------------------------------------------------------------------- /apiscout/db_builder/config.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielplohmann/apiscout/HEAD/apiscout/db_builder/config.py -------------------------------------------------------------------------------- /apiscout/db_builder/ordlookup/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielplohmann/apiscout/HEAD/apiscout/db_builder/ordlookup/__init__.py -------------------------------------------------------------------------------- /apiscout/db_builder/ordlookup/oleaut32.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielplohmann/apiscout/HEAD/apiscout/db_builder/ordlookup/oleaut32.py -------------------------------------------------------------------------------- /apiscout/db_builder/ordlookup/ws2_32.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielplohmann/apiscout/HEAD/apiscout/db_builder/ordlookup/ws2_32.py -------------------------------------------------------------------------------- /apiscout/db_builder/pefile.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielplohmann/apiscout/HEAD/apiscout/db_builder/pefile.py -------------------------------------------------------------------------------- /apiscout/db_builder/peutils.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielplohmann/apiscout/HEAD/apiscout/db_builder/peutils.py -------------------------------------------------------------------------------- /apiscout/utility.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielplohmann/apiscout/HEAD/apiscout/utility.py -------------------------------------------------------------------------------- /collect.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielplohmann/apiscout/HEAD/collect.py -------------------------------------------------------------------------------- /dbs/collection_example.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielplohmann/apiscout/HEAD/dbs/collection_example.csv -------------------------------------------------------------------------------- /dbs/win7_prof-n_sp1_example.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielplohmann/apiscout/HEAD/dbs/win7_prof-n_sp1_example.json -------------------------------------------------------------------------------- /dbs/winxp_prof_sp3_example.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielplohmann/apiscout/HEAD/dbs/winxp_prof_sp3_example.json -------------------------------------------------------------------------------- /export.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielplohmann/apiscout/HEAD/export.py -------------------------------------------------------------------------------- /ida_scout.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielplohmann/apiscout/HEAD/ida_scout.py -------------------------------------------------------------------------------- /match.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielplohmann/apiscout/HEAD/match.py -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- 1 | nose 2 | Pillow 3 | numpy 4 | requests 5 | lief -------------------------------------------------------------------------------- /scout.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielplohmann/apiscout/HEAD/scout.py -------------------------------------------------------------------------------- /setup.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielplohmann/apiscout/HEAD/setup.py -------------------------------------------------------------------------------- /template.config.py: -------------------------------------------------------------------------------- 1 | # set your Malpedia API token here 2 | APITOKEN = "" 3 | -------------------------------------------------------------------------------- /tests/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tests/context.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielplohmann/apiscout/HEAD/tests/context.py -------------------------------------------------------------------------------- /tests/example_dump.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielplohmann/apiscout/HEAD/tests/example_dump.bin -------------------------------------------------------------------------------- /tests/minimal_db.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielplohmann/apiscout/HEAD/tests/minimal_db.json -------------------------------------------------------------------------------- /tests/testImportTableLoader.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielplohmann/apiscout/HEAD/tests/testImportTableLoader.py -------------------------------------------------------------------------------- /tests/testScout.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielplohmann/apiscout/HEAD/tests/testScout.py -------------------------------------------------------------------------------- /tests/testVector.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielplohmann/apiscout/HEAD/tests/testVector.py -------------------------------------------------------------------------------- /update.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danielplohmann/apiscout/HEAD/update.py --------------------------------------------------------------------------------