├── .github ├── CONTRIBUTING.md ├── dependabot.yml ├── mypy │ └── mypy.ini ├── pyinstaller │ ├── floss.spec │ └── hooks │ │ └── hook-vivisect.py └── workflows │ ├── build.yml │ ├── publish.yml │ └── tests.yml ├── .gitignore ├── .gitmodules ├── .pre-commit-config.yaml ├── LICENSE.txt ├── MANIFEST.in ├── README.md ├── doc ├── installation.md ├── language_specific_strings.md ├── test.md ├── theory.md └── usage.md ├── floss ├── __init__.py ├── __main__.py ├── api_hooks.py ├── const.py ├── decoding_manager.py ├── features │ ├── __init__.py │ ├── extract.py │ └── features.py ├── function_argument_getter.py ├── identify.py ├── language │ ├── __init__.py │ ├── go │ │ ├── __init__.py │ │ ├── coverage.py │ │ └── extract.py │ ├── identify.py │ ├── rust │ │ ├── __init__.py │ │ ├── coverage.py │ │ ├── extract.py │ │ └── rust_version_database.py │ └── utils.py ├── logging_.py ├── main.py ├── render │ ├── __init__.py │ ├── default.py │ ├── json.py │ └── sanitize.py ├── results.py ├── sigs │ ├── 1_flare_msvc_rtf_32_64.sig │ ├── 2_flare_msvc_atlmfc_32_64.sig │ ├── 3_flare_common_libs.sig │ └── README.md ├── stackstrings.py ├── string_decoder.py ├── strings.py ├── tightstrings.py ├── utils.py └── version.py ├── pyproject.toml ├── requirements.txt ├── resources ├── floss-icon.png ├── floss-logo.png ├── floss.ico └── icon.xcf ├── scripts ├── README.md ├── extract_rust_hashes.py ├── idaplugin.py ├── render-binja-import-script.py ├── render-ghidra-import-script.py ├── render-ida-import-script.py ├── render-r2-import-script.py └── render-x64dbg-database.py └── tests ├── conftest.py ├── fixtures.py ├── test_buf_filled_with.py ├── test_cli_args.py ├── test_language_extract_go.py ├── test_language_extract_rust.py ├── test_language_go_coverage.py ├── test_language_go_known_binary.py ├── test_language_id.py ├── test_language_rust_coverage.py ├── test_language_rust_known_binary.py ├── test_load.py ├── test_main.py ├── test_memdiff.py ├── test_render.py └── test_scripts.py /.github/CONTRIBUTING.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-floss/HEAD/.github/CONTRIBUTING.md -------------------------------------------------------------------------------- /.github/dependabot.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-floss/HEAD/.github/dependabot.yml -------------------------------------------------------------------------------- /.github/mypy/mypy.ini: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-floss/HEAD/.github/mypy/mypy.ini -------------------------------------------------------------------------------- /.github/pyinstaller/floss.spec: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-floss/HEAD/.github/pyinstaller/floss.spec -------------------------------------------------------------------------------- /.github/pyinstaller/hooks/hook-vivisect.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-floss/HEAD/.github/pyinstaller/hooks/hook-vivisect.py -------------------------------------------------------------------------------- /.github/workflows/build.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-floss/HEAD/.github/workflows/build.yml -------------------------------------------------------------------------------- /.github/workflows/publish.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-floss/HEAD/.github/workflows/publish.yml -------------------------------------------------------------------------------- /.github/workflows/tests.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-floss/HEAD/.github/workflows/tests.yml -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-floss/HEAD/.gitignore -------------------------------------------------------------------------------- /.gitmodules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-floss/HEAD/.gitmodules -------------------------------------------------------------------------------- /.pre-commit-config.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-floss/HEAD/.pre-commit-config.yaml -------------------------------------------------------------------------------- /LICENSE.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-floss/HEAD/LICENSE.txt -------------------------------------------------------------------------------- /MANIFEST.in: -------------------------------------------------------------------------------- 1 | include LICENSE.txt 2 | graft floss/sigs 3 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-floss/HEAD/README.md -------------------------------------------------------------------------------- /doc/installation.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-floss/HEAD/doc/installation.md -------------------------------------------------------------------------------- /doc/language_specific_strings.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-floss/HEAD/doc/language_specific_strings.md -------------------------------------------------------------------------------- /doc/test.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-floss/HEAD/doc/test.md -------------------------------------------------------------------------------- /doc/theory.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-floss/HEAD/doc/theory.md -------------------------------------------------------------------------------- /doc/usage.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-floss/HEAD/doc/usage.md -------------------------------------------------------------------------------- /floss/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /floss/__main__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-floss/HEAD/floss/__main__.py -------------------------------------------------------------------------------- /floss/api_hooks.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-floss/HEAD/floss/api_hooks.py -------------------------------------------------------------------------------- /floss/const.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-floss/HEAD/floss/const.py -------------------------------------------------------------------------------- /floss/decoding_manager.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-floss/HEAD/floss/decoding_manager.py -------------------------------------------------------------------------------- /floss/features/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /floss/features/extract.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-floss/HEAD/floss/features/extract.py -------------------------------------------------------------------------------- /floss/features/features.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-floss/HEAD/floss/features/features.py -------------------------------------------------------------------------------- /floss/function_argument_getter.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-floss/HEAD/floss/function_argument_getter.py -------------------------------------------------------------------------------- /floss/identify.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-floss/HEAD/floss/identify.py -------------------------------------------------------------------------------- /floss/language/__init__.py: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /floss/language/go/__init__.py: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /floss/language/go/coverage.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-floss/HEAD/floss/language/go/coverage.py -------------------------------------------------------------------------------- /floss/language/go/extract.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-floss/HEAD/floss/language/go/extract.py -------------------------------------------------------------------------------- /floss/language/identify.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-floss/HEAD/floss/language/identify.py -------------------------------------------------------------------------------- /floss/language/rust/__init__.py: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /floss/language/rust/coverage.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-floss/HEAD/floss/language/rust/coverage.py -------------------------------------------------------------------------------- /floss/language/rust/extract.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-floss/HEAD/floss/language/rust/extract.py -------------------------------------------------------------------------------- /floss/language/rust/rust_version_database.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-floss/HEAD/floss/language/rust/rust_version_database.py -------------------------------------------------------------------------------- /floss/language/utils.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-floss/HEAD/floss/language/utils.py -------------------------------------------------------------------------------- /floss/logging_.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-floss/HEAD/floss/logging_.py -------------------------------------------------------------------------------- /floss/main.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-floss/HEAD/floss/main.py -------------------------------------------------------------------------------- /floss/render/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-floss/HEAD/floss/render/__init__.py -------------------------------------------------------------------------------- /floss/render/default.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-floss/HEAD/floss/render/default.py -------------------------------------------------------------------------------- /floss/render/json.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-floss/HEAD/floss/render/json.py -------------------------------------------------------------------------------- /floss/render/sanitize.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-floss/HEAD/floss/render/sanitize.py -------------------------------------------------------------------------------- /floss/results.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-floss/HEAD/floss/results.py -------------------------------------------------------------------------------- /floss/sigs/1_flare_msvc_rtf_32_64.sig: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-floss/HEAD/floss/sigs/1_flare_msvc_rtf_32_64.sig -------------------------------------------------------------------------------- /floss/sigs/2_flare_msvc_atlmfc_32_64.sig: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-floss/HEAD/floss/sigs/2_flare_msvc_atlmfc_32_64.sig -------------------------------------------------------------------------------- /floss/sigs/3_flare_common_libs.sig: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-floss/HEAD/floss/sigs/3_flare_common_libs.sig -------------------------------------------------------------------------------- /floss/sigs/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-floss/HEAD/floss/sigs/README.md -------------------------------------------------------------------------------- /floss/stackstrings.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-floss/HEAD/floss/stackstrings.py -------------------------------------------------------------------------------- /floss/string_decoder.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-floss/HEAD/floss/string_decoder.py -------------------------------------------------------------------------------- /floss/strings.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-floss/HEAD/floss/strings.py -------------------------------------------------------------------------------- /floss/tightstrings.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-floss/HEAD/floss/tightstrings.py -------------------------------------------------------------------------------- /floss/utils.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-floss/HEAD/floss/utils.py -------------------------------------------------------------------------------- /floss/version.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-floss/HEAD/floss/version.py -------------------------------------------------------------------------------- /pyproject.toml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-floss/HEAD/pyproject.toml -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-floss/HEAD/requirements.txt -------------------------------------------------------------------------------- /resources/floss-icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-floss/HEAD/resources/floss-icon.png -------------------------------------------------------------------------------- /resources/floss-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-floss/HEAD/resources/floss-logo.png -------------------------------------------------------------------------------- /resources/floss.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-floss/HEAD/resources/floss.ico -------------------------------------------------------------------------------- /resources/icon.xcf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-floss/HEAD/resources/icon.xcf -------------------------------------------------------------------------------- /scripts/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-floss/HEAD/scripts/README.md -------------------------------------------------------------------------------- /scripts/extract_rust_hashes.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-floss/HEAD/scripts/extract_rust_hashes.py -------------------------------------------------------------------------------- /scripts/idaplugin.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-floss/HEAD/scripts/idaplugin.py -------------------------------------------------------------------------------- /scripts/render-binja-import-script.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-floss/HEAD/scripts/render-binja-import-script.py -------------------------------------------------------------------------------- /scripts/render-ghidra-import-script.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-floss/HEAD/scripts/render-ghidra-import-script.py -------------------------------------------------------------------------------- /scripts/render-ida-import-script.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-floss/HEAD/scripts/render-ida-import-script.py -------------------------------------------------------------------------------- /scripts/render-r2-import-script.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-floss/HEAD/scripts/render-r2-import-script.py -------------------------------------------------------------------------------- /scripts/render-x64dbg-database.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-floss/HEAD/scripts/render-x64dbg-database.py -------------------------------------------------------------------------------- /tests/conftest.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-floss/HEAD/tests/conftest.py -------------------------------------------------------------------------------- /tests/fixtures.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-floss/HEAD/tests/fixtures.py -------------------------------------------------------------------------------- /tests/test_buf_filled_with.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-floss/HEAD/tests/test_buf_filled_with.py -------------------------------------------------------------------------------- /tests/test_cli_args.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-floss/HEAD/tests/test_cli_args.py -------------------------------------------------------------------------------- /tests/test_language_extract_go.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-floss/HEAD/tests/test_language_extract_go.py -------------------------------------------------------------------------------- /tests/test_language_extract_rust.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-floss/HEAD/tests/test_language_extract_rust.py -------------------------------------------------------------------------------- /tests/test_language_go_coverage.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-floss/HEAD/tests/test_language_go_coverage.py -------------------------------------------------------------------------------- /tests/test_language_go_known_binary.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-floss/HEAD/tests/test_language_go_known_binary.py -------------------------------------------------------------------------------- /tests/test_language_id.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-floss/HEAD/tests/test_language_id.py -------------------------------------------------------------------------------- /tests/test_language_rust_coverage.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-floss/HEAD/tests/test_language_rust_coverage.py -------------------------------------------------------------------------------- /tests/test_language_rust_known_binary.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-floss/HEAD/tests/test_language_rust_known_binary.py -------------------------------------------------------------------------------- /tests/test_load.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-floss/HEAD/tests/test_load.py -------------------------------------------------------------------------------- /tests/test_main.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-floss/HEAD/tests/test_main.py -------------------------------------------------------------------------------- /tests/test_memdiff.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-floss/HEAD/tests/test_memdiff.py -------------------------------------------------------------------------------- /tests/test_render.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-floss/HEAD/tests/test_render.py -------------------------------------------------------------------------------- /tests/test_scripts.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mandiant/flare-floss/HEAD/tests/test_scripts.py --------------------------------------------------------------------------------