Project Url: Xenios91/InsecureFunctionFinder
Introduction: A Ghidra plugin to automatically find known insecure functions and will create a bookmark to quickly traverse to that location for review.
- Author: Corey Hartman
- Language: Java 17 (should be compatible with Java 8+, as no features I believe above 8 were utilized)
- Description: A Ghidra plugin to automatically find known insecure functions and will create a bookmark to quickly traverse to that location for review.
- Currently works for the following functions: atoi, atol, atoll, exec, gets, memcpy, printf, sprintf, strcat, strcpy, strlen, strncpy, system, vsprintf
- Requires Ghidra
- Just place this script in your Ghidra plugins folder, which can be created by selecting "Manage Script Directories" in Ghidras Script Manager.
- Note: This was tested on Ghidra 10.4.1, older versions may not work as intended.
- Perform analysis with Ghidra.
- Open Ghidra's Script Manager.
- Double Click InsecureFunctionFinder.java
- Open Bookmarks to review discovered insecure functions.