diff --git a/.github/ISSUE_TEMPLATE/new_python_tool_pip.yml b/.github/ISSUE_TEMPLATE/new_python_tool_pip.yml new file mode 100644 index 00000000..3b464f6c --- /dev/null +++ b/.github/ISSUE_TEMPLATE/new_python_tool_pip.yml @@ -0,0 +1,128 @@ +name: 🆕 NEW PIP PACKAGE +description: Propose the addition of a new Python package/tool that is installed with pip +title: "pip package proposal: .vm" +labels: [":new: package"] +body: + - type: markdown + attributes: + value: | + Thanks for contributing to [VM-Packages](https://github.com/mandiant/VM-Packages), your package proposal supports tools available for [FLARE-VM](https://github.com/mandiant/flare-vm) and [CommandoVM](https://github.com/mandiant/commando-vm)! :cupid: Please ensure that your suggested tool doesn't already exist within the set of [current packages](https://github.com/mandiant/VM-Packages/tree/main/packages) and that there is no [issue](https://github.com/mandiant/VM-Packages/issues?q=is%3Aopen+is%3Aissue+label%3A%22%3Anew%3A+package%22) proposal already. If the tool is not related malware analysis, incident response, penetration testing and other security related tasking, consider using directly the [Chocolatey community package](https://community.chocolatey.org/packages) if there is one for the tool. + - type: input + id: pkg_name + attributes: + label: Package Name + description: | + The convention is to use lowercase names with the following format: `toolname` or `tool-name` and without `.vm` appended. Example: `autoit-ripper`. **Please add this name to the issue title as well** (keep the `.vm` in the title). + placeholder: ex. autoit-ripper + validations: + required: true + - type: input + id: tool_name + attributes: + label: Tool Name + description: | + The name of the tool being installed with `py -3.10 -m pip install `, Example: `autoit-ripper`. + placeholder: ex. autoit-ripper + validations: + required: true + - type: dropdown + id: type + validations: + required: true + attributes: + label: Package type + description: | + - **`PIP`** - A Python tool installed with `py -3.10 -m pip install `. Example: `py -3.10 -m pip install magika==0.5.0` + + For other types of tools, use a different issue template. + options: + - PIP + - type: input + id: version + attributes: + label: Version + description: | + Tool's version number. Example: `1.4.11`. See the [_Version_ documentation in our wiki](https://github.com/mandiant/VM-Packages/wiki/Package-Structure#version) for more details. + placeholder: ex. 1.4.11 + validations: + required: true + - type: dropdown + id: category + validations: + required: true + attributes: + label: Category + description: Which category should this tool be installed to? + options: + - Command & Control + - Credential Access + - Debuggers + - Delphi + - Disassemblers + - dotNet + - Documents + - Exploitation + - File Information + - Forensic + - Hex Editors + - InnoSetup + - Java & Android + - Javascript + - Lateral Movement + - Memory + - Networking + - Packers + - Payload Development + - PE + - Persistence + - Privilege Escalation + - Productivity Tools + - Python + - Reconnaissance + - Registry + - Shellcode + - Utilities + - Visual Basic + - Web Application + - Wordlists + - type: input + id: authors + attributes: + label: Tool's authors + description: | + Comma separated list of the tool's authors. Example: `Elmo, Bert, Grover, Cookie Monster`. + placeholder: ex. Elmo, Bert, Grover, Cookie Monster + validations: + required: true + - type: input + id: description + validations: + required: true + attributes: + label: Tool's description + description: | + The tool description should be short and not include version specific details or other information that is likely to change in a future version. Example: `FakeNet-NG is a dynamic network analysis tool.` + - type: input + id: dependencies + attributes: + label: Dependencies + description: | + The dependencies (tools/libraries that need to be installed) needed for installing or using this tool. Do not include Python3, as it is already included by default. + placeholder: ex. openjdk.vm, vcredist140, nodejs >= 5 + - type: textarea + id: why + attributes: + label: Why is this tool a good addition? + description: Tell us why you would like to have this package in FLARE-VM/CommandoVM and how this tool is useful for malware analysis, incident response, penetration testing and other security related tasking. Adding new packages involves more maintenance work, tell us what is unique about this tool that can not be done with the current toolset. + validations: + required: true + - type: textarea + id: info + attributes: + label: Extra information + description: Tell us any other extra information that may be useful to create the package, such us how is the tool installed if it is not done in a standard way (if you selected type `OTHER/UNKNOWN`.). + - type: markdown + attributes: + value: | + --- + We really appreciate that you share your package idea with us and we will review your issue as soon as possible. Please understand that our time is limited and we may not be able to create a package for this tool as fast as you may like. To speed up the process, please select the correct issue template and fill the issue accurately as this may allow our bot to send an automatic PR. Note that this may not work for all cases. You can check our [Contributing Wiki page](https://github.com/mandiant/VM-Packages/wiki/Contributing) and send a pull request with the new package. We encourage the community to help us create new packages and to maintain existing ones. Join us! :hugs: diff --git a/scripts/utils/create_package_template.py b/scripts/utils/create_package_template.py index 1dbeb2af..d5e3941b 100755 --- a/scripts/utils/create_package_template.py +++ b/scripts/utils/create_package_template.py @@ -65,6 +65,21 @@ def package_version(dependency_version): """ +NUSPEC_TEMPLATE_PIP = r""" + + + {pkg_name}.vm + {version} + {authors} + {description} + + + + + + +""" + """ Needs the following format strings: pkg_name="...", version="...", authors="...", description="...", dependency="...", dependency_version="..." @@ -178,6 +193,22 @@ def package_version(dependency_version): Needs the following format strings: tool_name="...", category="..." """ + +PIP_TEMPLATE = r"""$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = '{tool_name}' +$category = '{category}' +$version = '=={version}' + +VM-Install-With-Pip -toolName $toolName -category $category -version $version +""" + +""" +Needs the following format strings: + tool_name="...", category="..." +""" + GENERIC_UNINSTALL_TEMPLATE = r"""$ErrorActionPreference = 'Continue' Import-Module vm.common -Force -DisableNameChecking @@ -211,6 +242,15 @@ def package_version(dependency_version): VM-Uninstall-IDA-Plugin -pluginName $pluginName """ +PIP_UNINSTALL_TEMPLATE = r"""$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = '{tool_name}' +$category = '{category}' + +VM-Uninstall-With-Pip $toolName $category +""" + def create_zip_exe_template(packages_path, **kwargs): @@ -305,7 +345,20 @@ def create_ida_plugin_template(packages_path, **kwargs): target_url=kwargs.get("target_url"), target_hash=kwargs.get("target_hash"), ) - + +def create_pip_template(packages_path, **kwargs): + create_template( + PIP_TEMPLATE, + nuspec_template=NUSPEC_TEMPLATE_PIP, + uninstall_template=PIP_UNINSTALL_TEMPLATE, + packages_path=packages_path, + pkg_name=kwargs.get("pkg_name"), + version=kwargs.get("version"), + authors=kwargs.get("authors"), + description=kwargs.get("description"), + tool_name=kwargs.get("tool_name"), + category=kwargs.get("category"), + ) def create_template( template="", @@ -353,6 +406,7 @@ def create_template( f.write( template.format( tool_name=tool_name, + version=version, category=category, target_url=target_url, target_hash=target_hash, @@ -464,6 +518,19 @@ def get_script_directory(): "shim_path", ], }, + "PIP": { + "cb": create_pip_template, + "doc": "A Python package installed with pip", + "example": "py3 -m pip install magika==0.5.0", + "arguments": [ + "pkg_name", + "version", + "authors", + "description", + "tool_name", + "category", + ], + }, }