diff --git a/.github/ISSUE_TEMPLATE/new_pip_package.yml b/.github/ISSUE_TEMPLATE/new_pip_package.yml index 78e85bccf..6f7a4edea 100644 --- a/.github/ISSUE_TEMPLATE/new_pip_package.yml +++ b/.github/ISSUE_TEMPLATE/new_pip_package.yml @@ -21,7 +21,7 @@ body: attributes: label: Tool Name description: | - The name of the tool being installed with `py -3.10 -m pip install `, Example: `autoit-ripper`. + The name of the tool being installed with `py -3.13 -m pip install `, Example: `autoit-ripper`. placeholder: ex. autoit-ripper validations: required: true @@ -32,7 +32,7 @@ body: attributes: label: Package type description: | - - **`PIP`** - A Python tool installed with `py -3.10 -m pip install `. Example: `py -3.10 -m pip install magika==0.5.0` + - **`PIP`** - A Python tool installed with `py -3.13 -m pip install `. Example: `py -3.13 -m pip install magika==0.5.0` For other types of tools, use a different issue template. options: diff --git a/packages/common.vm/common.vm.nuspec b/packages/common.vm/common.vm.nuspec index d901a5524..0a74b55e7 100755 --- a/packages/common.vm/common.vm.nuspec +++ b/packages/common.vm/common.vm.nuspec @@ -2,7 +2,7 @@ common.vm - 0.0.0.20251208 + 0.0.0.20251215 Common libraries for VM-packages Mandiant diff --git a/packages/common.vm/tools/vm.common/vm.common.psm1 b/packages/common.vm/tools/vm.common/vm.common.psm1 index 5ba01c3ba..d164c1491 100755 --- a/packages/common.vm/tools/vm.common/vm.common.psm1 +++ b/packages/common.vm/tools/vm.common/vm.common.psm1 @@ -1885,7 +1885,7 @@ function VM-Pip-Install { ForEach ($library in $libraries.Split(",")) { # Ignore warning with `-W ignore` to avoid warnings like deprecation to fail the installation - Invoke-Expression "py -3.10 -W ignore -m pip install $library --disable-pip-version-check 2>&1 >> $outputFile" + Invoke-Expression "py -3.13 -W ignore -m pip install $library --disable-pip-version-check 2>&1 >> $outputFile" } } catch { VM-Write-Log-Exception $_ @@ -1922,7 +1922,7 @@ function VM-Pip-Uninstall { param ( [string]$package ) - Invoke-Expression "py -3.10 -m pip uninstall $package -y --disable-pip-version-check 2>&1" + Invoke-Expression "py -3.13 -m pip uninstall $package -y --disable-pip-version-check 2>&1" } # Uninstall tool using Pip and remove shortcut in the Tools directory diff --git a/packages/libraries.python3.vm/libraries.python3.vm.nuspec b/packages/libraries.python3.vm/libraries.python3.vm.nuspec index b3538a10b..7b09a357b 100644 --- a/packages/libraries.python3.vm/libraries.python3.vm.nuspec +++ b/packages/libraries.python3.vm/libraries.python3.vm.nuspec @@ -2,13 +2,13 @@ libraries.python3.vm - 0.0.0.20251004 + 0.0.0.20251215 Python 3 libraries useful for common reverse engineering tasks. Several, check in pypi.org for every of the libraries - + - + Python diff --git a/packages/libraries.python3.vm/tools/chocolateyinstall.ps1 b/packages/libraries.python3.vm/tools/chocolateyinstall.ps1 index 137060e5c..aff78c177 100644 --- a/packages/libraries.python3.vm/tools/chocolateyinstall.ps1 +++ b/packages/libraries.python3.vm/tools/chocolateyinstall.ps1 @@ -21,21 +21,47 @@ try { VM-Pip-Install $installValue if ($LastExitCode -eq 0) { - Write-Host "`t[+] Installed Python 3.10 module: $($module.name)" -ForegroundColor Green + Write-Host "`t[+] Installed Python 3.13 module: $($module.name)" -ForegroundColor Green } else { - Write-Host "`t[!] Failed to install Python 3.10 module: $($module.name)" -ForegroundColor Red + Write-Host "`t[!] Failed to install Python 3.13 module: $($module.name)" -ForegroundColor Red $failures += $module.Name } } if ($failures.Count -gt 0) { foreach ($module in $failures) { - VM-Write-Log "ERROR" "Failed to install Python 3.10 module: $module" + VM-Write-Log "ERROR" "Failed to install Python 3.13 module: $module" } $outputFile = $outputFile.replace('lib\', 'lib-bad\') VM-Write-Log "ERROR" "Check $outputFile for more information" exit 1 } + + # Add Monkey Patch to `pyreadline3` for Python 3.13 compatibility + $sitePackages = python -c "import site; print(site.getsitepackages()[1])" + $potentialPath = Join-Path $sitePackages "readline.py" + if (Test-Path $potentialPath) { + $targetFile = $potentialPath + } else { + # Fallback, just in case. + try { + $targetFile = & $(Get-Command python).Source -c "import sys; sys.path.append(r'C:\Python313\Lib\site-packages'); import readline; print(readline.__file__)" + } catch { + $targetFile = $null + } + } + if ($targetFile -and (Test-Path $targetFile)) { + $content = Get-Content $targetFile -Raw + if ($content -match "backend = 'pyreadline'") { + Write-Host "Already patched!" -ForegroundColor Yellow + } else { + Add-Content -Path $targetFile -Value "`n# Patch for Python 3.13`nbackend = 'pyreadline'" + Write-Host "Patch applied to: $targetFile" -ForegroundColor Green + } + } else { + Write-Host "Could not locate readline file." -ForegroundColor Red + } + # Avoid WARNINGs to fail the package install exit 0 } catch { diff --git a/packages/libraries.python3.vm/tools/modules.xml b/packages/libraries.python3.vm/tools/modules.xml index 5216c7eaf..56642805f 100644 --- a/packages/libraries.python3.vm/tools/modules.xml +++ b/packages/libraries.python3.vm/tools/modules.xml @@ -3,11 +3,12 @@ - + + @@ -26,15 +27,10 @@ - - - - - Python 3. Mandiant - + - + Python diff --git a/packages/stringsifter.vm/stringsifter.vm.nuspec b/packages/stringsifter.vm/stringsifter.vm.nuspec new file mode 100644 index 000000000..88fe614a1 --- /dev/null +++ b/packages/stringsifter.vm/stringsifter.vm.nuspec @@ -0,0 +1,16 @@ + + + + stringsifter.vm + 3.0.0.20230711 + Philip Tully (FDS), Matthew Haigh (FLARE), Jay Gibble (FLARE), and Michael Sikorski (FLARE) + StringSifter is a machine learning tool that automatically ranks strings based on their relevance for malware analysis. + + + + + + File Information + https://github.com/mandiant/stringsifter + + diff --git a/packages/stringsifter.vm/tools/chocolateyinstall.ps1 b/packages/stringsifter.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..36ad8903a --- /dev/null +++ b/packages/stringsifter.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,12 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'stringsifter' +$category = VM-Get-Category($MyInvocation.MyCommand.Definition) + +# Create output file to log python module installation details +$outputFile = VM-New-Install-Log ${Env:VM_COMMON_DIR} +Invoke-Expression "py -3.11 -W ignore -m pip install $toolName --disable-pip-version-check 2>&1 >> $outputFile" + +$cmdPath = (Get-Command cmd.exe).Source +VM-Install-Shortcut -toolName $toolName -category $category -executablePath "flarestrings" -consoleApp $true -iconLocation $cmdPath diff --git a/packages/stringsifter.vm/tools/chocolateyuninstall.ps1 b/packages/stringsifter.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..5fed619e4 --- /dev/null +++ b/packages/stringsifter.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,8 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'stringsifter' +$category = VM-Get-Category($MyInvocation.MyCommand.Definition) + +Invoke-Expression "py -3.11 -m pip uninstall $toolName -y --disable-pip-version-check 2>&1" +VM-Remove-Tool-Shortcut $toolName $category diff --git a/packages/uncompyle6.vm/tools/chocolateyuninstall.ps1 b/packages/uncompyle6.vm/tools/chocolateyuninstall.ps1 index 940aa1a90..9c83d2d48 100644 --- a/packages/uncompyle6.vm/tools/chocolateyuninstall.ps1 +++ b/packages/uncompyle6.vm/tools/chocolateyuninstall.ps1 @@ -4,4 +4,5 @@ Import-Module vm.common -Force -DisableNameChecking $toolName = 'uncompyle6' $category = VM-Get-Category($MyInvocation.MyCommand.Definition) -VM-Uninstall-With-Pip $toolName $category +VM-Remove-Tool-Shortcut $toolName $category +Invoke-Expression "py.exe -3.13 -m pip uninstall $toolName -y --disable-pip-version-check 2>&1" diff --git a/packages/uncompyle6.vm/uncompyle6.vm.nuspec b/packages/uncompyle6.vm/uncompyle6.vm.nuspec index 0b98f8ef4..cd93ec1bb 100644 --- a/packages/uncompyle6.vm/uncompyle6.vm.nuspec +++ b/packages/uncompyle6.vm/uncompyle6.vm.nuspec @@ -2,12 +2,12 @@ uncompyle6.vm - 3.9.2.20250716 + 3.9.2.20251215 rocky uncompyle6 is a decompiler for Python 1.0-3.8. - - + + Python https://github.com/rocky/python-uncompyle6 diff --git a/packages/unpy2exe.vm/tools/chocolateyinstall.ps1 b/packages/unpy2exe.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..69c23a74e --- /dev/null +++ b/packages/unpy2exe.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,12 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'unpy2exe' +$category = VM-Get-Category($MyInvocation.MyCommand.Definition) + +# Create output file to log python module installation details +$outputFile = VM-New-Install-Log ${Env:VM_COMMON_DIR} +Invoke-Expression "py -3.11 -W ignore -m pip install $toolName --disable-pip-version-check 2>&1 >> $outputFile" + +$pyPath = (Get-Command py).Source +VM-Install-Shortcut -toolName $toolName -category $category -executablePath $pyPath -consoleApp $true -arguments "-3.11 -m unpy2exe" diff --git a/packages/unpy2exe.vm/tools/chocolateyuninstall.ps1 b/packages/unpy2exe.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..c51e82937 --- /dev/null +++ b/packages/unpy2exe.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,8 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'unpy2exe' +$category = VM-Get-Category($MyInvocation.MyCommand.Definition) + +Invoke-Expression "py -3.11 -m pip uninstall $toolName -y --disable-pip-version-check 2>&1" +VM-Remove-Tool-Shortcut $toolName $category diff --git a/packages/unpy2exe.vm/unpy2exe.vm.nuspec b/packages/unpy2exe.vm/unpy2exe.vm.nuspec new file mode 100644 index 000000000..de2d42705 --- /dev/null +++ b/packages/unpy2exe.vm/unpy2exe.vm.nuspec @@ -0,0 +1,16 @@ + + + + unpy2exe.vm + 0.0.0.20251215 + Matias Bordese + unpy2exe extracts .pyc files from executables created with py2exe. + + + + + + Python + https://github.com/matiasb/unpy2exe + + diff --git a/packages/unpyc3.vm/tools/chocolateyinstall.ps1 b/packages/unpyc3.vm/tools/chocolateyinstall.ps1 index 51ec57391..6c9889a1f 100644 --- a/packages/unpyc3.vm/tools/chocolateyinstall.ps1 +++ b/packages/unpyc3.vm/tools/chocolateyinstall.ps1 @@ -7,4 +7,4 @@ $category = VM-Get-Category($MyInvocation.MyCommand.Definition) VM-Pip-Install "https://github.com/greyblue9/unpyc37-3.10/archive/c1486ce3cf5b8fdfb5065e9c81a73a61481ed9ff.zip" $pyPath = (Get-Command py).Source -VM-Install-Shortcut -toolName $toolName -category $category -executablePath $pyPath -consoleApp $true -arguments "-3.10 -m unpyc.unpyc3" +VM-Install-Shortcut $toolName $category $pyPath -consoleApp $true -arguments "-3.13 -m unpyc.unpyc3" diff --git a/packages/unpyc3.vm/tools/chocolateyuninstall.ps1 b/packages/unpyc3.vm/tools/chocolateyuninstall.ps1 index fe1164e13..94babb074 100644 --- a/packages/unpyc3.vm/tools/chocolateyuninstall.ps1 +++ b/packages/unpyc3.vm/tools/chocolateyuninstall.ps1 @@ -5,3 +5,4 @@ $toolName = 'unpyc3' $category = VM-Get-Category($MyInvocation.MyCommand.Definition) VM-Remove-Tool-Shortcut $toolName $category +Invoke-Expression "py.exe -3.13 -m pip uninstall $toolName -y --disable-pip-version-check 2>&1" diff --git a/packages/unpyc3.vm/unpyc3.vm.nuspec b/packages/unpyc3.vm/unpyc3.vm.nuspec index 1a2122439..82d6b26d0 100644 --- a/packages/unpyc3.vm/unpyc3.vm.nuspec +++ b/packages/unpyc3.vm/unpyc3.vm.nuspec @@ -2,12 +2,12 @@ unpyc3.vm - 0.0.0.20250716 + 0.0.0.20251215 David Reilly unpyc3 is a decompiler for Python 3.7+. - - + + Python https://github.com/greyblue9/unpyc37-3.10