MCPcopy
hub / github.com/mandiant/flare-floss / make_parser

Function make_parser

floss/main.py:96–306  ·  view source on GitHub ↗
(argv)

Source from the content-addressed store, hash-verified

94
95
96def make_parser(argv):
97 desc = (
98 "The FLARE team's open-source tool to extract ALL strings from malware.\n"
99 f" %(prog)s {__version__} - https://github.com/mandiant/flare-floss/\n\n"
100 "FLOSS extracts the following string types:\n"
101 ' 1. static strings: "regular" ASCII and UTF-16LE strings\n'
102 " 2. stack strings: strings constructed on the stack at run-time\n"
103 " 3. tight strings: special form of stack strings, decoded on the stack\n"
104 " 4. decoded strings: strings decoded in a function\n\n"
105 "Language-specific strings:\n"
106 " 1. Go: strings from binaries written in Go\n"
107 " 2. Rust: strings from binaries written in Rust\n"
108 )
109 epilog = textwrap.dedent(
110 """
111 only displaying core arguments, run `floss -H` to see all supported options
112
113 examples:
114 extract all strings from an executable
115 floss suspicious.exe
116
117 do not extract static strings
118 floss --no static -- suspicious.exe
119
120 only extract stack and tight strings
121 floss --only stack tight -- suspicious.exe
122 """
123 )
124 epilog_advanced = textwrap.dedent(
125 """
126 examples:
127 extract all strings from 32-bit shellcode
128 floss -f sc32 shellcode.bin
129
130 only decode strings from the specified functions
131 floss --functions 0x401000 0x401100 suspicious.exe
132
133 extract strings from a binary written in Go (if automatic language identification fails)
134 floss --language go program.exe
135 """
136 )
137
138 show_all_options = "-H" in argv
139
140 parser = ArgumentParser(
141 description=desc,
142 epilog=epilog_advanced if show_all_options else epilog,
143 formatter_class=argparse.RawDescriptionHelpFormatter,
144 )
145 parser.register("action", "extend", floss.utils.ExtendAction)
146 parser.add_argument("-H", action="help", help="show advanced options and exit")
147 parser.add_argument(
148 "-n",
149 "--minimum-length",
150 dest="min_length",
151 type=int,
152 default=MIN_STRING_LENGTH,
153 help="minimum string length",

Callers 1

mainFunction · 0.85

Calls 2

ArgumentParserClass · 0.85
formatMethod · 0.80

Tested by

no test coverage detected