URL package proposal: capa-explorer-web.vm

[mr-tz]

Package Name

capa-explorer-web

Tool Name

capa Explorer Web

Package type

OTHER/UNKNOWN

Is the tool a console application?

false

Version

0

Category

Utilities

Tool's authors

@s-ff, @mike-hunhoff, @williballenthin, @mr-tz

Tool's description

capa Explorer Web is a web-based tool to explore the capabilities identified by capa.

Download URL

https://mandiant.github.io/capa/explorer/capa-explorer-web.zip

Download SHA256 Hash

TBD

Dependencies

No response

Why is this tool a good addition?

This tool allows you to interactively browse and display capa results in multiple viewing modes.

Extra information

There is currently no version tracking. How do you recommend we adjust the URL/file to allow for easier tracking and updates?

This is similar to CyberChef so can be installed analogous most likely.

[Ana06]

@mr-tz the URL should include the version and the URL should work until we have updated the URL to the new version in VM-Packages.

[fariss]

I've explored a bit the options we have to keep a public feed of releases for capa Explorer Web and here my thoughts:

• Using the Github Releases: as far I know, this is not doable because VM-Packages checks the tag_name of a repo (in our case 7.0.3) against the version declared in the capa-explorer-web.vm nuspec file (1.0.0), which is not the intended goal. Even though we have both capa and capa explorer in the same repo, they don't get released with the same version number.

• Using npm registry: we can publish explorer Web release to the NPM registry which keeps a feed of all releases. VM-packages can download the latest using VM-Install-Node-Tool cmdlet (npm install -g capa-explorer-web). This will pull the standalone index.html distributable to the working directory, which can then be moved to the tools dir.

@Ana06 / @mr-tz what do you think about the second option?

[mr-tz]

NPM registry may be an option but I also feel like that capa should make standalone HTMLs directly available for easy download and usage.

[fariss]

NPM registry may be an option but I also feel like that capa should make standalone HTMLs directly available for easy download and usage.

npm registry provides a way to download the zip artifacts easily via https://registry.npmjs.org/<package-name>/-/<package-name>-<version>.tgz. So if we decide to publish there, we can retrieve past releases of capa Explorer Web.

Here is an example from cyberchef npm package:
https://registry.npmjs.org/cyberchef/-/cyberchef-10.19.2.tgz ⟶ retrieves v10.19.2 archive
https://registry.npmjs.org/cyberchef/-/cyberchef-10.18.9.tgz ⟶ retrieves v10.18.9 archive

[Ana06]

Thanks for the ideas @s-ff!

From the FLARE-VM/VM-Packages perspective, we just need a link anywhere to be able to create the package.

My personal opinion is that capa web releases should be synchronized with capa releases as it would allow to release the capa web release in the same capa release, where users can find it easily and FLARE-VM can use it and update it using the current automation. It would also have another advantanges: avoid uncompatibility of rules when merging breaking changes, displaying the version in web for better bug reporting and rules compatibility, and announcing big capa web changes to users instead of constant small changes.

The https://registry.npmjs.org option is also valid and may be easier to implement. But note that VM-Packages does not support automatic updates for https://registry.npmjs.org. We only update tools using GH releases automatically as that is what most tools use to release.