
Research
/Security News
Critical Vulnerability in NestJS Devtools: Localhost RCE via Sandbox Escape
A flawed sandbox in @nestjs/devtools-integration lets attackers run code on your machine via CSRF, leading to full Remote Code Execution (RCE).
This project provides a Domain Model for IDA Pro, allowing seamless interaction with IDA SDK components via Python.
Set the IDADIR
environment variable to point to your IDA installation directory:
export IDADIR="[IDA Installation Directory]"
Example:
export IDADIR="/Applications/IDA Professional 9.1.app/Contents/MacOS/"
Note: If you have already installed and configured the
idapro
Python package, settingIDADIR
is not required.
pip install ida-domain
Here is an example showing how to use IDA Domain to analyze a binary:
#!/usr/bin/env python3
"""
Database exploration example for IDA Domain API.
This example demonstrates how to open an IDA database and explore its basic properties.
"""
import argparse
from dataclasses import asdict
import ida_domain
from ida_domain import Database
from ida_domain.database import IdaCommandOptions
def explore_database(db_path):
"""Explore basic database information."""
ida_options = IdaCommandOptions(auto_analysis=True, new_database=True)
with Database.open(db_path, ida_options) as db:
# Get basic information
print(f'Address range: {hex(db.minimum_ea)} - {hex(db.maximum_ea)}')
# Get metadata
print('Database metadata:')
metadata_dict = asdict(db.metadata)
for key, value in metadata_dict.items():
print(f' {key}: {value}')
# Count functions
function_count = 0
for _ in db.functions.get_all():
function_count += 1
print(f'Total functions: {function_count}')
def main():
"""Main entry point with argument parsing."""
parser = argparse.ArgumentParser(description='Database exploration example')
parser.add_argument(
'-f', '--input-file', help='Binary input file to be loaded', type=str, required=True
)
args = parser.parse_args()
explore_database(args.input_file)
if __name__ == '__main__':
main()
Complete documentation is available at: https://ida-domain.docs.hex-rays.com/
This project is licensed under the MIT License - see the LICENSE file for details.
FAQs
IDA Domain API - Python interface for IDA Pro reverse engineering platform
We found that ida-domain demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
/Security News
A flawed sandbox in @nestjs/devtools-integration lets attackers run code on your machine via CSRF, leading to full Remote Code Execution (RCE).
Product
Customize license detection with Socket’s new license overlays: gain control, reduce noise, and handle edge cases with precision.
Product
Socket now supports Rust and Cargo, offering package search for all users and experimental SBOM generation for enterprise projects.