Dockerize IDA Pro
Docker IDA is an open source project that allows you to dockerize IDA Pro to make reverse engineering on a large scale simpler and faster. It does so by wrapping IDA Pro with a command line interface, which automates the use of IDAPython scripts and batch analysis. This solves the problem that malware analysis and reverse engineering industry has been facing since long – upscaling these tools and getting software to run reliably when moved from one computing environment to another. One container can wrap up a piece of software in a complete file system that includes everything it needs to run IDA Pro. is configured to have everything you need for a working IDA machine, ready to run scripts:
IDA Pro (Linux version) automatically installed with all its dependencies.
pip install – Install external python libraries that integrate into the IDAPython engine such as pexpect, networkx, flask, gunicorn.
Sark – The excellent library by Tamir Bahar is preinstalled, to simplify IDAPython scripting
Special wrapper script in order to quickly run IDA without ANY screen output
With such a dockerized machines, you can perform automated unpacking of malwares, fuzz files, string de-obfuscation or check for for buffer overflow exploits.
Docker IDA Installation:
Clone docker-ida repository:
$ git clone https://github.com/intezer/docker-ida
Copy IDA Pro installation file to the repository’s ida directory:
$ cp <ida-installation-file-path> docker-ida/ida/ida.run
Build Docker IDA image:
$ sudo docker build -t ida --build-arg IDA_PASSWORD=<password> docker-ida/ida
Download
