Question 1

How to install rhabdomancer on Windows?

Accepted Answer

On Windows, set environment variables for LIBCLANG_PATH, PATH, and IDADIR in PowerShell, then run 'cargo install rhabdomancer'. The README provides exact commands, but it requires prior installation of IDA Pro and LLVM/Clang.

Question 2

Rhabdomancer vs Ghidra for finding insecure API calls?

Accepted Answer

Rhabdomancer is optimized for fast, headless operation within the IDA Pro ecosystem with prioritized findings, while Ghidra is open-source and offers a full GUI suite. Rhabdomancer excels in automation for IDA users, but Ghidra is more accessible for those without proprietary tools.

Question 3

Does rhabdomancer work with IDA Pro 8?

Accepted Answer

No, Rhabdomancer is specifically designed for IDA Pro 9.x, as shown in the compatibility table. It relies on idalib Rust bindings that are only compatible with recent versions, so older IDA Pro versions are unsupported.

Question 4

How to customize the bad API list in rhabdomancer?

Accepted Answer

Edit the 'conf/rhabdomancer.toml' configuration file to add or modify API functions. You can also set the RHABDOMANCER_CONFIG environment variable to point to a custom TOML file, as explained in the usage section.

Question 5

What architectures does rhabdomancer support?

Accepted Answer

Rhabdomancer works with any architecture supported by IDA Pro, including x86, ARM, and MIPS, for C/C++ binaries. The README states it leverages IDA's cross-architecture capabilities through the idalib bindings.

Question 6

Can rhabdomancer find vulnerabilities automatically?

Accepted Answer

No, Rhabdomancer only identifies calls to potentially insecure API functions as starting points for manual audit. It does not automate vulnerability detection or exploit generation; the TODO list mentions possible future enhancements like VulFi-style rules.

rhabdomancer

What is rhabdomancer?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions