Adobe Flash security tool Flashmingo now open source available

Security company FireEye has made Flashmingo open source available. Flashmingo is a framework for the automatic analysis of SWF files, writes ZDNet. The framework should enable analysts to further investigate suspicious Flash samples with minimal effort.

Adobe Flash should disappear in 2020, but still appears regularly in monthly security updates. Since 2005, it has had over a thousand CVEs, mostly with a CVSS score of 9 or higher. Although most browsers no longer support Flash because of all those vulnerabilities, cyber criminals still use Flash and its exploits.

“Even though Flash is at the end of its life and most of the developer community has moved away from it, we predict that Flash will still be used as an infection vector,” says FireEye.

To ensure that Flash is still secure enough until it really goes down, a balance needs to be struck between spending time on that security and the resources used to monitor the software, and the need for analysis.

Flashmingo

That’s what Flashmingo has to help with. The framework integrates into analysis workflows as a standalone tool or as part of a library. According to FireEye, it is also possible to expand the software functions using your own Python plug-ins. The tool uses the open source SWIFFAS library to parse Flash files. All binary and bytecoda data is stored in an object called SWFO object after parsing. Tag lists, strings, constants and embedded binary data are also included.

Furthermore, there are a number of plugins that are included by default, allowing Flashmingo to find suspicious names of methods and loops, as well as rogue constants. A separate plugin also gives users the option of decompiling Flash objects.

Flashmingo can be downloaded for free from GitHub.