Flare-floss

The v3.1.1 release relaxes restrictions on dependencies, which enables you to use FLOSS with Python 3.12 and newer.

**Full Changelog**: https://github.com/mandiant/flare-floss/compare/v3.1.0...v3.1.1

New Features
* updated Rust Version Database and Scripts by Arker123 in https://github.com/mandiant/flare-floss/pull/926
* fix: handle default prompt when stdout is redirected by Arker123 in https://github.com/mandiant/flare-floss/pull/938
* provide an option to install right click menu option for Windows by lyc8503 in https://github.com/mandiant/flare-floss/pull/970
* feat: added decoding functions calls by RahulSankhla312 in https://github.com/mandiant/flare-floss/pull/978

Other Updates
* fix typo in README.md by sleeyax in https://github.com/mandiant/flare-floss/pull/936
* updated various dependencies
* including bump-pydantic from 1.10.9 to 2.6.0 by Aayush-Goel-04 in https://github.com/mandiant/flare-floss/pull/954
* changed deprecated pytest functionality by Sylan-Padmakumar in https://github.com/mandiant/flare-floss/pull/959
* migrate to pyproject toml by s-ff in https://github.com/mandiant/flare-floss/pull/967
* [CI] Update GitHub actions by rimvydascivilis in https://github.com/mandiant/flare-floss/pull/982

New Contributors
* sleeyax made their first contribution in https://github.com/mandiant/flare-floss/pull/936
* Sylan-Padmakumar made their first contribution in https://github.com/mandiant/flare-floss/pull/959
* s-ff made their first contribution in https://github.com/mandiant/flare-floss/pull/967
* lyc8503 made their first contribution in https://github.com/mandiant/flare-floss/pull/970
* rimvydascivilis made their first contribution in https://github.com/mandiant/flare-floss/pull/982
* RahulSankhla312 made their first contribution in https://github.com/mandiant/flare-floss/pull/978

**Full Changelog**: https://github.com/mandiant/flare-floss/compare/v3.0.1...v3.1.0

This release fixes the missing language module in the v3.0.0 PyPI build.

New Features
- identification of programs written in Go, Rust, and .NET
- extraction of strings embedded in Go programs
- extraction of strings embedded in Rust programs

Other Updates
- updates to the IDA plugin
- upgraded minimum required Python version to 3.8
- various bug fixes
- various code quality improvements

Google Summer of Code 2023
Arker123 contributed the majority of features and improvements during the [Google Summer of Code](https://summerofcode.withgoogle.com/) working closely with the Mandiant FLARE team. We'd like to thank him for the great collaboration and discussions before, during, and after the twelve week program.

Contributors
Thanks to all our contributors, including symbolicvoid, DiegoRomeo, sara-rn and especially Arker123

**Full Changelog**: https://github.com/mandiant/flare-floss/compare/v2.3.0...v3.0.0

quantumstrand-preview7
fixes:
- PyInstaller build

quantumstrand-preview6
changes:
- add column to show `U` to indicated UTF-16LE string (versus ASCII default)
- add database of common junk code strings
- add -n minimum string length CLI option

quantumstrand-preview5
[readme](https://github.com/mandiant/flare-floss/blob/81f2fb4/floss/qs/readme.md)

changes:
- parse and display PE Authenticode signature region

fixes:
- handling of non-PE files
- various PE and code parsing fixes in lancelot

<img width="754" alt="image" src="https://github.com/mandiant/flare-floss/assets/156560/f2d471a3-2624-498c-aaa9-928e2909c338">

<img width="747" alt="image" src="https://github.com/mandiant/flare-floss/assets/156560/23bd20a1-7dff-46b5-be65-12582cb90d64">

<img width="748" alt="image" src="https://github.com/mandiant/flare-floss/assets/156560/c8e2d07e-98ac-42e4-8b8a-b5ced081d7b0">

New Features
- added false positive string filters
- use rich library for rendering of output and traceback
- initial detection of binaries compiled using Go
- updated dependencies

Other Updates
- various bug fixes

Contributors
Thanks to all our contributors, including d01a, Arker123, Dobatymo, Aayush-Goel-04, symbolicvoid, EmperialX, ggold7046, ooprathamm, deepaksirohiwal, and DeeyaSingh!

quantumstrand-preview4
[readme](https://github.com/mandiant/flare-floss/blob/1bae0e6/floss/qs/readme.md)

changes:
- re-enable structure hints for strings found in known structures
- tweak color used to display string address





quantumstrand-preview3
[readme](https://github.com/mandiant/flare-floss/blob/1bae0e6/floss/qs/readme.md)

changes:
- recursively parse PE files, such as those found with resources
- add additional global prevalence database derived from 7 days of VT downloads
- render regions with borders to better show groupings
- don't show library tags when there are less than five matches to avoid false positives
- hide strings that overlap with code

<img width="776" alt="image" src="https://github.com/mandiant/flare-floss/assets/156560/3509d73e-29e8-49ad-b49c-82874d5201af">

<img width="775" alt="image" src="https://github.com/mandiant/flare-floss/assets/156560/2a8e4862-4ec1-4a9f-b483-d26dfa402c69">

<img width="777" alt="image" src="https://github.com/mandiant/flare-floss/assets/156560/4f637a7c-6283-4a2f-8446-e92e5c2503a1">


quantumstrand-preview2
<img width="955" alt="image" src="https://github.com/mandiant/flare-floss/assets/156560/ed7fb658-742b-40f8-87f5-a2674d7db3c0">

<img width="944" alt="image" src="https://github.com/mandiant/flare-floss/assets/156560/65a1429a-e538-4154-8474-c4de7f2d2df1">

New Features
- ignore stackstrings and decoded strings that functions reference before analysis/decoding
- updated dependencies, FLOSS now supports Python 3.11

Other Updates
- macOS builds and tests now use `macos-11`