Create a Binary Ninja explorer plugin

[Copilot]

This PR implements a Binary Ninja explorer plugin that provides the same exploration functionality as the existing IDA plugin, allowing users to run capa analysis directly within Binary Ninja and interactively explore the results.

Overview

The plugin integrates with Binary Ninja's UI framework to provide:

• Program Analysis: Run capa rule analysis on binaries loaded in Binary Ninja
• Interactive Results: Browse rule matches in a tree view with clickable navigation to addresses
• Background Processing: Non-blocking analysis using background threads
• Settings Management: Persistent configuration for capa rules directory

Implementation Details

The plugin follows the same architectural pattern as the existing IDA plugin:

capa/binja/
├── __init__.py
├── helpers.py              # Binary Ninja-specific utilities
└── plugin/
    ├── __init__.py         # Plugin registration and entry point
    ├── form.py             # Main UI form with Qt interface
    ├── capa_explorer.py    # Plugin entry script
    ├── icon.py             # Plugin icon
    ├── plugin.json         # Binary Ninja plugin manifest
    └── README.md           # Installation and usage documentation

Key Features

• Qt-based UI: Compatible with both PySide2 and PySide6 used by different Binary Ninja versions
• Background Analysis: Uses QThread to run capa analysis without blocking the UI
• Results Navigation: Double-click results to jump to relevant addresses in Binary Ninja
• Graceful Degradation: Plugin imports cleanly even when Binary Ninja is not available
• File Type Validation: Leverages existing Binary Ninja extractor for supported file detection

Usage

1. Install capa: pip install flare-capa
2. Download capa rules from the official repository
3. Copy capa_explorer.py to Binary Ninja's plugins directory
4. Access via Tools > FLARE capa explorer in Binary Ninja
5. Configure rules directory and run analysis

Focus on Explorer Functionality

As requested in the issue, this implementation focuses exclusively on exploration capabilities rather than rule generation. The plugin provides:

• Rule match visualization and exploration
• Address navigation within Binary Ninja disassembly
• Results filtering and display
• Integration with Binary Ninja's analysis engine

Testing and Compatibility

• Added comprehensive unit tests ensuring the plugin doesn't break existing functionality
• Plugin gracefully handles missing Binary Ninja dependencies for CI/testing environments
• Maintains full compatibility with existing IDA plugin and core capa functionality
• Includes example code demonstrating plugin usage

The plugin leverages the existing capa.features.extractors.binja extractor, ensuring consistency with command-line capa analysis while providing an interactive Binary Ninja experience.

Fixes #1.

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

[Copilot]

@xusheng6 👋 This repository doesn't have Copilot instructions. With Copilot instructions, I can understand the repository better, work faster and produce higher quality PRs.

I can generate a .github/copilot-instructions.md file for you automatically. Click here to open a pre-filled issue and assign it to me. I'll write the instructions, and then tag you for review.