File Analysis
Explore 129 curated tools and resources
Search by name, description, or purpose... (⌘+K)
PINNED
Promoted • 6 toolsCommercial
Data Protection
Commercial
Network Security
Commercial
Consulting
Commercial
Application Security
Commercial
Cloud Security
Commercial
Application Security
Want your tool featured here?
Get maximum visibility with pinned placement
LATEST ADDITIONS
A forensic analysis tool that extracts and parses logs, notifications, and system information from iOS/iPadOS devices and backups.
A forensic analysis tool that extracts and parses logs, notifications, and system information from iOS/iPadOS devices and backups.
A GitHub repository for fuzzing and testing file formats
A free, open-source tool that uncovers persistently installed software on macOS, helping to generically reveal malware.
A free, open-source tool that uncovers persistently installed software on macOS, helping to generically reveal malware.
A comprehensive malware-analysis tool that utilizes external AV scanners to identify malicious elements in binary files.
A comprehensive malware-analysis tool that utilizes external AV scanners to identify malicious elements in binary files.
A C-based steganographic tool that hides files within WAV audio files using least significant bit encoding techniques.
A C-based steganographic tool that hides files within WAV audio files using least significant bit encoding techniques.
Embeddable Yara library for Java with support for loading rules and scanning data.
Embeddable Yara library for Java with support for loading rules and scanning data.
Yara rule generator using VirusTotal code similarity feature code-similar-to.
Yara rule generator using VirusTotal code similarity feature code-similar-to.
A modified version of GNU dd with added features like hashing and fast disk wiping.
A modified version of GNU dd with added features like hashing and fast disk wiping.
Copy executables with execute, but no read permission on Unix systems.
A threat intelligence domain/IP/hash threat feeds checker that checks IPVoid, URLVoid, Virustotal, and Cymon.
A threat intelligence domain/IP/hash threat feeds checker that checks IPVoid, URLVoid, Virustotal, and Cymon.
HxD is a freeware hex editor and disk editor with advanced features for editing files, memory, and disks.
HxD is a freeware hex editor and disk editor with advanced features for editing files, memory, and disks.
A project providing open-source YARA rules for malware and malicious file detection
A project providing open-source YARA rules for malware and malicious file detection
Java decompiler for modern Java features up to Java 14.
Comprehensive suite for advanced file analysis and software supply chain security.
Comprehensive suite for advanced file analysis and software supply chain security.
MetaDefender Cloud offers advanced threat prevention using technologies like Multiscanning, Deep CDR, and Sandbox.
MetaDefender Cloud offers advanced threat prevention using technologies like Multiscanning, Deep CDR, and Sandbox.
Online platform for image steganography analysis
A command-line tool for creating hex dumps, converting between binary and human-readable representations, and patching binary files.
A command-line tool for creating hex dumps, converting between binary and human-readable representations, and patching binary files.
Online Java decompiler tool with support for modern Java features.
Online Java decompiler tool with support for modern Java features.
A tool for signature analysis of RTF files to detect potentially unique parts and malicious documents.
A tool for signature analysis of RTF files to detect potentially unique parts and malicious documents.
CapTipper is a python tool to analyze, explore, and revive HTTP malicious traffic.
CapTipper is a python tool to analyze, explore, and revive HTTP malicious traffic.
Python script to parse the NTFS USN Change Journal.
Joe Sandbox Community provides automated cloud-based malware analysis across multiple OS platforms.
Joe Sandbox Community provides automated cloud-based malware analysis across multiple OS platforms.
A collection of YARA rules for public use, built from intelligence profiles and file work.
A collection of YARA rules for public use, built from intelligence profiles and file work.
A file search and query tool for ops and security experts.
A modified version of Cuckoo Sandbox with enhanced features and capabilities.
A modified version of Cuckoo Sandbox with enhanced features and capabilities.
A command-line tool that visually displays YARA rule matches, regex matches, and hex patterns in binary data with colored output and configurable context bytes.
A command-line tool that visually displays YARA rule matches, regex matches, and hex patterns in binary data with colored output and configurable context bytes.
SWFTools is a collection of utilities for working with Adobe Flash files, including tools for converting PDFs, images, audio, and video files to SWF format.
SWFTools is a collection of utilities for working with Adobe Flash files, including tools for converting PDFs, images, audio, and video files to SWF format.
Exiv2 is a C++ library and command-line utility for reading, writing, deleting, and modifying Exif, IPTC, XMP, and ICC metadata in image files.
Exiv2 is a C++ library and command-line utility for reading, writing, deleting, and modifying Exif, IPTC, XMP, and ICC metadata in image files.
A report on detecting lateral movement through tracking event logs, updated to include analysis of various tools and commands used by attackers.
A report on detecting lateral movement through tracking event logs, updated to include analysis of various tools and commands used by attackers.
IE10Analyzer can parse and recover records from WebCacheV01.dat, providing detailed information and conversion capabilities.
IE10Analyzer can parse and recover records from WebCacheV01.dat, providing detailed information and conversion capabilities.
Search engine for Windows executable files and hashes, providing insights into file prevalence, behavior, and security information.
Search engine for Windows executable files and hashes, providing insights into file prevalence, behavior, and security information.
A Mac OS X computer forensics tool for analyzing system artifacts, user files, and logs with reputation verification and log aggregation capabilities.
A Mac OS X computer forensics tool for analyzing system artifacts, user files, and logs with reputation verification and log aggregation capabilities.
yarAnalyzer creates statistics on a yara rule set and files in a sample directory, generating tables and CSV files, including an inventory feature.
yarAnalyzer creates statistics on a yara rule set and files in a sample directory, generating tables and CSV files, including an inventory feature.
Microservice for scanning files with Yara
A high-performance digital forensics exploitation tool for extracting structured information from various inputs without parsing file system structures.
A high-performance digital forensics exploitation tool for extracting structured information from various inputs without parsing file system structures.
A wargame that challenges your hacking skills
FOCA is a tool used to find metadata and hidden information in scanned documents, with capabilities to analyze various file types and extract EXIF information.
FOCA is a tool used to find metadata and hidden information in scanned documents, with capabilities to analyze various file types and extract EXIF information.
A versatile steganography tool with various installation options and detailed usage instructions.
A versatile steganography tool with various installation options and detailed usage instructions.
A collection of binary tools for various purposes including linking, assembling, profiling, and more.
A collection of binary tools for various purposes including linking, assembling, profiling, and more.
An open source format for storing digital evidence and data, with a C/C++ library for creating, reading, and manipulating AFF4 images.
An open source format for storing digital evidence and data, with a C/C++ library for creating, reading, and manipulating AFF4 images.
A library and tools to access and manipulate VMware Virtual Disk (VMDK) files.
A library and tools to access and manipulate VMware Virtual Disk (VMDK) files.
A library for accessing and parsing OLE 2 Compound File (OLECF) format files, including Microsoft Office documents and thumbs.db files.
A library for accessing and parsing OLE 2 Compound File (OLECF) format files, including Microsoft Office documents and thumbs.db files.
Holistic malware analysis platform with interactive sandbox, static analyzer, and emulation capabilities.
Holistic malware analysis platform with interactive sandbox, static analyzer, and emulation capabilities.
Detects and handles potential malware in Microsoft Exchange 2019 messages with various techniques and third-party libraries.
Detects and handles potential malware in Microsoft Exchange 2019 messages with various techniques and third-party libraries.
A command-line utility and Python package for mounting and unmounting various disk image formats with support for different volume systems and filesystems.
A command-line utility and Python package for mounting and unmounting various disk image formats with support for different volume systems and filesystems.
A tool to verify the integrity of PNG, JNG, and MNG files and extract detailed information about the image.
A tool to verify the integrity of PNG, JNG, and MNG files and extract detailed information about the image.
A tool for extracting IOCs from various input sources and converting them into JSON format.
A tool for extracting IOCs from various input sources and converting them into JSON format.
A parsing tool for Yara Scan Service's JSON output file to help maximize benefits and automate parsing of Yara Scan Service results.
A parsing tool for Yara Scan Service's JSON output file to help maximize benefits and automate parsing of Yara Scan Service results.
PLCinject is a tool for injecting and patching blocks on PLCs with a call instruction.
PLCinject is a tool for injecting and patching blocks on PLCs with a call instruction.
Analyse a forensic target to find and report files found and not found in hashlookup CIRCL public service.
Analyse a forensic target to find and report files found and not found in hashlookup CIRCL public service.
Collection of Windows oneliners for executing arbitrary code and downloading remote payloads.
Collection of Windows oneliners for executing arbitrary code and downloading remote payloads.
A tool for recovering files by scanning block devices and extracting them based on 'magic bytes' in file contents.
A tool for recovering files by scanning block devices and extracting them based on 'magic bytes' in file contents.
Charlotte is an undetected C++ shellcode launcher for executing shellcode with stealth.
Charlotte is an undetected C++ shellcode launcher for executing shellcode with stealth.
A tool to extract indicators of compromise from security reports in PDF format.
A tool to extract indicators of compromise from security reports in PDF format.
A collection of YARA rules designed to identify files containing sensitive information such as usernames, passwords, and credit card numbers for penetration testing and forensic analysis.
A collection of YARA rules designed to identify files containing sensitive information such as usernames, passwords, and credit card numbers for penetration testing and forensic analysis.
Collection of Yara rules for file identification and classification
Collection of Yara rules for file identification and classification
ShadowCopy Analyzer is a tool for cybersecurity researchers to analyze and utilize the ShadowCopy technology for file recovery and system restoration.
ShadowCopy Analyzer is a tool for cybersecurity researchers to analyze and utilize the ShadowCopy technology for file recovery and system restoration.
SauronEye helps in identifying files containing sensitive data such as passwords through targeted directory searches.
SauronEye helps in identifying files containing sensitive data such as passwords through targeted directory searches.
A user-friendly and fast Forensic Analysis tool with features like tagging files and generating preview reports.
A user-friendly and fast Forensic Analysis tool with features like tagging files and generating preview reports.
Analyzing WiFiConfigStore.xml file for digital forensics on Android devices.
Analyzing WiFiConfigStore.xml file for digital forensics on Android devices.
Recover event log entries from an image by heuristically looking for record structures.
Recover event log entries from an image by heuristically looking for record structures.
Malware sandbox for executing malicious files in an isolated environment with advanced features.
Malware sandbox for executing malicious files in an isolated environment with advanced features.
A library for checking potentially malicious files and archives using YARA and making a decision about their harmfulness.
A library for checking potentially malicious files and archives using YARA and making a decision about their harmfulness.
A command-line tool that extracts detailed technical information, metadata, and checksums from JPEG image files with support for multiple output formats.
A command-line tool that extracts detailed technical information, metadata, and checksums from JPEG image files with support for multiple output formats.
Strelka is a real-time, container-based file scanning system that performs file extraction and metadata collection at enterprise scale for threat hunting, detection, and incident response.
Strelka is a real-time, container-based file scanning system that performs file extraction and metadata collection at enterprise scale for threat hunting, detection, and incident response.
Hoarder is a tool to collect and parse windows artifacts.
A freeware suite of tools for PE editing and process viewing, including CFF Explorer and Resource Editor.
A freeware suite of tools for PE editing and process viewing, including CFF Explorer and Resource Editor.
A yara module for searching strings inside zip files
YARA is a tool for identifying and classifying malware samples based on textual or binary patterns.
YARA is a tool for identifying and classifying malware samples based on textual or binary patterns.
Zui is a desktop application for data exploration and analysis that provides drag-and-drop data ingestion, automatic format detection, and interactive querying capabilities for structured and semi-structured data.
Zui is a desktop application for data exploration and analysis that provides drag-and-drop data ingestion, automatic format detection, and interactive querying capabilities for structured and semi-structured data.
A command-line utility to show and change EXIF information in JPEG files
A command-line string extraction utility for digital forensics that supports ASCII and Unicode string extraction from files and directories with pattern matching and filtering capabilities.
A command-line string extraction utility for digital forensics that supports ASCII and Unicode string extraction from files and directories with pattern matching and filtering capabilities.
Laika BOSS is a scalable object scanner and intrusion detection system that extracts child objects, applies security flags, and generates metadata from files for security analysis.
Laika BOSS is a scalable object scanner and intrusion detection system that extracts child objects, applies security flags, and generates metadata from files for security analysis.
Web-based tool for browsing mobile applications sandbox and previewing SQLite databases.
Web-based tool for browsing mobile applications sandbox and previewing SQLite databases.
FSF is a modular, recursive file scanning solution that enables analysts to extend the utility of Yara signatures and define actionable intelligence within a file.
FSF is a modular, recursive file scanning solution that enables analysts to extend the utility of Yara signatures and define actionable intelligence within a file.
A VMware image for penetration testing purposes
A VMware image for penetration testing purposes
A full python tool for analyzing Android files with various functionalities.
A full python tool for analyzing Android files with various functionalities.
A new age tool for binary analysis that uses statistical visualizations to help find patterns in large amounts of binary data.
A new age tool for binary analysis that uses statistical visualizations to help find patterns in large amounts of binary data.
A static analysis framework for extracting key characteristics from various file formats
A static analysis framework for extracting key characteristics from various file formats
A command-line tool for analyzing and extracting detailed information from Windows Portable Executable (PE) files.
A command-line tool for analyzing and extracting detailed information from Windows Portable Executable (PE) files.
A tool for creating compact Linux memory dumps compatible with popular debugging tools.
A tool for creating compact Linux memory dumps compatible with popular debugging tools.
Official repository of YARA rules for threat detection and hunting
Official repository of YARA rules for threat detection and hunting
A tool for reverse engineering Android apk files.
A collection of YARA rules specifically designed for forensic investigations and malware analysis, providing pattern matching capabilities for files and memory dumps.
A collection of YARA rules specifically designed for forensic investigations and malware analysis, providing pattern matching capabilities for files and memory dumps.
A modular tool for collecting intelligence sources for files and outputting in CSV format.
A modular tool for collecting intelligence sources for files and outputting in CSV format.
A PE/COFF file viewer that displays header, section, directory, import table, export table, and resource information within various file types.
A PE/COFF file viewer that displays header, section, directory, import table, export table, and resource information within various file types.
A static code analysis tool for parsing common data formats to detect hardcoded credentials and dangerous functions.
A static code analysis tool for parsing common data formats to detect hardcoded credentials and dangerous functions.
LOKI is a simple IOC and YARA Scanner for Indicators of Compromise Detection.
LOKI is a simple IOC and YARA Scanner for Indicators of Compromise Detection.
UPX is a high-performance executable packer for various executable formats.
A PowerShell module for interacting with VirusTotal to analyze suspicious files and URLs.
A PowerShell module for interacting with VirusTotal to analyze suspicious files and URLs.
A tool for deep analysis of malicious files using ClamAV and YARA rules, with features like scoring suspect files, building visual tree graphs, and extracting specific patterns.
A tool for deep analysis of malicious files using ClamAV and YARA rules, with features like scoring suspect files, building visual tree graphs, and extracting specific patterns.
A Golang application that stores and queries NIST NSRL Reference Data Set for MD5 and SHA1 hash lookups using Bolt database technology.
A Golang application that stores and queries NIST NSRL Reference Data Set for MD5 and SHA1 hash lookups using Bolt database technology.
TestDisk checks disk partitions and recovers lost partitions, while PhotoRec specializes in recovering lost pictures from digital camera memory or hard disks.
TestDisk checks disk partitions and recovers lost partitions, while PhotoRec specializes in recovering lost pictures from digital camera memory or hard disks.
A tool to locally check for signs of a rootkit with various checks and tests.
A tool to locally check for signs of a rootkit with various checks and tests.
A command-line utility for examining Objective-C runtime information in Mach-O files and generating class declarations.
A command-line utility for examining Objective-C runtime information in Mach-O files and generating class declarations.
A library for accessing and parsing Extensible Storage Engine (ESE) Database Files used by Microsoft applications like Windows Search, Exchange, and Active Directory for forensic analysis purposes.
A library for accessing and parsing Extensible Storage Engine (ESE) Database Files used by Microsoft applications like Windows Search, Exchange, and Active Directory for forensic analysis purposes.
DroidBox is a dynamic analysis framework for Android applications that monitors runtime behavior, network activity, file operations, and security events while generating behavioral visualizations.
DroidBox is a dynamic analysis framework for Android applications that monitors runtime behavior, network activity, file operations, and security events while generating behavioral visualizations.
Tool for analyzing Windows Recycle Bin INFO2 file
Falcon Sandbox is a malware analysis framework that provides in-depth static and dynamic analysis of files, offering hybrid analysis, behavior indicators, and integrations with various security tools.
Falcon Sandbox is a malware analysis framework that provides in-depth static and dynamic analysis of files, offering hybrid analysis, behavior indicators, and integrations with various security tools.
A free endpoint security tool for host investigative capabilities to find signs of malicious activity through memory and file analysis.
A free endpoint security tool for host investigative capabilities to find signs of malicious activity through memory and file analysis.
Valkyrie is a sophisticated file verdict system that enhances malware detection through behavioral analysis and extensive file feature examination.
Valkyrie is a sophisticated file verdict system that enhances malware detection through behavioral analysis and extensive file feature examination.
A console program for file recovery through data carving.
A Python script for scanning data within an IDB using Yara
Advanced threat prevention and detection platform leveraging Deep CDR, Multiscanning, and Sandbox technologies to protect against data breaches and ransom attacks.
Advanced threat prevention and detection platform leveraging Deep CDR, Multiscanning, and Sandbox technologies to protect against data breaches and ransom attacks.
A library and tools for accessing and analyzing Linux Logical Volume Manager (LVM) volume system format.
A library and tools for accessing and analyzing Linux Logical Volume Manager (LVM) volume system format.
A command-line utility for extracting human-readable text from binary files.
A command-line utility for extracting human-readable text from binary files.
An Open Source solution for management of Threat Intelligence at scale, integrating multiple analyzers and malware analysis tools.
An Open Source solution for management of Threat Intelligence at scale, integrating multiple analyzers and malware analysis tools.
Emulates browser functionality to detect exploits targeting browser vulnerabilities.
Emulates browser functionality to detect exploits targeting browser vulnerabilities.
A portable forensic tool that detects encrypted containers like Truecrypt and Veracrypt by analyzing file headers, block cipher patterns, and entropy without external dependencies.
A portable forensic tool that detects encrypted containers like Truecrypt and Veracrypt by analyzing file headers, block cipher patterns, and entropy without external dependencies.
DocBleach is a Content Disarm and Reconstruction software that sanitizes Office documents by removing potentially malicious dynamic content to prevent security threats.
DocBleach is a Content Disarm and Reconstruction software that sanitizes Office documents by removing potentially malicious dynamic content to prevent security threats.
A Cross-Platform Forensic Framework for Google Chrome that allows investigation of history, downloads, bookmarks, cookies, and provides a full report.
A Cross-Platform Forensic Framework for Google Chrome that allows investigation of history, downloads, bookmarks, cookies, and provides a full report.
Leading open source automated malware analysis system.
Steganography brute-force utility with performance issues, deprecated in favor of stegseek.
Steganography brute-force utility with performance issues, deprecated in favor of stegseek.
Compact C framework for analyzing suspected malware documents and detecting exploits and embedded executables.
Compact C framework for analyzing suspected malware documents and detecting exploits and embedded executables.
WinSearchDBAnalyzer can parse and recover records in Windows.edb, providing detailed insights into various data types.
WinSearchDBAnalyzer can parse and recover records in Windows.edb, providing detailed insights into various data types.
A file analysis framework that automates the evaluation of files by running a suite of tools and aggregating the output.
A file analysis framework that automates the evaluation of files by running a suite of tools and aggregating the output.
Fernflower is an analytical decompiler for Java with command-line options and support for external classes.
Fernflower is an analytical decompiler for Java with command-line options and support for external classes.
wxHexEditor is a free cross-platform hex editor and disk editor for editing binary files, disk devices, and logical drives with data manipulation and checksum calculation features.
wxHexEditor is a free cross-platform hex editor and disk editor for editing binary files, disk devices, and logical drives with data manipulation and checksum calculation features.
Repository of TRISIS/TRITON/HatMan malware samples and decompiled sources targeting ICS Triconex SIS controllers.
Repository of TRISIS/TRITON/HatMan malware samples and decompiled sources targeting ICS Triconex SIS controllers.
Blazingly fast Yara queries for malware analysts with an analyst-friendly web GUI.
Blazingly fast Yara queries for malware analysts with an analyst-friendly web GUI.
Browse and analyze iPhone/iPad backups with detailed file properties and various viewers.
Browse and analyze iPhone/iPad backups with detailed file properties and various viewers.
Universal hexadecimal editor for computer forensics, data recovery, and IT security.
Universal hexadecimal editor for computer forensics, data recovery, and IT security.
Extracts resources (bitmaps, icons, cursors, AVI movies, HTML files, and more) from dll files
Extracts resources (bitmaps, icons, cursors, AVI movies, HTML files, and more) from dll files
A Python script that detects and removes Thinkst Canary Tokens from files using signature-based detection methods.
A Python script that detects and removes Thinkst Canary Tokens from files using signature-based detection methods.
yextend extends Yara's functionality by automatically handling archived and compressed content inflation, enabling pattern matching on files buried within multiple layers of archives.
yextend extends Yara's functionality by automatically handling archived and compressed content inflation, enabling pattern matching on files buried within multiple layers of archives.
Tool for parsing NTFS journal files, $Logfile, and $MFT.
Chaosreader is a tool for ripping files from network sniffing dumps and replaying various protocols and file transfers.
Chaosreader is a tool for ripping files from network sniffing dumps and replaying various protocols and file transfers.
Open Source Intelligence solution for threat intelligence data enrichment and quick analysis of suspicious files or malware.
Open Source Intelligence solution for threat intelligence data enrichment and quick analysis of suspicious files or malware.