capa Logo

capa

0
Free
Visit Website

Capa detects capabilities in executable files by analyzing PE, ELF, .NET modules, shellcode files, or sandbox reports to identify potential behaviors such as backdoors, service installation, or communication methods like HTTP. Check out our capa blog posts for more information: Dynamic capa: Exploring Executable Run-Time Behavior with the CAPE Sandbox, capa v4: casting a wider .NET (.NET support), ELFant in the Room – capa v3 (ELF support), capa 2.0: Better, Stronger, Faster, capa: Automatically Identify Malware Capabilities. Usage: $ capa.exe suspicious.exe. ATT&CK Tactic and Technique mapping available.

FEATURES

ALTERNATIVES

A GitHub repository for fuzzing and testing file formats

A tool that recovers passwords from pixelized screenshots

A tool that generates Yara rules for strings and their XOR encoded versions, as well as base64-encoded variations with different padding possibilities.

A dataset release policy for the Android Malware Genome Project, requiring authentication and justification for access to the dataset.

Interactive incremental disassembler with data/control flow analysis capabilities.

A collection of XSS payloads designed to turn alert(1) into P1

A file analysis framework that automates the evaluation of files by running a suite of tools and aggregating the output.

Java decompiler GUI tool for Procyon under Apache License.

PINNED