capa Logo

capa

0
Free
Visit Website

Capa detects capabilities in executable files by analyzing PE, ELF, .NET modules, shellcode files, or sandbox reports to identify potential behaviors such as backdoors, service installation, or communication methods like HTTP. Check out our capa blog posts for more information: Dynamic capa: Exploring Executable Run-Time Behavior with the CAPE Sandbox, capa v4: casting a wider .NET (.NET support), ELFant in the Room – capa v3 (ELF support), capa 2.0: Better, Stronger, Faster, capa: Automatically Identify Malware Capabilities. Usage: $ capa.exe suspicious.exe. ATT&CK Tactic and Technique mapping available.

FEATURES

ALTERNATIVES

DOM XSS scanner for Single Page Applications

YARA is a tool for identifying and classifying malware samples based on textual or binary patterns.

A framework for reverse engineering Flutter apps with modified Flutter library for dynamic analysis and traffic monitoring.

Automated blind-xss search for Burp Suite

Repository of YARA rules for Trellix ATR blogposts and investigations

A Linux process injection tool that injects shellcode into a running process

A tool to dump ODIN3 messages into files for reverse-engineering

A minimal, consistent API for building integrations with malware sandboxes