capa Logo

capa

0
Free
Visit Website

Capa detects capabilities in executable files by analyzing PE, ELF, .NET modules, shellcode files, or sandbox reports to identify potential behaviors such as backdoors, service installation, or communication methods like HTTP. Check out our capa blog posts for more information: Dynamic capa: Exploring Executable Run-Time Behavior with the CAPE Sandbox, capa v4: casting a wider .NET (.NET support), ELFant in the Room – capa v3 (ELF support), capa 2.0: Better, Stronger, Faster, capa: Automatically Identify Malware Capabilities. Usage: $ capa.exe suspicious.exe. ATT&CK Tactic and Technique mapping available.

FEATURES

ALTERNATIVES

A Yara ruleset for detecting PHP shells and other webserver malware.

Standalone graphical utility for viewing Java source codes from ".class" files.

Ropper is a tool for analyzing binary files and searching for gadgets to build rop chains for different architectures.

Original SmaliHook Java source for Android cracking and reversing.

IDA Pro plugin for finding crypto constants

A tool to find XSS vulnerabilities in web applications

A tool to detect, manage and exploit Blind Cross-site scripting (XSS) vulnerabilities.

A tool to embed XXE and XSS payloads in various file formats

PINNED