Strelka is a real-time, container-based file scanning system designed for threat hunting, threat detection, and incident response operations. The platform performs file extraction and metadata collection at enterprise scale, allowing users and systems to submit files for analysis and reporting purposes. Built with a core codebase using Go and Python 3.10+, Strelka operates through server components that run in containers to provide deployment flexibility. The system includes OS-native client applications supporting Windows, Mac, and Linux platforms, utilizing cross-platform and cross-language compatible libraries and formats. The platform functions as a modular data scanning system that analyzes, extracts, and reports file content and metadata. When integrated with SIEM systems, Strelka can aggregate data, generate alerts, and provide analysts with environmental insights without requiring direct data gathering or manual file analysis processes. Originally based on the design principles established by Lockheed Martin's Laika BOSS and similar projects, Strelka distinguishes itself through its containerized architecture, cross-platform client support, and modern programming language implementation.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
An open source .NET deobfuscator and unpacker that restores packed and obfuscated assemblies by reversing various obfuscation techniques.
yextend extends Yara's functionality by automatically handling archived and compressed content inflation, enabling pattern matching on files buried within multiple layers of archives.
Intezer is a cloud-based malware analysis platform that detects and classifies malware using genetic code analysis.
A tool that extracts and deobfuscates strings from malware binaries using advanced static analysis techniques.
An open-source dynamic analysis framework that intercepts and monitors API calls in Android applications using the Android Substrate framework.
A sandbox for quickly sandboxing known or unknown families of Android Malware
CAPA is a static analysis tool that detects and reports capabilities in executable files across multiple formats, mapping findings to MITRE ATT&CK tactics and techniques.
A collaborative malware analysis framework with various features for automated analysis tasks.
Valkyrie is a sophisticated file verdict system that enhances malware detection through behavioral analysis and extensive file feature examination.
PINNED

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.