awesome-repositories.com
المدونة
awesome-repositories.com

اكتشف أفضل مستودعات المصادر المفتوحة باستخدام بحث مدعوم بالذكاء الاصطناعي.

استكشفعمليات بحث منسقةبدائل مفتوحة المصدربرمجيات ذاتية الاستضافةالمدونةخريطة الموقع
المشروعحولكيفية ترتيب النتائجالصحافةخادم MCP
قانونيالخصوصيةالشروط
© 2026 Bringes Technology SRL·VAT RO45896025·hello@awesome-repositories.com
·

2 مستودعات

Awesome GitHub RepositoriesExecutable Capability Catalogs

Catalogs that map PE, ELF, .NET, and shellcode binaries to their functional capabilities such as code execution or data exfiltration.

Distinct from Binary Capability Catalogs: Distinct from Binary Capability Catalogs: focuses on scanning multiple executable formats to detect and list capabilities, not just indexing known binaries.

Explore 2 awesome GitHub repositories matching operating systems & systems programming · Executable Capability Catalogs. Refine with filters or upvote what's useful.

Awesome Executable Capability Catalogs GitHub Repositories

اعثر على أفضل المستودعات باستخدام الذكاء الاصطناعي.سنبحث عن أفضل المستودعات المطابقة باستخدام الذكاء الاصطناعي.
  • mandiant/capaالصورة الرمزية لـ mandiant

    mandiant/capa

    6,062عرض على GitHub↗

    capa is a binary capability scanner that identifies high-level behaviors and actions an executable can perform, such as network communication or file manipulation. It functions as a malware behavior analysis tool and a MITRE ATT&CK mapping framework, scanning PE, ELF, .NET, and shellcode files through both static analysis and dynamic sandbox report processing. The tool distinguishes itself through a YAML-based detection rule engine that defines detection logic in human-readable files, with conditions expressed as feature combinations and logical operators. It integrates with IDA Pro, Ghidra,

    Scans PE, ELF, .NET, and shellcode files to catalog their functional capabilities.

    Python
    عرض على GitHub↗6,062
  • fireeye/capaالصورة الرمزية لـ fireeye

    fireeye/capa

    6,062عرض على GitHub↗

    capa is a static analysis tool that scans executable files to identify what a program can do, detecting capabilities such as API calls, byte sequences, and structural patterns without executing the code. It supports multiple file formats including PE, ELF, .NET, and shellcode, and can also process runtime behavior traces from sandbox reports generated by CAPE, DRAKVUF, or VMRay. The tool integrates directly with reverse engineering environments through plugins for IDA Pro and Ghidra, allowing analysts to view capability matches and author detection rules within their disassembler of choice. C

    Scans PE, ELF, .NET, shellcode, and sandbox report files to detect and list what a program can do.

    Python
    عرض على GitHub↗6,062
  1. Home
  2. Operating Systems & Systems Programming
  3. Binary Analysis Capabilities
  4. Binary Capability Catalogs
  5. Executable Capability Catalogs