awesome-repositories.com
Blog
awesome-repositories.com

Entdecke die besten Open-Source-Repositories mit KI-gestützter Suche.

EntdeckenKuratierte SuchenOpen-source alternativesSelf-hosted softwareBlogSitemap
ProjektÜber unsHow we rankPresseMCP-Server
RechtlichesDatenschutzAGB
© 2026 Bringes Technology SRL·VAT RO45896025·hello@awesome-repositories.com
·

3 Repos

Awesome GitHub RepositoriesBinary Capability Catalogs

Indexes that map binaries to their functional capabilities such as code execution or data exfiltration.

Distinct from Binary Analysis Capabilities: Focuses on a functional capability map rather than structural binary analysis or decompilation.

Explore 3 awesome GitHub repositories matching operating systems & systems programming · Binary Capability Catalogs. Refine with filters or upvote what's useful.

Awesome Binary Capability Catalogs GitHub Repositories

Finde die besten Repos mit KI.Wir suchen mit KI nach den am besten passenden Repositories.
  • lolbas-project/lolbasAvatar von LOLBAS-Project

    LOLBAS-Project/LOLBAS

    8,323Auf GitHub ansehen↗

    LOLBAS is a curated database and knowledge base of signed Windows binaries that can be misused to bypass security restrictions and execute unauthorized code. It serves as a technical registry that maps trusted system files to their functional capabilities and the offensive tactics they enable. The project distinguishes itself by providing a capability-driven indexing system and a tactics registry that relates legitimate binary functionality to known security evasion techniques. It includes an association layer that links specific system binaries to attack patterns and tactical objectives, pro

    Catalogs system executables mapped to their ability to execute code, download files, or exfiltrate data.

    XSLTblueteamdfirliving-off-the-land
    Auf GitHub ansehen↗8,323
  • mandiant/capaAvatar von mandiant

    mandiant/capa

    6,062Auf GitHub ansehen↗

    capa is a binary capability scanner that identifies high-level behaviors and actions an executable can perform, such as network communication or file manipulation. It functions as a malware behavior analysis tool and a MITRE ATT&CK mapping framework, scanning PE, ELF, .NET, and shellcode files through both static analysis and dynamic sandbox report processing. The tool distinguishes itself through a YAML-based detection rule engine that defines detection logic in human-readable files, with conditions expressed as feature combinations and logical operators. It integrates with IDA Pro, Ghidra,

    Scans PE, ELF, .NET, and shellcode files to catalog their functional capabilities.

    Python
    Auf GitHub ansehen↗6,062
  • fireeye/capaAvatar von fireeye

    fireeye/capa

    6,062Auf GitHub ansehen↗

    capa is a static analysis tool that scans executable files to identify what a program can do, detecting capabilities such as API calls, byte sequences, and structural patterns without executing the code. It supports multiple file formats including PE, ELF, .NET, and shellcode, and can also process runtime behavior traces from sandbox reports generated by CAPE, DRAKVUF, or VMRay. The tool integrates directly with reverse engineering environments through plugins for IDA Pro and Ghidra, allowing analysts to view capability matches and author detection rules within their disassembler of choice. C

    Scans PE, ELF, .NET, shellcode, and sandbox report files to detect and list what a program can do.

    Python
    Auf GitHub ansehen↗6,062
  1. Home
  2. Operating Systems & Systems Programming
  3. Binary Analysis Capabilities
  4. Binary Capability Catalogs

Unter-Tags erkunden

  • Capability Match TracingReporting of exact addresses and code features that triggered each capability match for verification during analysis. **Distinct from Binary Capability Catalogs:** Distinct from Binary Capability Catalogs: traces the specific evidence that triggered a match rather than indexing binaries by their capabilities.
  • Executable Capability CatalogsCatalogs that map PE, ELF, .NET, and shellcode binaries to their functional capabilities such as code execution or data exfiltration. **Distinct from Binary Capability Catalogs:** Distinct from Binary Capability Catalogs: focuses on scanning multiple executable formats to detect and list capabilities, not just indexing known binaries.