awesome-repositories.com
Blog
awesome-repositories.com

Découvrez les meilleurs dépôts open-source grâce à notre recherche par IA.

ExplorerRecherches sélectionnéesAlternatives open sourceLogiciels auto-hébergésBlogPlan du site
ProjetÀ proposNotre méthodologiePresseServeur MCP
Mentions légalesConfidentialitéConditions d'utilisation
© 2026 Bringes Technology SRL·VAT RO45896025·hello@awesome-repositories.com
·

3 dépôts

Awesome GitHub RepositoriesBinary Capability Catalogs

Indexes that map binaries to their functional capabilities such as code execution or data exfiltration.

Distinct from Binary Analysis Capabilities: Focuses on a functional capability map rather than structural binary analysis or decompilation.

Explore 3 awesome GitHub repositories matching operating systems & systems programming · Binary Capability Catalogs. Refine with filters or upvote what's useful.

Awesome Binary Capability Catalogs GitHub Repositories

Trouvez les meilleurs dépôts grâce à l'IA.Nous recherchons les dépôts les plus pertinents grâce à l'IA.
  • lolbas-project/lolbasAvatar de LOLBAS-Project

    LOLBAS-Project/LOLBAS

    8,323Voir sur GitHub↗

    LOLBAS is a curated database and knowledge base of signed Windows binaries that can be misused to bypass security restrictions and execute unauthorized code. It serves as a technical registry that maps trusted system files to their functional capabilities and the offensive tactics they enable. The project distinguishes itself by providing a capability-driven indexing system and a tactics registry that relates legitimate binary functionality to known security evasion techniques. It includes an association layer that links specific system binaries to attack patterns and tactical objectives, pro

    Catalogs system executables mapped to their ability to execute code, download files, or exfiltrate data.

    XSLTblueteamdfirliving-off-the-land
    Voir sur GitHub↗8,323
  • mandiant/capaAvatar de mandiant

    mandiant/capa

    6,062Voir sur GitHub↗

    capa is a binary capability scanner that identifies high-level behaviors and actions an executable can perform, such as network communication or file manipulation. It functions as a malware behavior analysis tool and a MITRE ATT&CK mapping framework, scanning PE, ELF, .NET, and shellcode files through both static analysis and dynamic sandbox report processing. The tool distinguishes itself through a YAML-based detection rule engine that defines detection logic in human-readable files, with conditions expressed as feature combinations and logical operators. It integrates with IDA Pro, Ghidra,

    Scans PE, ELF, .NET, and shellcode files to catalog their functional capabilities.

    Python
    Voir sur GitHub↗6,062
  • fireeye/capaAvatar de fireeye

    fireeye/capa

    6,062Voir sur GitHub↗

    capa is a static analysis tool that scans executable files to identify what a program can do, detecting capabilities such as API calls, byte sequences, and structural patterns without executing the code. It supports multiple file formats including PE, ELF, .NET, and shellcode, and can also process runtime behavior traces from sandbox reports generated by CAPE, DRAKVUF, or VMRay. The tool integrates directly with reverse engineering environments through plugins for IDA Pro and Ghidra, allowing analysts to view capability matches and author detection rules within their disassembler of choice. C

    Scans PE, ELF, .NET, shellcode, and sandbox report files to detect and list what a program can do.

    Python
    Voir sur GitHub↗6,062
  1. Home
  2. Operating Systems & Systems Programming
  3. Binary Analysis Capabilities
  4. Binary Capability Catalogs

Explorer les sous-tags

  • Capability Match TracingReporting of exact addresses and code features that triggered each capability match for verification during analysis. **Distinct from Binary Capability Catalogs:** Distinct from Binary Capability Catalogs: traces the specific evidence that triggered a match rather than indexing binaries by their capabilities.
  • Executable Capability CatalogsCatalogs that map PE, ELF, .NET, and shellcode binaries to their functional capabilities such as code execution or data exfiltration. **Distinct from Binary Capability Catalogs:** Distinct from Binary Capability Catalogs: focuses on scanning multiple executable formats to detect and list capabilities, not just indexing known binaries.