awesome-repositories.com
Blog
awesome-repositories.com

Descoperă cele mai bune repository-uri open source cu căutare AI.

ExploreazăCăutări recomandateAlternative open-sourceSoftware self-hostedBlogHartă site
ProiectDespreCum realizăm clasamentulPresăServer MCP
LegalConfidențialitateTermeni
© 2026 Bringes Technology SRL·VAT RO45896025·hello@awesome-repositories.com
·

3 repository-uri

Awesome GitHub RepositoriesSandbox Report Analysis

Analysis of runtime behavior reports from CAPE, DRAKVUF, or VMRay sandboxes to detect program capabilities from execution traces.

Distinct from Binary Execution Sandboxes: Distinct from Binary Execution Sandboxes: analyzes reports from sandboxes rather than creating or executing within sandbox environments.

Explore 3 awesome GitHub repositories matching security & cryptography · Sandbox Report Analysis. Refine with filters or upvote what's useful.

Awesome Sandbox Report Analysis GitHub Repositories

Găsește cele mai bune repo-uri cu AI.Vom căuta cele mai potrivite repository-uri folosind AI.
  • mandiant/capaAvatar mandiant

    mandiant/capa

    6,062Vezi pe GitHub↗

    capa is a binary capability scanner that identifies high-level behaviors and actions an executable can perform, such as network communication or file manipulation. It functions as a malware behavior analysis tool and a MITRE ATT&CK mapping framework, scanning PE, ELF, .NET, and shellcode files through both static analysis and dynamic sandbox report processing. The tool distinguishes itself through a YAML-based detection rule engine that defines detection logic in human-readable files, with conditions expressed as feature combinations and logical operators. It integrates with IDA Pro, Ghidra,

    Processes execution reports from CAPE, DRAKVUF, and VMRay sandboxes to detect runtime capabilities.

    Python
    Vezi pe GitHub↗6,062
  • fireeye/capaAvatar fireeye

    fireeye/capa

    6,062Vezi pe GitHub↗

    capa is a static analysis tool that scans executable files to identify what a program can do, detecting capabilities such as API calls, byte sequences, and structural patterns without executing the code. It supports multiple file formats including PE, ELF, .NET, and shellcode, and can also process runtime behavior traces from sandbox reports generated by CAPE, DRAKVUF, or VMRay. The tool integrates directly with reverse engineering environments through plugins for IDA Pro and Ghidra, allowing analysts to view capability matches and author detection rules within their disassembler of choice. C

    Processes sandbox-generated reports from CAPE, DRAKVUF, or VMRay to detect capabilities from runtime behavior.

    Python
    Vezi pe GitHub↗6,062
  • cuckoosandbox/cuckooAvatar cuckoosandbox

    cuckoosandbox/cuckoo

    5,959Vezi pe GitHub↗

    Cuckoo is an open-source automated malware analysis system that executes suspicious files inside isolated virtual machines and produces structured behavioral reports. The platform captures system calls, file operations, and network activity during execution, compiling them into comprehensive analysis documents for programmatic consumption. The system operates through a modular analysis pipeline that processes behavioral data, applying YARA signature patterns against captured artifacts to identify known malware families. Each analysis run starts from a clean virtual machine snapshot to ensure

    Compiles system calls, file operations, and network activity into comprehensive behavioral analysis reports.

    JavaScript
    Vezi pe GitHub↗5,959
  1. Home
  2. Security & Cryptography
  3. Binary Execution Sandboxes
  4. Sandbox Report Analysis

Explorează sub-etichetele

  • Behavioral Analysis ReportsReports that compile system calls, file operations, and network activity captured during dynamic execution of untrusted samples. **Distinct from Sandbox Report Analysis:** Distinct from Sandbox Report Analysis: focuses on behavioral traces (syscalls, file ops, network) rather than capability detection from sandbox output.