4.1 KiB
█████╗ ██╗ ██╗██╗ ██╗███╗ ███╗ ██████╗ ██████╗ ████████╗███████╗███╗ ███╗
██╔══██╗╚██╗██╔╝██║ ██║████╗ ████║██╔═══██╗██╔══██╗╚══██╔══╝██╔════╝████╗ ████║
███████║ ╚███╔╝ ██║ ██║██╔████╔██║██║ ██║██████╔╝ ██║ █████╗ ██╔████╔██║
██╔══██║ ██╔██╗ ██║ ██║██║╚██╔╝██║██║ ██║██╔══██╗ ██║ ██╔══╝ ██║╚██╔╝██║
██║ ██║██╔╝ ██╗╚██████╔╝██║ ╚═╝ ██║╚██████╔╝██║ ██║ ██║ ███████╗██║ ╚═╝ ██║
╚═╝ ╚═╝╚═╝ ╚═╝ ╚═════╝ ╚═╝ ╚═╝ ╚═════╝ ╚═╝ ╚═╝ ╚═╝ ╚══════╝╚═╝ ╚═╝
Static binary analysis engine with multi-format parsing, YARA scanning, x86 disassembly, and MITRE ATT&CK threat scoring.
This is a quick overview — security theory, architecture, and full walkthroughs are in the learn modules.
What It Does
- Multi-format binary parsing (ELF, PE, Mach-O) with section analysis and import table extraction
- YARA rule scanning with 14 built-in detection rules for malware, packers, and crypto patterns
- x86/x86_64 disassembly with control flow graph generation from entry points and symbol tables
- Shannon entropy analysis for detecting packed or encrypted sections
- 8-category threat scoring system (max 100 points) with MITRE ATT&CK technique mapping
- Pass-based analysis pipeline with topological ordering and dependency resolution
Quick Start
docker compose up -d
Visit http://localhost:22784
[!TIP] This project uses
justas a command runner. Typejustto see all available commands.Install:
curl -sSf https://just.systems/install.sh | bash -s -- --to ~/.local/bin
Stack
Backend: Rust, Axum, goblin, iced-x86, yara-x, SQLx, PostgreSQL
Frontend: React 19, TypeScript, Vite, TanStack Query, Zustand, Zod, SCSS Modules
Infra: Docker Compose, Nginx, PostgreSQL 18
Learn
This project includes step-by-step learning materials covering security theory, architecture, and implementation.
| Module | Topic |
|---|---|
| 00 - Overview | Prerequisites and quick start |
| 01 - Concepts | Security theory and real-world breaches |
| 02 - Architecture | System design and data flow |
| 03 - Implementation | Code walkthrough |
| 04 - Challenges | Extension ideas and exercises |
License
AGPL 3.0