| DensityScout |
HTTP |
DensityScout calculates file entropy and density. |
malware-analysis, entropy-analysis |
.exe, .dll, .bin |
|
| Detect It Easy |
GitHub Release |
Detect It Easy is a tool for identifying file types and detecting packers. |
pe-analysis, file-analysis, packer-detection |
.exe, .dll, .elf, .mach-o, .bin |
|
| Dumpbin |
GitHub Release |
Microsoft COFF Binary File Dumper: Extract from Visual Studio MSVC Tools |
pe-analysis, reverse-engineering |
.exe, .dll, .obj, .lib |
|
| Python-dsstore |
Git |
A library for parsing .DS_Store files and extracting file names |
forensics, macos, data-extraction |
.DS_Store |
|
| QEMU |
Winget |
QEMU is a generic and open-source machine emulator and virtualizer. It can be used to run operating systems and applications for different architectures on a host system, making it useful for testing, development, and analysis. |
emulation |
.qcow2, .vmdk, .vdi, .img, .iso |
Full only |
| TrID |
HTTP |
TrID is a file identifier utility. |
file-analysis |
|
|
| WinMerge |
Winget |
WinMerge is a visual file and directory comparison tool that helps you compare files and directories. It is useful for identifying differences between files, merging changes, and synchronizing directories. |
binary-diffing |
|
|
| autoit-ripper |
Python |
Extract AutoIt scripts embedded in PE binaries. |
malware-analysis, scripting, deobfuscation |
.exe |
|
| binlex |
GitHub Release |
binlex is a binary genetic traits lexer for malware analysis. |
malware-analysis, binary-analysis, binary-diffing |
.exe, .dll, .elf, .bin |
|
| bulk_extractor |
HTTP |
bulk_extractor extracts features such as email addresses and URLs from disk images. |
forensics, carving, data-extraction |
.dd, .raw, .E01, .img |
|
| cabarchive |
Python |
|
compression, data-extraction |
.cab |
|
| fq |
GitHub Release |
jq for binary formats - tool, language and decoders for working with binary and text formats |
data-processing, binary-analysis, file-analysis |
.pcap, .pcapng, .mp4, .mp3, .flac, .zip, .tar, .gif, .png |
|
| jq |
GitHub Release |
jq is a powerful command-line JSON processor that allows you to parse, filter, and manipulate JSON data with ease. It supports a wide range of operations, including selecting specific fields, transforming data, and performing complex queries. With its simple syntax and extensive functionality, jq is an essential tool for anyone working with JSON data in the command line. |
json, data-processing, cli |
.json, .ndjson, .jsonl |
|
| lessmsi |
GitHub Release |
lessmsi is a tool to view and extract the contents of a Windows Installer (.msi) file. |
windows |
.msi |
|
| magika |
Python |
A tool to determine the content type of a file with deep learning. |
file-analysis, ai |
|
|
| msidump |
Python |
MSI Dump - a tool that analyzes malicious MSI installation packages, extracts files, streams, binary data and incorporates YARA scanner. |
ioc, data-extraction, enrichment, parsing, forensics |
.msi |
|
| oletools |
Python |
Python tools to analyze security characteristics of MS Office and OLE files (also called Structured Storage, Compound File Binary Format or Compound Document File Format), for Malware Analysis and Incident Response #DFIR. |
office, malware-analysis, vba |
.doc, .docx, .xls, .xlsx, .ppt, .pptx, .rtf |
|
| python-magic |
Python |
|
|
|
|
| pyzipper |
Python |
|
compression, encryption |
.zip |
|
| qrtool |
GitHub Release |
Tool for decoding QR codes from images |
encoding, decoding |
.png, .svg |
|
| ripgrep |
GitHub Release |
ripgrep is a fast, modern, and user-friendly command-line search tool. |
search, cli |
|
|
| unpy2exe |
Python |
|
reverse-engineering, python, decompiler |
.exe |
|