ENNAENNA

capa vs FLARE FLOSS

capa

๐Ÿ”ฌ Digital Forensics ยท Python

FLARE FLOSS

๐Ÿงฌ Reverse Engineering ยท Python

GitHub Stats

6.0k
Stars
4.0k
696
Forks
526
273
Issues
119
today
Updated
4d ago
Apache-2.0
License
Apache-2.0
Python
Language
Python

About capa

Capa is an automated tool for identifying capabilities in executable files, detecting techniques such as persistence mechanisms, command and control (C2) communications, and anti-analysis methods. Built in Python, Capa uses a rule-based approach to analyze binary files and report on the functionalities they contain. This tool is essential for malware analysis, aiding security researchers in understanding the potential impact of a sample.

About FLARE FLOSS

FLARE FLOSS (FireEye Labs Obfuscated String Solver) automatically extracts obfuscated strings from malware binaries. While the standard 'strings' utility only finds plaintext, FLOSS uses advanced static analysis techniques to identify string decoding routines, emulates them, and recovers the decoded strings. It handles XOR encoding, stack strings (built character-by-character), tight strings (short encoded sequences), and custom decryption routines. FLOSS integrates with FLARE's analysis toolkit and produces output compatible with YARA rule generation. It dramatically reduces manual reverse engineering time for string-heavy malware analysis.

Platform Support

๐Ÿงlinux๐ŸŽmacos๐ŸชŸwindows
๐Ÿงlinux๐ŸŽmacos๐ŸชŸwindows

Tags

Shared

malware-analysis

capa only

capability-detectionreverse-engineeringtriage

FLARE FLOSS only

string-extractiondeobfuscationmandiantstatic-analysis
View capa DetailsView FLARE FLOSS Details