CAPEv2 vs Velociraptor
GitHub Stats
About CAPEv2
CAPEv2 (Config And Payload Extraction) is an open-source malware analysis sandbox forked from Cuckoo. It automates the process of detonating malware samples in instrumented virtual machines and extracting behavioral data. CAPEv2 captures API calls, network traffic, dropped files, registry changes, and process trees. Its signature feature is automated payload and configuration extraction from 200+ malware families (Emotet, TrickBot, QakBot, Cobalt Strike, etc.), recovering C2 URLs, encryption keys, and injected payloads. It supports Windows, Linux, and Android analysis VMs with YARA scanning, Suricata network detection, and detailed HTML/JSON reporting.
About Velociraptor
Velociraptor is an endpoint visibility and collection tool designed for digital forensic investigations and incident response (DFIR). It allows security teams to hunt for artifacts across thousands of endpoints simultaneously, providing deep insights into system activities. Written in Go, Velociraptor is notable for its scalability and speed, enabling rapid response and comprehensive analysis in enterprise environments.
Platform Support
Tags
CAPEv2 only
Velociraptor only