EN
ENNA

capa

Apache-2.0

🔬 Digital Forensics · Python

Capa is an automated tool for identifying capabilities in executable files, detecting techniques such as persistence mechanisms, command and control (C2) communications, and anti-analysis methods. Built in Python, Capa uses a rule-based approach to analyze binary files and report on the functionalities they contain. This tool is essential for malware analysis, aiding security researchers in understanding the potential impact of a sample.

5.9kstars
688forks
275issues
Updated 2d ago
View on GitHubOfficial Website

Tags

malware-analysiscapability-detectionreverse-engineeringtriagebinary-analysisgsoc-2026threat-intelligence

Details

Category
🔬 Digital Forensics
Language
Python
Repository
mandiant/capa
License
Apache-2.0
Platforms
🐧linux🍎macos🪟windows

Links

GitHub Repository

github.com/mandiant/capa

Official Website

mandiant.github.io/capa

Releases

github.com/mandiant/capa/releases

Issues

github.com/mandiant/capa/issues

Sponsored

Your ad here

Reach security professionals and developers — ads@en-na.com

More in Digital Forensics

Volatility 3

Python

Advanced memory forensics framework. Extracts artifacts from RAM dumps — processes, network connections, registry.

memoryram-dumpartifact-extraction

Autopsy

Java

Digital forensics platform with GUI. Disk image analysis, timeline analysis, keyword search, hash filtering.

disk-forensicsguitimeline

Ghidra

Java

NSA's reverse engineering framework. Disassembly, decompilation, graphing, and scripting for binary analysis.

reverse-engineeringdecompilerbinary-analysis

Binwalk

Python

Firmware analysis tool. Searches binary images for embedded files, executables, and file systems.

firmwarebinaryextraction

YARA

C

Pattern matching swiss knife for malware researchers. Create rules to identify and classify malware samples.

malwarepattern-matchingrules

Velociraptor

Go

Endpoint visibility and collection tool. Hunt for artifacts across thousands of endpoints simultaneously.

endpointhuntingdfir