bincapz
Features - Analyzes binaries from any architecture - arm64, amd64, riscv, ppc64, sparc64 - Supports scripting languages such as bash, PHP, Perl, Ruby, NodeJS, and Python - Integrates YARA forge for rules by Avast, Elastic, FireEye, Google, Nextron, and others. - 12,000+ rules that detect everything from ioctl's to malware - Tuned for especially excellent performance with Linux programs - Diff-friendly output in Markdown, JSON, YAML outputs - CI/CD friendlyShortcomings - Does not attempt to process archive files (jar, zip, apk) - Minimal rule support for Windows and Java (help wanted!) - Early in development; output is subject to change
Installation
dagger install github.com/denhamparry/daggerverse/bincapz@6b2dee51df33b67685806d7052b740c0f990898fEntrypoint
Return Type
BincapzExample
dagger -m github.com/denhamparry/daggerverse/bincapz@6b2dee51df33b67685806d7052b740c0f990898f call \
func (m *myModule) example() *Bincapz {
return dag.
Bincapz()
}@function
def example() -> dag.Bincapz:
return (
dag.bincapz()
)@func()
example(): Bincapz {
return dag
.bincapz()
}Types
Bincapz 🔗
inspectBinary() 🔗
To inspect a binary, pass it as an argument to dump a list of predicted capabilities
Return Type
String !Arguments
| Name | Type | Default Value | Description |
|---|---|---|---|
| binary | File ! | - | No description provided |
Example
dagger -m github.com/denhamparry/daggerverse/bincapz@6b2dee51df33b67685806d7052b740c0f990898f call \
inspect-binary --binary file:pathfunc (m *myModule) example(ctx context.Context, binary *File) string {
return dag.
Bincapz().
InspectBinary(ctx, binary)
}@function
async def example(binary: dagger.File) -> str:
return await (
dag.bincapz()
.inspect_binary(binary)
)@func()
async example(binary: File): Promise<string> {
return dag
.bincapz()
.inspectBinary(binary)
}diff() 🔗
Make sure an update doesn’t introduce unexpected capability changes
Return Type
String !Arguments
| Name | Type | Default Value | Description |
|---|---|---|---|
| oldBinary | File ! | - | No description provided |
| newBinary | File ! | - | No description provided |
Example
dagger -m github.com/denhamparry/daggerverse/bincapz@6b2dee51df33b67685806d7052b740c0f990898f call \
diff --old-binary file:path --new-binary file:pathfunc (m *myModule) example(ctx context.Context, oldBinary *File, newBinary *File) string {
return dag.
Bincapz().
Diff(ctx, oldBinary, newBinary)
}@function
async def example(old_binary: dagger.File, new_binary: dagger.File) -> str:
return await (
dag.bincapz()
.diff(old_binary, new_binary)
)@func()
async example(oldBinary: File, newBinary: File): Promise<string> {
return dag
.bincapz()
.diff(oldBinary, newBinary)
}