Python binary analysis tool for reverse engineering - detect formats, parse structures, inspect values
Project description
Binary Inspect
A Python binary analysis tool for reverse engineering - detect formats, parse structures, inspect values.
Install
pip install binary-inspect
Or from source:
git clone https://github.com/daedalus/binary-inspect.git
cd binary-inspect
pip install -e ".[test]"
Usage
# Analyze a binary file (auto-detect format, inspect data, calculate entropy)
binary-inspect analyze file.bin
# Detect file format using magic bytes
binary-inspect detect file.bin
# Inspect data at specific offset
binary-inspect inspect file.bin 0x100
# Calculate entropy
binary-inspect entropy file.bin
# Find strings
binary-inspect strings file.bin
# Search for hex pattern
binary-inspect search file.bin -p "4D 5A"
# Display hex dump
binary-inspect hexview file.bin
# Parse with pattern
binary-inspect parse file.bin --pattern my_format.pybip --format json -o output.json
Features
- Magic Detection: Identify file format via header signatures (PE, ELF, PNG, ZIP, etc.)
- Data Inspector: Decode integers, floats, strings, GUIDs, timestamps at cursor
- Pattern Language: Define custom binary structures with DSL
- Entropy Analysis: Detect packed/encrypted sections
- Search: Find strings, integers, hex patterns
- Export: JSON, CSV, YAML output
API
from binary_inspect import (
MagicDetector,
DataInspector,
EntropyAnalyzer,
BinaryReader,
)
# Detect format
detector = MagicDetector()
match = detector.detect_one(data)
print(f"Format: {match.format_name}")
# Inspect at offset
inspector = DataInspector()
results = inspector.inspect(data, 0x100)
for r in results:
print(f"{r['type']}: {r['value']}")
# Calculate entropy
analyzer = EntropyAnalyzer()
entropy = analyzer.shannon_entropy(data)
print(f"Entropy: {entropy:.2f}")
Development
# Install dev dependencies
pip install -e ".[test]"
# Run tests
pytest
# Format
ruff format src/ tests/
# Lint
ruff check src/ tests/
License
MIT
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
binary_inspect-0.1.0.tar.gz
(15.3 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file binary_inspect-0.1.0.tar.gz.
File metadata
- Download URL: binary_inspect-0.1.0.tar.gz
- Upload date:
- Size: 15.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
73869010b8d320d1888fb2687fb5d6c8c7df143f1f5ec81c37c22c62e7c38e78
|
|
| MD5 |
7b166007c6b89ca356cc2a993a0d4bf9
|
|
| BLAKE2b-256 |
537a29504a8b9973f3d0649484d45662dc36bffc2ddec29bd556cedb0906380d
|
Provenance
The following attestation bundles were made for binary_inspect-0.1.0.tar.gz:
Publisher:
pypi-publish.yml on daedalus/binary-inspect
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
binary_inspect-0.1.0.tar.gz -
Subject digest:
73869010b8d320d1888fb2687fb5d6c8c7df143f1f5ec81c37c22c62e7c38e78 - Sigstore transparency entry: 1263051972
- Sigstore integration time:
-
Permalink:
daedalus/binary-inspect@42b5d2c3081f21d74e871f173092ee97ca426285 -
Branch / Tag:
refs/tags/v0.1.0 - Owner: https://github.com/daedalus
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
pypi-publish.yml@42b5d2c3081f21d74e871f173092ee97ca426285 -
Trigger Event:
release
-
Statement type:
File details
Details for the file binary_inspect-0.1.0-py3-none-any.whl.
File metadata
- Download URL: binary_inspect-0.1.0-py3-none-any.whl
- Upload date:
- Size: 19.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
a964dfcfc08a72a7812bf2111bcfb40747dcc54b2159b3dca156a8e82f954962
|
|
| MD5 |
5b38beb0c93a600595c9431488fd83b2
|
|
| BLAKE2b-256 |
509410ac900e404d68acbc84c05825cf8de526684a0e0b0e5d3b4c75613ff1bf
|
Provenance
The following attestation bundles were made for binary_inspect-0.1.0-py3-none-any.whl:
Publisher:
pypi-publish.yml on daedalus/binary-inspect
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
binary_inspect-0.1.0-py3-none-any.whl -
Subject digest:
a964dfcfc08a72a7812bf2111bcfb40747dcc54b2159b3dca156a8e82f954962 - Sigstore transparency entry: 1263052037
- Sigstore integration time:
-
Permalink:
daedalus/binary-inspect@42b5d2c3081f21d74e871f173092ee97ca426285 -
Branch / Tag:
refs/tags/v0.1.0 - Owner: https://github.com/daedalus
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
pypi-publish.yml@42b5d2c3081f21d74e871f173092ee97ca426285 -
Trigger Event:
release
-
Statement type:
