Skip to main content

Static security analyzer for Windows executables (.exe, .dll, .sys, .msi) with 30+ vulnerability checks, AI-assisted learning, and decompiler integration.

Project description

Binary Shield

Static security analyzer for Windows executables (.exe, .dll, .sys, .msi).

Binary Shield performs deep static analysis to detect 30+ vulnerability classes, learns from previous scans via a local database, and generates JSON, CSV, HTML, and PDF reports.

Installation

pip install binaryshield

Or, from a local checkout of this repo:

pip install .

Optional extras add support for extra features:

pip install "binaryshield[pdf]"      # PDF (VAPT-style) reports
pip install "binaryshield[dotnet]"   # Deeper .NET assembly analysis via dnfile
pip install "binaryshield[memory]"   # Running-process memory analysis
pip install "binaryshield[windows]"  # Detailed Windows ACL / permission auditing
pip install "binaryshield[all]"      # Everything above

Usage

# Basic scan
binaryshield target.exe

# Scan an MSI installer (installer-level checks work on any OS;
# extraction and scanning of embedded PE files requires Windows/msiexec)
binaryshield installer.msi

# Full report set
binaryshield target.dll \
    --json report.json \
    --html manifest.html \
    --csv findings.csv \
    --enhanced-report enhanced.html \
    --pdf report.pdf

# Verbose output, explicit decompiler choice
binaryshield target.exe --verbose --decompiler ghidra

# Reset the local learning database
binaryshield --reset-db

# See where Binary Shield stores its local data
binaryshield --data-dir

Run binaryshield --help for the full list of options.

What it checks

30 built-in test cases (TC001-TC030) covering:

  • Memory corruption — unsafe strcpy/sprintf/gets, heap overflows, integer overflow
  • Missing mitigations — ASLR, DEP, stack cookies, SafeSEH, RWX sections
  • Injectionsystem()/WinExec() command injection, path traversal
  • DLL security — sideloading, known-hijackable DLLs, delay-load hijacking
  • Secrets — hardcoded passwords, API keys, connection strings, IPs
  • Cryptography — weak hashes (MD5/SHA1), weak ciphers (DES/RC4)
  • Info disclosure & integrity — debug strings, insecure rand(), unsigned binaries
  • Access control — insecure registry access, insecure IPC

Plus a suite of enhancement modules: CVE/Exploit-DB lookup, supply-chain and SBOM analysis, VirusTotal hash lookup, compliance mapping (PCI-DSS, ISO 27001, NIST 800-53), false-positive learning, ML-based risk prediction, fuzzing, anti-analysis and network-indicator detection, permission auditing, and Ghidra/.NET decompiler integration.

Local data

Binary Shield stores its learning database and cached ML model under ~/.binaryshield/ by default. Override this with the BINARYSHIELD_HOME environment variable or --db-path.

Using it as a library

from binaryshield import FinalUltimateAnalyzer, LearningDatabase

db = LearningDatabase()
analyzer = FinalUltimateAnalyzer("target.exe", db)
results = analyzer.run_complete_analysis()
print(results["total_vulnerabilities"], "findings")

Notes

  • Ghidra-based decompilation requires a separate Ghidra installation available on your system; Binary Shield calls it in headless mode if found.
  • VirusTotal and NVD/CVE/Exploit-DB lookups require network access and, for higher rate limits, your own API keys (VT_API_KEY environment variable for VirusTotal).
  • MSI extraction of embedded PE files uses msiexec and only runs on Windows; installer-level checks (dangerous custom actions, hardcoded credentials, repair-hijack patterns, etc.) run on any platform.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

binaryshield-1.0.0.tar.gz (100.4 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

binaryshield-1.0.0-py3-none-any.whl (111.3 kB view details)

Uploaded Python 3

File details

Details for the file binaryshield-1.0.0.tar.gz.

File metadata

  • Download URL: binaryshield-1.0.0.tar.gz
  • Upload date:
  • Size: 100.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.13.12

File hashes

Hashes for binaryshield-1.0.0.tar.gz
Algorithm Hash digest
SHA256 73c89a57d7457249ce1f7a435208b930c8a9784f06e4ca9714d052fabea79b97
MD5 75698d149051c7eef85313b4c5027ace
BLAKE2b-256 eaa16937f9b35d4c50dc96b1d223f007dcd19f935e6e7a65e913aed9936f7eee

See more details on using hashes here.

File details

Details for the file binaryshield-1.0.0-py3-none-any.whl.

File metadata

  • Download URL: binaryshield-1.0.0-py3-none-any.whl
  • Upload date:
  • Size: 111.3 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.13.12

File hashes

Hashes for binaryshield-1.0.0-py3-none-any.whl
Algorithm Hash digest
SHA256 d64e63b353e5cd3affe44782ca77c595f8897fd831f9facc9215ba09180ca5f2
MD5 ee14aab44669226b9dc8ead8e8a7c958
BLAKE2b-256 b8c62b513e70013385c19b55d8108aea72f1545cc9350e152c86f2c66013e913

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page