Static security analyzer for Windows executables (.exe, .dll, .sys, .msi) with 30+ vulnerability checks, AI-assisted learning, and decompiler integration.
Project description
Binary Shield
Static security analyzer for Windows executables (.exe, .dll, .sys, .msi).
Binary Shield performs deep static analysis to detect 30+ vulnerability classes, learns from previous scans via a local database, and generates JSON, CSV, HTML, and PDF reports.
Installation
pip install binaryshield
Or, from a local checkout of this repo:
pip install .
Optional extras add support for extra features:
pip install "binaryshield[pdf]" # PDF (VAPT-style) reports
pip install "binaryshield[dotnet]" # Deeper .NET assembly analysis via dnfile
pip install "binaryshield[memory]" # Running-process memory analysis
pip install "binaryshield[windows]" # Detailed Windows ACL / permission auditing
pip install "binaryshield[all]" # Everything above
Usage
# Basic scan
binaryshield target.exe
# Scan an MSI installer (installer-level checks work on any OS;
# extraction and scanning of embedded PE files requires Windows/msiexec)
binaryshield installer.msi
# Full report set
binaryshield target.dll \
--json report.json \
--html manifest.html \
--csv findings.csv \
--enhanced-report enhanced.html \
--pdf report.pdf
# Verbose output, explicit decompiler choice
binaryshield target.exe --verbose --decompiler ghidra
# Reset the local learning database
binaryshield --reset-db
# See where Binary Shield stores its local data
binaryshield --data-dir
Run binaryshield --help for the full list of options.
What it checks
30 built-in test cases (TC001-TC030) covering:
- Memory corruption — unsafe
strcpy/sprintf/gets, heap overflows, integer overflow - Missing mitigations — ASLR, DEP, stack cookies, SafeSEH, RWX sections
- Injection —
system()/WinExec()command injection, path traversal - DLL security — sideloading, known-hijackable DLLs, delay-load hijacking
- Secrets — hardcoded passwords, API keys, connection strings, IPs
- Cryptography — weak hashes (MD5/SHA1), weak ciphers (DES/RC4)
- Info disclosure & integrity — debug strings, insecure
rand(), unsigned binaries - Access control — insecure registry access, insecure IPC
Plus a suite of enhancement modules: CVE/Exploit-DB lookup, supply-chain and SBOM analysis, VirusTotal hash lookup, compliance mapping (PCI-DSS, ISO 27001, NIST 800-53), false-positive learning, ML-based risk prediction, fuzzing, anti-analysis and network-indicator detection, permission auditing, and Ghidra/.NET decompiler integration.
Local data
Binary Shield stores its learning database and cached ML model under
~/.binaryshield/ by default. Override this with the BINARYSHIELD_HOME
environment variable or --db-path.
Using it as a library
from binaryshield import FinalUltimateAnalyzer, LearningDatabase
db = LearningDatabase()
analyzer = FinalUltimateAnalyzer("target.exe", db)
results = analyzer.run_complete_analysis()
print(results["total_vulnerabilities"], "findings")
Notes
- Ghidra-based decompilation requires a separate Ghidra installation available on your system; Binary Shield calls it in headless mode if found.
- VirusTotal and NVD/CVE/Exploit-DB lookups require network access and,
for higher rate limits, your own API keys (
VT_API_KEYenvironment variable for VirusTotal). - MSI extraction of embedded PE files uses
msiexecand only runs on Windows; installer-level checks (dangerous custom actions, hardcoded credentials, repair-hijack patterns, etc.) run on any platform.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file binaryshield-1.0.0.tar.gz.
File metadata
- Download URL: binaryshield-1.0.0.tar.gz
- Upload date:
- Size: 100.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
73c89a57d7457249ce1f7a435208b930c8a9784f06e4ca9714d052fabea79b97
|
|
| MD5 |
75698d149051c7eef85313b4c5027ace
|
|
| BLAKE2b-256 |
eaa16937f9b35d4c50dc96b1d223f007dcd19f935e6e7a65e913aed9936f7eee
|
File details
Details for the file binaryshield-1.0.0-py3-none-any.whl.
File metadata
- Download URL: binaryshield-1.0.0-py3-none-any.whl
- Upload date:
- Size: 111.3 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
d64e63b353e5cd3affe44782ca77c595f8897fd831f9facc9215ba09180ca5f2
|
|
| MD5 |
ee14aab44669226b9dc8ead8e8a7c958
|
|
| BLAKE2b-256 |
b8c62b513e70013385c19b55d8108aea72f1545cc9350e152c86f2c66013e913
|