Skip to main content

Static security analyzer for Windows executables (.exe, .dll, .sys, .msi) with 30+ vulnerability checks, AI-assisted learning, and decompiler integration.

Project description

Binary Shield

Static security analyzer for Windows executables (.exe, .dll, .sys, .msi).

Binary Shield performs deep static analysis to detect 30+ vulnerability classes, learns from previous scans via a local database, and generates JSON, CSV, HTML, and PDF reports.

Installation

pip install binaryshield

Or, from a local checkout of this repo:

pip install .

Optional extras add support for extra features:

pip install "binaryshield[pdf]"      # PDF (VAPT-style) reports
pip install "binaryshield[dotnet]"   # Deeper .NET assembly analysis via dnfile
pip install "binaryshield[memory]"   # Running-process memory analysis
pip install "binaryshield[windows]"  # Detailed Windows ACL / permission auditing
pip install "binaryshield[all]"      # Everything above

Usage

# Basic scan
binaryshield target.exe

# Scan an MSI installer (installer-level checks work on any OS;
# extraction and scanning of embedded PE files requires Windows/msiexec)
binaryshield installer.msi

# Full report set
binaryshield target.dll \
    --json report.json \
    --html manifest.html \
    --csv findings.csv \
    --enhanced-report enhanced.html \
    --pdf report.pdf

# Verbose output, explicit decompiler choice
binaryshield target.exe --verbose --decompiler ghidra

# Reset the local learning database
binaryshield --reset-db

# See where Binary Shield stores its local data
binaryshield --data-dir

Run binaryshield --help for the full list of options.

What it checks

30 built-in test cases (TC001-TC030) covering:

  • Memory corruption — unsafe strcpy/sprintf/gets, heap overflows, integer overflow
  • Missing mitigations — ASLR, DEP, stack cookies, SafeSEH, RWX sections
  • Injectionsystem()/WinExec() command injection, path traversal
  • DLL security — sideloading, known-hijackable DLLs, delay-load hijacking
  • Secrets — hardcoded passwords, API keys, connection strings, IPs
  • Cryptography — weak hashes (MD5/SHA1), weak ciphers (DES/RC4)
  • Info disclosure & integrity — debug strings, insecure rand(), unsigned binaries
  • Access control — insecure registry access, insecure IPC

Plus a suite of enhancement modules: CVE/Exploit-DB lookup, supply-chain and SBOM analysis, VirusTotal hash lookup, compliance mapping (PCI-DSS, ISO 27001, NIST 800-53), false-positive learning, ML-based risk prediction, fuzzing, anti-analysis and network-indicator detection, permission auditing, and Ghidra/.NET decompiler integration.

Local data

Binary Shield stores its learning database and cached ML model under ~/.binaryshield/ by default. Override this with the BINARYSHIELD_HOME environment variable or --db-path.

Using it as a library

from binaryshield import FinalUltimateAnalyzer, LearningDatabase

db = LearningDatabase()
analyzer = FinalUltimateAnalyzer("target.exe", db)
results = analyzer.run_complete_analysis()
print(results["total_vulnerabilities"], "findings")

Notes

  • Ghidra-based decompilation requires a separate Ghidra installation available on your system; Binary Shield calls it in headless mode if found.
  • VirusTotal and NVD/CVE/Exploit-DB lookups require network access and, for higher rate limits, your own API keys (VT_API_KEY environment variable for VirusTotal).
  • MSI extraction of embedded PE files uses msiexec and only runs on Windows; installer-level checks (dangerous custom actions, hardcoded credentials, repair-hijack patterns, etc.) run on any platform.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

binaryshield-1.0.1.tar.gz (100.7 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

binaryshield-1.0.1-py3-none-any.whl (111.6 kB view details)

Uploaded Python 3

File details

Details for the file binaryshield-1.0.1.tar.gz.

File metadata

  • Download URL: binaryshield-1.0.1.tar.gz
  • Upload date:
  • Size: 100.7 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.13.12

File hashes

Hashes for binaryshield-1.0.1.tar.gz
Algorithm Hash digest
SHA256 d9aab10c2f7fb45462bcfd5a3e3150286276cd8e020ae591be147b036a0a738a
MD5 b7f19f5190d9eae1392738da926da4fa
BLAKE2b-256 e706df5ca275e408084e0f0a9d0092c17df9b83f9296b6db24ca3034c79d93e4

See more details on using hashes here.

File details

Details for the file binaryshield-1.0.1-py3-none-any.whl.

File metadata

  • Download URL: binaryshield-1.0.1-py3-none-any.whl
  • Upload date:
  • Size: 111.6 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.13.12

File hashes

Hashes for binaryshield-1.0.1-py3-none-any.whl
Algorithm Hash digest
SHA256 e88d67ff239eb5519f8e8d6e32b9ad6c53ca9e687cd83947db2318d9cce216a5
MD5 5c05107a803094f8bb2840065d72da38
BLAKE2b-256 0e511a012d4fbcbf98912e9ca3646c08165c42591ff2e70fd4d34d82a85520e4

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page