Windows-first static installer analysis for endpoint / CPE teams
Project description
installer-intel 🧠⚙️
installer-intel is a Windows-first CLI tool that statically analyzes EXE and MSI installers and produces a machine-readable install plan for endpoint management and packaging workflows.
Think: package intelligence for Intune, SCCM, Jamf, RMM, and Client Platform Engineering teams.
✨ Why installer-intel exists
Packaging software on Windows is still more art than science:
- Silent install flags are undocumented or inconsistent\
- Installer technologies vary wildly (Inno, NSIS, InstallShield, Burn, etc.)
- Detection rules are often copied, guessed, or discovered via trial-and-error
- Testing installers directly is slow and risky on production machines
installer-intel focuses on the analysis phase first:
Understand what an installer is likely to do --- before you ever run it.
🧩 What it does (v0.1)
Given an .msi or .exe, installer-intel outputs a structured
install plan containing:
Installer Intelligence
- Installer type detection (MSI, Inno Setup, NSIS, InstallShield, Burn, Squirrel, etc.)
- Confidence-scored classification with supporting evidence
Command Inference
- Probable silent install command(s), ranked by confidence
- Probable uninstall command(s)
- Evidence explaining why each command was suggested
Detection Guidance
- MSI product code--based detection (when available)
- Follow-up guidance for improving detection accuracy
- Designed to integrate cleanly into Intune / SCCM detection logic
Automation-Friendly Output
- JSON output suitable for pipelines and tooling
- Human-readable CLI summary for engineers
⚠️ Safety-first by design
This version performs static analysis only.
No installers are executed.
📦 Example
installer-intel analyze .\setup.exe --out installplan.json
CLI summary:
Type: Inno Setup (confidence 0.92)
Install candidates:
setup.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /SP- (0.88)
setup.exe /SILENT /SUPPRESSMSGBOXES /NORESTART /SP- (0.62)
Uninstall candidates:
unins000.exe /VERYSILENT (0.55)
Generated installplan.json (excerpt):
{
"installer_type": "Inno Setup",
"confidence": 0.92,
"install_candidates": [
{
"command": "setup.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /SP-",
"confidence": 0.88
}
]
}
🚀 Installation (development)
This project uses uv for fast, reproducible Python environments.
pip install uv
uv venv
uv sync
uv run installer-intel --help
🖥️ Supported Inputs
File Type Status Notes
MSI ✅ Metadata parsed via Windows Installer APIs EXE ✅ Heuristic detection via string & signature analysis MSIX/AppX 🔍 Detection hints only (wrapper detection)
🧠 How detection works
installer-intel combines:
- Static string extraction (ASCII + UTF-16LE)
- Known installer signature patterns
- Heuristic confidence scoring
- Evidence tracking (matched strings, metadata clues)
This keeps analysis fast, safe, and explainable.
⚠️ Current limitations
- Windows-first (intentional --- this targets Windows endpoints)
- EXE analysis is heuristic-based (not guaranteed)
- No execution or sandbox tracing in v0.1
- Detection rules improve significantly with runtime tracing (planned)
🛣️ Roadmap
Planned enhancements:
- MSI parsing via Windows Installer COM (ProductCode, UpgradeCode, Version) ✅
- install4j / Java-based installer detection
- Partial-read scanning for very large EXEs
- ProcMon-backed trace mode (
installer-intel analyze setup.exe --trace procmon) to capture & summarize filesystem, registry, service, and persistence changes into an auditable report -
--format yaml -
--summary-only - Optional
trace-installmode (opt-in, sandboxed)
👤 Who this is for
- Client Platform Engineers
- Endpoint / EUC Engineers
- Intune / SCCM / Jamf admins
- Security teams validating installer behavior
- Anyone tired of guessing silent install flags
📄 License
MIT License
🔍 Philosophy
installer-intel is intentionally conservative.
It prefers: - explainability over magic - confidence scoring over certainty - safety over speed
If it can't be confident, it tells you why.
That's how real platform tooling should behave.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file installer_intel-0.1.0.tar.gz.
File metadata
- Download URL: installer_intel-0.1.0.tar.gz
- Upload date:
- Size: 24.0 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.9.18 {"installer":{"name":"uv","version":"0.9.18","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":null,"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
644437eef10e24a17014b93d762b8df1ec1d00cf65388ea20d65604c3afae684
|
|
| MD5 |
4ec71e287cd4c6431e9540aca5886b6f
|
|
| BLAKE2b-256 |
09ad7cd94dc3d1796e4fae00d6d25cc01ce825bfac8651465ebb837fd41b3765
|
File details
Details for the file installer_intel-0.1.0-py3-none-any.whl.
File metadata
- Download URL: installer_intel-0.1.0-py3-none-any.whl
- Upload date:
- Size: 11.6 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.9.18 {"installer":{"name":"uv","version":"0.9.18","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":null,"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
74ec25c0c90029647f71a43bf2ac1a15108416344e06119b3b3135490fccda94
|
|
| MD5 |
d424cccd22b234f16fa52cefe1812b5f
|
|
| BLAKE2b-256 |
9c733c6fca58659057d65807f9eee7866ff3e42b3164836630f82bba9045e5ad
|
