Advanced Binary Analysis Tool
Project description
NusantaraScan
"An open-source binary analysis tool for modern security workflows."
๐ About The Project
NusantaraScan is an open-source binary analysis tool designed for modern malware analysis and reverse engineering workflows.
It supports:
- Malware analysis
- RAT (Remote Access Trojan) detection
- Binary reverse engineering
- Packer detection
- Entropy visualization
- Multi-platform executable analysis
Designed to be:
- Powerful for professional analysts
- Simple enough for beginners
โจ Features (v0.2.2)
- Static Analysis (PE, ELF, Mach-O)
- RAT Detection (DarkComet, NanoCore, NjRAT, Gh0st, etc.)
- String Extraction (URLs, IPs, API calls)
- Entropy Analysis
- Section Analysis
- YARA Integration
- Disassembly (x86/x64/ARM/ARM64)
- Multi-format Export (JSON, HTML)
- Packer Detection (UPX, ASPack, MPRESS)
- Entropy Visualization
- Multi-file Scanning
- VirusTotal Integration
โ๏ธ Installation
Clone Repository
git clone https://github.com/Lutfifakee-Project/NusantaraScan.git
cd NusantaraScan
pip install -r requirements.txt
python main.py --help
Install from PyPI
pip install nusantarascan
๐ก๏ธ RAT Detection Examples
python main.py suspicious_file.exe --yara nusantarascan/signatures/yara_rules/rat_rules
python main.py suspicious_file.exe --deep \
--yara nusantarascan/signatures/yara_rules/rat_rules
๐ Usage Examples
# Basic analysis
python main.py notepad.exe
# Detect packers
python main.py malware.exe --packer
# Entropy graph visualization
python main.py malware.exe --graph
# Full disassembly
python main.py malware.exe --full-disasm
# Scan all files recursively
python main.py ./malware_samples/ --recursive
# Check file on VirusTotal (requires API key)
python main.py malware.exe --vt --vt-api-key YOUR_API_KEY
# Combine multiple features
python main.py malware.exe --deep --packer --graph --vt
# Export report to HTML/JSON
python main.py file.exe --output report.html --format html
๐ Example Output
_ _ _ ____
| \ | |_ _ ___ __ _ _ __ | |_ __ _ _ __ __ _/ ___| ___ __ _ _ __
| \| | | | / __|/ _` | '_ \| __/ _` | '__/ _` \___ \ / __/ _` | '_ \
| |\ | |_| \__ \ (_| | | | | || (_| | | | (_| |___) | (_| (_| | | | |
|_| \_|\__,_|___/\__,_|_| |_|\__\__,_|_| \__,_|____/ \___\__,_|_| |_| 0.2.0
https://github.com/Lutfifakee-Project/
[+] Target : malware_simulator.exe
[+] Size : 8,456,064 bytes (8.06 MB)
[+] MD5 : 1a2b3c4d5e6f7g8h9i0j
[+] Entropy : 6.8521
[*] Section Analysis:
โโโโโโโโโโณโโโโโโโโโโโโโโโโโโณโโโโโโโโโโโโโโโณโโโโโโโโโโโณโโโโโโโโโโ
โ Name โ Virtual Address โ Virtual Size โ Raw Size โ Entropy โ
โกโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฉ
โ .text โ 0x1000 โ 0x2448f โ 0x24600 โ 6.2747 โ
โ .rdata โ 0x26000 โ 0x9288 โ 0x9400 โ 5.9296 โ
โโโโโโโโโโดโโโโโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโดโโโโโโโโโโโดโโโโโโโโโโ
[+] Imported Functions:
KERNEL32.dll
โโ CreateRemoteThread
โโ VirtualAllocEx
โโ WriteProcessMemory
โโ RegSetValueExW
[+] String Analysis:
[!] Suspicious strings detected:
โข DarkComet
โข CreateRemoteThread
โข VirtualAllocEx
[!] YARA Scan:
[!] 2 YARA rule(s) matched:
โข DarkComet_RAT
โข Suspicious_RAT_APIs
[+] Scan completed!
๐ฆ Requirements
- Python 3.8 or newer
Install Dependencies
pip install -r requirements.txt
Main Dependencies
pefileโ Windows PE analysispyelftoolsโ Linux ELF analysiscapstoneโ Disassembly engineyara-pythonโ YARA integrationrichโ CLI formattingrequestsโ VirusTotal API integration
๐ Project Structure
NusantaraScan/
โโโ main.py # Main entry point
โโโ requirements.txt # Python dependencies
โโโ setup.py # Package installer
โโโ README.md # Documentation
โโโ nusantarascan/
โโโ cli.py # CLI handler
โโโ analyzers/ # Binary analyzers (PE, ELF, Mach-O)
โโโ visualizers/ # Entropy graph visualization
โโโ integrations/ # VirusTotal integration
โโโ scanners/ # Multi-file scanner
โโโ utils/ # Utilities (hashing, entropy, etc.)
โโโ signatures/ # YARA scanner & rules
โ โโโ yara_rules/
โ โโโ rat_rules/ # RAT detection rules
โโโ formatters/ # JSON/HTML exporters
๐งฉ Using Community YARA Rules
To significantly improve detection capabilities, you can integrate community-maintained YARA rules from the Yara-Rules/rules repository.
This repository contains thousands of signatures for:
- Malware detection
- Packer detection
- Exploit kits
- Malicious documents
- Anti-debugging techniques
- Threat actor indicators
๐ฅ Integrating Community Rules
Clone the Repository
git clone https://github.com/Yara-Rules/rules.git \
nusantarascan/signatures/yara_rules/community
Directory Structure
nusantarascan/signatures/yara_rules/
โโโ rat_rules/ # Custom RAT rules
โโโ community/ # Community YARA rules
โโโ malware/
โโโ packers/
โโโ maldocs/
โโโ ...
๐ Using Community Rules
Scan with All Community Rules
python main.py suspicious_file.exe \
--yara nusantarascan/signatures/yara_rules/community
Scan with Malware Category Only
python main.py suspicious_file.exe \
--yara nusantarascan/signatures/yara_rules/community/malware
Combine Custom RAT Rules + Community Rules
python main.py suspicious_file.exe \
--yara nusantarascan/signatures/yara_rules/
โ ๏ธ Disclaimer
This project is intended for:
- Security research
- Malware analysis
- Educational purposes
- Authorized penetration testing
The developer is not responsible for:
- Illegal activities
- Unauthorized system access
- Misuse of this software
- Damage caused by improper usage
Use this tool responsibly and only in environments where you have explicit permission.
๐ License
This project is licensed under the GNU General Public License v3.0 (GPLv3).
See the LICENSE file for more information.
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file nusantarascan-0.2.2.tar.gz.
File metadata
- Download URL: nusantarascan-0.2.2.tar.gz
- Upload date:
- Size: 33.1 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.9.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
e7b5d2bc8d99669864931b846ed8eb9ef126b6e7faab7e700623df71b900998a
|
|
| MD5 |
1ed5501eb1716e4c78f81f94b67ac232
|
|
| BLAKE2b-256 |
8dae0a0e14fbbbac9833b55973d082ec0c42fb11b395a31ef6ea6fdf3e3de5fb
|
File details
Details for the file nusantarascan-0.2.2-py3-none-any.whl.
File metadata
- Download URL: nusantarascan-0.2.2-py3-none-any.whl
- Upload date:
- Size: 36.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.9.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
c47e650d57e64792a19148cf0389541c0c7241bdae05fdbc415ef125366b2e39
|
|
| MD5 |
5561404327d779ac7db2aec6688bc379
|
|
| BLAKE2b-256 |
c74dae1bad322015d1bfec4818445ce73deda5c6eececc4607df9e540883d596
|