Giters

lockness-Ko / gapa

Blazingly fast capa rewrite

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

gapa

A faster rewrite of capa in golang.

  • Proof-of-concept (PoC)
    • Blazingly fast
  • x86/x86-64 support
  • PE support
  • ELF support
  • Compiled in rules
  • A bunch of the standard rule features in capa (namespace, class, characteristic, etc.)
    • characteristic
    • namespace
    • class
    • api
      • not properly implemented
    • property
    • number
    • string and substring
    • bytes
    • offset
    • mnemonic
    • operand
    • string and substring
    • export
    • import
    • section
    • function-name
    • namespace
    • class
    • os
    • arch
    • format

Running

For builtin rules

./gapa -file ./file.ext

or, for custom rules

./gapa -file ./file.ext -rule-folder /path/to/rules

Installation

You need capstone and go.

Run

go build

to build the project

Motivation

Capa is incredibly slow and it annoyed me. The goal of this project is to use the same rules and acheive a result faster.

References

capa-rules format gapstone

About

Blazingly fast capa rewrite

Languages

Language:Go 79.3%Language:Python 20.3%Language:Ruby 0.4%Language:Shell 0.0%