Skip to content

Releases: riccio8/ThreatLab

v0.3-binaries

Choose a tag to compare

@riccio8 riccio8 released this 01 Jan 20:50
451da9e

Quick Peek at Binary Stuff (PE & ELF, and Mach-O Coming Soon)

Yo, this is peutils and elfutils, two separate tools written in Go. They're built to make binary analysis smooth and easy, covering PE and ELF file types for now. Yeah, Mach-O is on the roadmap, so chill.

Everything here is JSON-friendly, so if you hate complex formats, you're gonna love this. The whole thing is open source, licensed, and copyrighted – no funny business.


How It Works

Just run the tool from the terminal. Example for peutils:

Usage: peutils.exe <file> <command> [sectionName]
Commands: 
  - lib
  - sym
  - sections
  - info
  - optionalHeaders
  - fileHeader
  - coffSymbols
  - machine
  - stringTable
  - time
  - dwarf
  - pointerSymTables
  - characteristics
  - ...

Example Outputs

Extract symbols from a file:

PS> .\peutils.exe .\peutils.exe sym
[
  "WriteFile:kernel32.dll",
  "WaitForSingleObject:kernel32.dll",
  "VirtualAlloc:kernel32.dll",
  "LoadLibraryW:kernel32.dll",
  ...
]

Show libraries:

PS> .\peutils.exe .\peutils.exe lib
null

Check sections:

PS> .\peutils.exe .\peutils.exe sections .text
{
  "Name": ".text",
  "VirtualSize": 870029,
  "VirtualAddress": 4096,
  ...
}

If you forget a section:

PS> .\peutils.exe .\peutils.exe sections
Please specify a section name for the 'sections' command.

ELF?

The elfutils tool works quite the same way, just for ELF binaries instead of PE. Same Vibes. Commands and output are consistent to keep your life easy.

After download:
privileges:

chmod +x elfutils

run:

./elfutils

Why Use This?

Simple commands, clear JSON output, and everything stays lightweight and fast. Great for quick checks or scripting tools. No bloat, no extra nonsense. And if you accidentally close the interface you will have a log file with the name of the file analyzed

Note: u can compile them on both os, u don't need any vm for running one in a linux or windows env, just compile it setting the GOOS variable

The release may not be the latest version, if u want to be sure it is, compile it

pe
elf

Last relase of the ui

Choose a tag to compare

@riccio8 riccio8 released this 05 Oct 08:42
f781efc
ProcHandleUILates

Update ProcHandleUI.go

PROCHANDLEUI

PROCHANDLEUI Pre-release
Pre-release

Choose a tag to compare

@riccio8 riccio8 released this 04 Oct 15:52
3157f45

The process tool written in go with the graphical interface