Static File Analyzer (SFA)

A Yara ruleset for detecting PHP shells and other webserver malware.

Static File Analyzer (SFA) Overview

The Static File Analyzer (SFA) is a Python-based tool that serves as a connector between ClamAV and YARA rules. It enables in-depth analysis of potentially harmful files.

It can score suspect files and analyze embedded content

It can score suspect files, create visual tree graphs for a quick display of embedded files, calculate indicators of compromise, and extract specific patterns such as URLs, hosts, and IP addresses. SFA utilizes ClamAV to extract embedded files and generate JSON trees, which are then sent to YARA for rule verification.

User-Friendly and Accessible Features

It is user-friendly, available as a Docker image, and includes a web interface that is integrated within an API.

Other AI Tools

Proxmark 3

Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang for efficient and secure communication.

Details

Preparing for Red Team at PRCCDC 2015

Emulates Docker HTTP API with event logging and AWS deployment script.

Details

Practical Guide to NTLM Relaying in 2017

FOCA is a tool used to find metadata and hidden information in scanned documents, with capabilities to analyze various file types and extract EXIF information.

Details

Project Zero iPhone Messaging Tools

MiniCPS is a framework for Cyber-Physical Systems real-time simulation with support for physical process and control devices simulation, and network emulation.

Details

Projectdiscovery.io | Chaos

FOCA is a tool used to find metadata and hidden information in scanned documents, with capabilities to analyze various file types and extract EXIF information.

Details