Metadata-Version: 2.4
Name: binaryshield
Version: 1.0.1
Summary: Static security analyzer for Windows executables (.exe, .dll, .sys, .msi) with 30+ vulnerability checks, AI-assisted learning, and decompiler integration.
Author: Your Name
License: MIT
Project-URL: Homepage, https://github.com/yourusername/binaryshield
Project-URL: Repository, https://github.com/yourusername/binaryshield
Keywords: security,static-analysis,pe,windows,vulnerability-scanner,malware-analysis,reverse-engineering,vapt
Classifier: Development Status :: 4 - Beta
Classifier: Environment :: Console
Classifier: Intended Audience :: Information Technology
Classifier: License :: OSI Approved :: MIT License
Classifier: Operating System :: OS Independent
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.9
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Topic :: Security
Requires-Python: >=3.9
Description-Content-Type: text/markdown
License-File: LICENSE
Requires-Dist: pefile>=2023.2.7
Requires-Dist: capstone>=5.0.0
Requires-Dist: requests>=2.31.0
Requires-Dist: rich>=13.0.0
Requires-Dist: scikit-learn>=1.3.0
Requires-Dist: numpy>=1.24.0
Provides-Extra: pdf
Requires-Dist: reportlab>=4.0.0; extra == "pdf"
Provides-Extra: dotnet
Requires-Dist: dnfile>=0.15.0; extra == "dotnet"
Provides-Extra: memory
Requires-Dist: psutil>=5.9.0; extra == "memory"
Provides-Extra: windows
Requires-Dist: pywin32>=306; sys_platform == "win32" and extra == "windows"
Requires-Dist: pywin32-ctypes>=0.2.2; sys_platform != "win32" and extra == "windows"
Provides-Extra: all
Requires-Dist: reportlab>=4.0.0; extra == "all"
Requires-Dist: dnfile>=0.15.0; extra == "all"
Requires-Dist: psutil>=5.9.0; extra == "all"
Requires-Dist: pywin32>=306; sys_platform == "win32" and extra == "all"
Requires-Dist: pywin32-ctypes>=0.2.2; sys_platform != "win32" and extra == "all"
Dynamic: license-file

# Binary Shield

Static security analyzer for Windows executables (`.exe`, `.dll`, `.sys`, `.msi`).

Binary Shield performs deep static analysis to detect 30+ vulnerability
classes, learns from previous scans via a local database, and generates
JSON, CSV, HTML, and PDF reports.

## Installation

```bash
pip install binaryshield
```

Or, from a local checkout of this repo:

```bash
pip install .
```

Optional extras add support for extra features:

```bash
pip install "binaryshield[pdf]"      # PDF (VAPT-style) reports
pip install "binaryshield[dotnet]"   # Deeper .NET assembly analysis via dnfile
pip install "binaryshield[memory]"   # Running-process memory analysis
pip install "binaryshield[windows]"  # Detailed Windows ACL / permission auditing
pip install "binaryshield[all]"      # Everything above
```

## Usage

```bash
# Basic scan
binaryshield target.exe

# Scan an MSI installer (installer-level checks work on any OS;
# extraction and scanning of embedded PE files requires Windows/msiexec)
binaryshield installer.msi

# Full report set
binaryshield target.dll \
    --json report.json \
    --html manifest.html \
    --csv findings.csv \
    --enhanced-report enhanced.html \
    --pdf report.pdf

# Verbose output, explicit decompiler choice
binaryshield target.exe --verbose --decompiler ghidra

# Reset the local learning database
binaryshield --reset-db

# See where Binary Shield stores its local data
binaryshield --data-dir
```

Run `binaryshield --help` for the full list of options.

## What it checks

30 built-in test cases (TC001-TC030) covering:

- **Memory corruption** — unsafe `strcpy`/`sprintf`/`gets`, heap overflows, integer overflow
- **Missing mitigations** — ASLR, DEP, stack cookies, SafeSEH, RWX sections
- **Injection** — `system()`/`WinExec()` command injection, path traversal
- **DLL security** — sideloading, known-hijackable DLLs, delay-load hijacking
- **Secrets** — hardcoded passwords, API keys, connection strings, IPs
- **Cryptography** — weak hashes (MD5/SHA1), weak ciphers (DES/RC4)
- **Info disclosure & integrity** — debug strings, insecure `rand()`, unsigned binaries
- **Access control** — insecure registry access, insecure IPC

Plus a suite of enhancement modules: CVE/Exploit-DB lookup, supply-chain
and SBOM analysis, VirusTotal hash lookup, compliance mapping (PCI-DSS,
ISO 27001, NIST 800-53), false-positive learning, ML-based risk
prediction, fuzzing, anti-analysis and network-indicator detection,
permission auditing, and Ghidra/.NET decompiler integration.

## Local data

Binary Shield stores its learning database and cached ML model under
`~/.binaryshield/` by default. Override this with the `BINARYSHIELD_HOME`
environment variable or `--db-path`.

## Using it as a library

```python
from binaryshield import FinalUltimateAnalyzer, LearningDatabase

db = LearningDatabase()
analyzer = FinalUltimateAnalyzer("target.exe", db)
results = analyzer.run_complete_analysis()
print(results["total_vulnerabilities"], "findings")
```

## Notes

- Ghidra-based decompilation requires a separate Ghidra installation
  available on your system; Binary Shield calls it in headless mode if
  found.
- VirusTotal and NVD/CVE/Exploit-DB lookups require network access and,
  for higher rate limits, your own API keys (`VT_API_KEY` environment
  variable for VirusTotal).
- MSI extraction of embedded PE files uses `msiexec` and only runs on
  Windows; installer-level checks (dangerous custom actions, hardcoded
  credentials, repair-hijack patterns, etc.) run on any platform.
