PackageDNA : Tool To Analyze Software Packages Of Different Programming Languages That Are Being Or Will Be Used In Their Codes

PackageDNA gives developers, researchers and companies the ability to analyze software packages of different programming languages that are being or will be used in their codes, providing information that allows them to know in advance if this library complies with processes. secure development, if currently supported, possible backdoors (malicious embedded code), typosquatting analysis, the history of versions and reported vulnerabilities (CVEs) of the package.

Installation

Clone this repository with:

git clone https://github.com/ElevenPaths/packagedna

PackageDNA uses python-magic which is a simple wrapper around the libmagic C library, and that MUST be installed as well:

Debian/Ubuntu
$ sudo apt-get install libmagic1
Windows
You will need DLLs for libmagic. @julian-r has uploaded a version of this project that includes binaries
to PyPI: https://pypi.python.org/pypi/python-magic-bin/0.4.14
Other sources of the libraries in the past have been File for Windows.
You will need to copy the file magic out of [binary-zip]\share\misc, and pass its location to Magic(magic_file=…).
If you are using a 64-bit build of python, you will need 64-bit libmagic binaries which can be found here: https://github.com/pidydx/libmagicwin64.
Newer version can be found here: https://github.com/nscaife/file-windows.
OSX
When using Homebrew: brew install libmagic
When using macports: port install file
More details: https://pypi.org/project/python-magic/

Run setup for installation:

python3 setup.py install –user

External Modules

PackageDNA uses external modules for its analysis that you should install previously:

Microsoft AppInpsector

https://github.com/microsoft/ApplicationInspector

Virus Total API

https://www.virustotal.com/

LibrariesIO API

https://libraries.io/

Rubocop

https://github.com/rubocop/rubocop

After installation you should configure the external modules, in the option [7] Configuration of the main menu.

[1] VirusTotal API Key: Your API KEY
[2] AppInspector absolute path: /Local/Path/MSAppInpsectorInstallation
[3] Libraries.io API Key: Your API KEY
[4] Github Token: Your Token
[B] Back
[X] Exit

NOTE: External modules are not mandatory. PackageDNA will continue its execution, however we recommend making all the configurations of these modules so that the tool performs a complete analysis

Running PackageDNA

Inside the PackageDNA directory:

./packagedna.py

_ _ _
| _
\ | | | _ \ | \ | || |
| |
) |_ _ _ | | _ _ _ _ | | \ \ | |\ \ | || || | | // |/ __)| |/ / / _ | / | / _ | | | || | \ | || | | | | (| || (_ | |\ \ | (| || (| || /| |/ / | | \ || | | | || __,|___)|| _\ _,| _ | ___||/ || _||| || | |
(_
|
Modular Packages Analyzer Framework
By ElevenPaths https://www.elevenpaths.com/
Usage: python3 ./packagedna.py
[] ————————————————————————————————————– []
[!] Select from the menu:
[] ————————————————————————————————————– []
[1] Analyze Package (Last Version)
[2] Analyze Package (All Versions)
[3] Analyze local package
[4] Information gathering
[5] Upload file and analyze all Packages
[6] List previously analyzed packages
[7] Configurations
[X] Exit
[] ————————————————————————————————————– []
[!] Enter your selection:

R K

Recent Posts

SpyAI : Intelligent Malware With Advanced Capabilities

SpyAI is a sophisticated form of malware that leverages advanced technologies to capture and analyze…

3 days ago

Proxmark3 : The Ultimate Tool For RFID Security And Analysis

The Proxmark3 is a versatile, open-source tool designed for radio-frequency identification (RFID) security analysis, research,…

3 days ago

Awesome Solana Security : Enhancing Program Development

The "Awesome Solana Security" collection is a comprehensive resource designed to help developers build more…

3 days ago

IngressNightmare-POCs : Understanding The Vulnerability Exploitation Flow

The "IngressNightmare" vulnerabilities, disclosed in March 2025, represent a critical set of security issues affecting…

3 days ago

AdaptixC2 : Enhancing Penetration Testing With Advanced Framework Capabilities

AdaptixC2 is an advanced post-exploitation and adversarial emulation framework designed specifically for penetration testers. It…

3 days ago

Bincrypter : Enhancing Linux Binary Security through Runtime Encryption And Obfuscation

Bincrypter is a powerful Linux binary runtime crypter written in BASH. It is designed to…

3 days ago