Qu1cksc0pe tool allows you to statically analyze Windows, Linux, OSX executables and APK files.
You can get:
Qu1cksc0pe aims to get even more information about suspicious files and helps user realize what that file is capable of.
Usage
python3 qu1cksc0pe.py –file suspicious_file –analyze
Screenshot
Updates
09/10/2021
AndroidRuntime
module. Now you can analyze android applications dynamically!!Available On
Note
Windows Subsystem Linux
in Windows 10.Necessary python modules:
puremagic
=> Analyzing target OS and magic numbers.androguard
=> Analyzing APK files.apkid
=> Check for Obfuscators, Anti-Disassembly, Anti-VM and Anti-Debug.prettytable
=> Pretty outputs.tqdm
=> Progressbar animation.colorama
=> Colored outputs.oletools
=> Analyzing VBA Macros.pefile
=> Gathering all information from PE files.quark-engine
=> Extracting IP addresses and URLs from APK files.pyaxmlparser
=> Gathering informations from target APK files.yara-python
=> Android library scanning with Yara rules.prompt_toolkit
=> Interactive shell.frida
=> Performing dynamic analysis against android applications.
Installation of python modules: pip3 install -r requirements.txt
Gathering other dependencies:
https://virustotal.com
sudo apt-get install binutils
sudo apt-get install exiftool
sudo apt-get install strings
Alert
You must specify jadx binary path in Systems/Android/libScanner.conf
[Rule_PATH]
rulepath = /Systems/Android/YaraRules/
[Decompiler]
decompiler = JADX_BINARY_PATH <– You must specify this.
Installation
sudo pip3 install -r requirements.txt
sudo python3 qu1cksc0pe.py --install
Usage: python3 qu1cksc0pe.py --file suspicious_file --analyze
Multiple Analysis
Usage: python3 qu1cksc0pe.py --multiple FILE1 FILE2 ...
Hash scan
Usage: python3 qu1cksc0pe.py --file suspicious_file --hashscan
Folder scan
Supported Arguments:
--hashscan
--packer
Usage: python3 qu1cksc0pe.py --folder FOLDER --hashscan
Virus Total
Report Contents:
Threat Categories
Detections
CrowdSourced IDS Reports
Usage for –vtFile: python3 qu1cksc0pe.py --file suspicious_file --vtFile
Document scan
Usage: python3 qu1cksc0pe.py --file suspicious_document --docs
Programming language detection
Usage: python3 qu1cksc0pe.py --file suspicious_executable --lang
Interactive shell
Usage: python3 qu1cksc0pe.py --console
Domain
Usage: python3 qu1cksc0pe.py --file suspicious_file --domain
This category contains functions and strings about:
This category contains functions and strings about:
This category contains functions and strings about:
This category contains functions and strings about:
This category contains functions and strings about:
This category contains functions and strings about:
This category contains functions and strings about:
This category contains functions and strings about:
This category contains functions and strings about:
This category contains functions and strings about:
This category contains functions and strings about:
This category contains functions and strings about:
Pystinger is a Python-based tool that enables SOCKS4 proxying and port mapping through webshells. It…
Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…
Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…
If you are working with Linux or writing bash scripts, one of the most common…
What is a bash case statement? A bash case statement is a way to control…
Why Do We Check Files in Bash? When writing a Bash script, you often work…