Qu1cksc0pe tool allows you to statically analyze Windows, Linux, OSX executables and APK files.
You can get:
Qu1cksc0pe aims to get even more information about suspicious files and helps user realize what that file is capable of.
Usage
python3 qu1cksc0pe.py –file suspicious_file –analyze
Screenshot
Updates
09/10/2021
AndroidRuntime
module. Now you can analyze android applications dynamically!!Available On
Note
Windows Subsystem Linux
in Windows 10.Necessary python modules:
puremagic
=> Analyzing target OS and magic numbers.androguard
=> Analyzing APK files.apkid
=> Check for Obfuscators, Anti-Disassembly, Anti-VM and Anti-Debug.prettytable
=> Pretty outputs.tqdm
=> Progressbar animation.colorama
=> Colored outputs.oletools
=> Analyzing VBA Macros.pefile
=> Gathering all information from PE files.quark-engine
=> Extracting IP addresses and URLs from APK files.pyaxmlparser
=> Gathering informations from target APK files.yara-python
=> Android library scanning with Yara rules.prompt_toolkit
=> Interactive shell.frida
=> Performing dynamic analysis against android applications.
Installation of python modules: pip3 install -r requirements.txt
Gathering other dependencies:
https://virustotal.com
sudo apt-get install binutils
sudo apt-get install exiftool
sudo apt-get install strings
Alert
You must specify jadx binary path in Systems/Android/libScanner.conf
[Rule_PATH]
rulepath = /Systems/Android/YaraRules/
[Decompiler]
decompiler = JADX_BINARY_PATH <– You must specify this.
Installation
sudo pip3 install -r requirements.txt
sudo python3 qu1cksc0pe.py --install
Usage: python3 qu1cksc0pe.py --file suspicious_file --analyze
Multiple Analysis
Usage: python3 qu1cksc0pe.py --multiple FILE1 FILE2 ...
Hash scan
Usage: python3 qu1cksc0pe.py --file suspicious_file --hashscan
Folder scan
Supported Arguments:
--hashscan
--packer
Usage: python3 qu1cksc0pe.py --folder FOLDER --hashscan
Virus Total
Report Contents:
Threat Categories
Detections
CrowdSourced IDS Reports
Usage for –vtFile: python3 qu1cksc0pe.py --file suspicious_file --vtFile
Document scan
Usage: python3 qu1cksc0pe.py --file suspicious_document --docs
Programming language detection
Usage: python3 qu1cksc0pe.py --file suspicious_executable --lang
Interactive shell
Usage: python3 qu1cksc0pe.py --console
Domain
Usage: python3 qu1cksc0pe.py --file suspicious_file --domain
This category contains functions and strings about:
This category contains functions and strings about:
This category contains functions and strings about:
This category contains functions and strings about:
This category contains functions and strings about:
This category contains functions and strings about:
This category contains functions and strings about:
This category contains functions and strings about:
This category contains functions and strings about:
This category contains functions and strings about:
This category contains functions and strings about:
This category contains functions and strings about:
The cp command, short for "copy," is the main Linux utility for duplicating files and directories. Whether…
Introduction In digital investigations, images often hold more information than meets the eye. With the…
The cat command short for concatenate, It is a fast and versatile tool for viewing and merging…
What is a Port? A port in networking acts like a gateway that directs data…
The ls command is fundamental for anyone working with Linux. It’s used to display the files and…
The pwd (Print Working Directory) command is essential for navigating the Linux filesystem. It instantly shows your…