HacksGuard is a blazingly fast Terminal UI (TUI) static analysis tool designed for malware analysts and reverse engineers. Built in Rust, it provides an intuitive dashboard for quick triage and deep inspection of Portable Executable (PE) files.
- Dashboard Overview: Automatically calculates a Risk Score based on entropy, APIs, anomalies, strings, and packing. Includes an intuitive heuristics radar and a visual Entropy Graph (Sparkline).
- YARA Integration: Dynamically loads YARA rules from the
rules/directory (e.g. Elastic protections-artifacts) via theborealengine. - VirusTotal API: Fetches real-time community scores (requires
VT_API_KEYenvironment variable). - Deep PE Parsing: Inspects Sections, Imports (grouped by risk), Exports, Anomalies, Data Directories, Security Mitigations (ASLR, DEP, CFG), and Authenticode signatures.
- Overlay Analysis: Detects appended data (overlay) at the end of the binary, often used by droppers or installers.
- Disassembler: Raw x86/x64 instruction preview at the Entry Point via
iced-x86. - Hex Dump: Built-in hex viewer for quick binary inspection.
- String Extraction & Auto-Decoding: Fast string dumping with automatic Base64 decryption for suspicious strings.
- CLI Export: Run with
--jsonto bypass the TUI and export the full analysis report as a JSON object to stdout. - Built-in Guide: Included analyst guide to help interpret the results correctly.
Ensure you have Rust installed. Clone the repository and build:
git clone https://github.com/yourusername/hacksguard.git
cd hacksguard
cargo build --releaseRun HacksGuard by providing the path to the executable you want to analyze:
cargo run --release -- <path/to/binary.exe>Tab/Right Arrow: Next TabShift+Tab/Left Arrow: Previous TabUp/Down/k/j: ScrollPageUp/PageDown: Fast Scrollq/Esc: Quit
ratatui&crossterm- TUI renderinggoblin- PE/ELF parsingboreal- Pure Rust YARA engineiced-x86- Disassemblerreqwest- VirusTotal API client
