Releases: Rhacknarok/hacksguard
Release list
Hacksguard 0.1
Release Highlights
• Blazing Fast & Multi-Threaded: The core analysis pipeline (PE parsing, YARA scanning, VirusTotal queries, and entropy calculation) runs concurrently. This ensures zero
UI latency, even when analyzing large executables.
• Integrated YARA Engine: Powered by the boreal crate, HacksGuard dynamically loads local YARA rules (e.g., Elastic protections-artifacts) to detect known threats,
packers, and evasion techniques.
• Advanced Risk Scoring: HacksGuard automatically compiles a 0-100% Risk Score based on 5 heuristic axes (Entropy, Suspicious APIs, PE Anomalies, Strings, and Packing),
visualized beautifully through an interactive radar chart.
• Deep PE Inspection: Comprehensive breakdown of the PE format, including Headers, Sections, Imports (categorized by severity), Exports, Security Mitigations (ASLR, DEP,
CFG), and Authenticode verification.
• Visual Entropy Graph: A dedicated Entropy tab plots the Shannon entropy distribution of the file using sparklines, allowing analysts to visually spot encrypted or packed
payloads instantly.
• Auto-Decoding Strings: Automatically extracts and categorizes strings (IPs, URLs, Registry keys). Suspicious strings matching the Base64 alphabet are decoded on the fly
directly in the interface.
• Built-in Disassembler & Hex View: Inspect raw x86/x64 opcodes at the Entry Point via the iced-x86 integration, or dive into raw bytes with the built-in Hex Dump viewer.
• Overlay Detection: Automatically detects appended hidden data at the end of the binary, a technique commonly used by droppers and malicious installers.
• CLI Mode / CI-CD Ready: Run hacksguard --json to bypass the terminal UI and export the full analysis report as a structured JSON object for SIEM/SOAR
integrations.
• Built-in Analyst Guide: The v0.1 release embeds a comprehensive analyst guide directly into the TUI. The guide explains how to interpret PE anomalies, entropy graphs,
and YARA alerts, serving as a quick reference during complex investigations.
Downloads
Below you will find the pre-compiled standalone binaries for this release. Just download, extract, and start analyzing.