Inspect every file inside an archive before extracting.
100% offline · Pure Rust · No telemetry · No cloud
Every archive you download could hide an .exe, a macro-laden .docm, or a ransomware note waiting to be executed.
ZipLoom lets you open an archive and inspect every file inside — before extracting a single byte.
Before you extract, ZipLoom scans every entry with its pure Rust heuristic engine:
| What It Detects | How | Severity |
|---|---|---|
| Windows PE (.exe/.dll) | MZ header, section flags, import table — flags VirtualAllocEx, WriteProcessMemory, CreateRemoteThread |
🔴 Critical |
| Process injection | NtUnmapViewOfSection, SetThreadContext — process hollowing indicators |
🔴 Critical |
| Writable + Executable section | W^X violation in PE headers — classic shellcode injection | 🔴 Critical |
| Packed executables | Section names like .upx, .vmp, .themida, .mpress |
🟠 High |
| Office macros (VBA) | AutoOpen, Document_Open + Shell, CreateObject, PowerShell |
🔴 Critical |
| Ransomware notes | "your files have been encrypted", "bitcoin", "tor", "decryption key" | 🟠 High |
| Encoded PowerShell | -EncodedCommand + Base64 payloads |
🔴 Critical |
| Obfuscated scripts | eval(, fromcharcode(, unescape( — JS/HTML exploit patterns |
🟠 High |
| Double extension | invoice.pdf.exe, document.doc.js |
🟠 High |
| Hidden files | .malware — files concealed in archives |
🟢 Low |
| Anti-debugging | IsDebuggerPresent, CheckRemoteDebuggerPresent |
🟠 High |
Risk score: Each file is scored. The whole archive gets a label — Clean, Low Risk, Suspicious, Highly Suspicious, or Malicious.
⚡ Zero internet, zero database, zero updates.
All detection is structural — based on file format parsing and pattern matching. No signatures to download, no cloud API to call, no telemetry.
For IT professionals who need to know exactly what's in an archive:
- Magic byte verification — detects format mismatch / tampering (a
.pdfthat's really an.exe) - Entropy analysis — flags encrypted or compressed payloads hiding inside archives
- Batch hashing — MD5, SHA-1, SHA-256 per file for integrity verification
- Anomaly detection — high-entropy files, extension mismatch, suspicious structures
- File tree view — sortable columns with all metadata at a glance
- CSV export — full evidence trail for reporting
Full-featured archive utility — compress, extract, encrypt:
| Feature | Supported |
|---|---|
| Compress | ZIP, TAR, TAR.GZ, TAR.BZ2, TAR.XZ, TAR.ZST |
| Extract | ZIP, TAR, TAR.GZ, TAR.BZ2, TAR.XZ, TAR.ZST, 7z, RAR |
| AES-256 encrypted ZIP | ✅ Password-protected archives |
| Split volumes | ✅ Compress & split into chunks |
| Compression levels | 0–9 configurable |
| Clean macOS junk | Auto-strips .DS_Store, __MACOSX, ._ files |
| Drag & drop | ✅ Full drag-and-drop support |
| ZipLoom | 7-Zip | WinRAR | PeaZip | |
|---|---|---|---|---|
| Open source | ✅ MIT | ✅ LGPL | ❌ | ✅ LGPL |
| 100% offline | ✅ No network at all | ✅ (mostly) | ❌ (trial nag) | ✅ (mostly) |
| No telemetry | ✅ Zero ping home | ✅ | ❌ | ✅ |
| Memory-safe lang | ✅ Rust | ❌ C/C++ | ❌ C/C++ | ❌ C/C++ |
| Threat inspection | ✅ Built-in | ❌ | ❌ | ❌ |
| Forensic tools | ✅ Magic byte + entropy | ❌ | ❌ | ❌ |
| Inspect | Compress |
|---|---|
 |
 |
| Extract | About |
 |
 |
Pre-built binaries are $1.99 — download, click, done. No Rust installation, no compile time.
🛒 Buy on Lynk.id — QRIS, GoPay, international cards
| Platform | Status |
|---|---|
| Linux (.AppImage) | ✅ Available |
| Linux (.deb) | ✅ Available |
| macOS | 🚧 Coming soon |
| Windows | 🚧 Coming soon |
git clone https://github.com/ysf-studio/ziploom.git
cd ziploom
# Install prerequisites (one-time)
# Linux: sudo apt install libwebkit2gtk-4.1-dev build-essential curl wget file \
# libxdo-dev libssl-dev libayatana-appindicator3-dev librsvg2-dev
npm install
cd src-tauri && cargo build --releaseBinary at src-tauri/target/release/ziploom-tauri.
cd src-tauri
cargo testQ: Why $1.99 when the source is MIT?
A: You're paying for the binary — download, click, done. The source is free forever.
Q: Does this need internet?
A: No. 100% offline. Zero network calls, zero telemetry, zero cloud.
Q: Does it scan automatically before extract?
A: Inspect and extract are separate operations. Open an archive, check the threat report, then decide whether to extract. You stay in control.
Q: Can it replace antivirus?
A: No. ZipLoom is a heuristic scanner for archives — it checks file structure and patterns, not real-time execution.
Q: Can I sell my own compiled version?
A: Yes — MIT license allows redistribution. But you cannot use the "ZipLoom" name or YSF Studio branding (see TRADEMARK.md).
Q: Is this court-certified for digital forensics?
A: No. All forensic output is informational.
Code: MIT License — see LICENSE
Brand: "ZipLoom", "YSF Studio" and the ZipLoom logo are trademarks of Yusuf Shalahuddin — see TRADEMARK.md
- Frontend: SvelteKit + Vite
- Backend: Rust via Tauri v2
- Archive Engine: Pure Rust (
zip,tar,flate2,bzip2,zstd,sevenz-rust,unrar) — zero CLI dependencies - Threat Scanner: Pure Rust — PE parser, VBA scanner, ransomware matcher, script analyzer — all heuristic, no signatures
- Hashing: SHA-2, MD5, BLAKE3 (Rust native)
Built with ❤️ by YSF Studio
Building ZipLoom yourself is free under the MIT License. You only pay for the pre-built binaries.
Before building, you need the following tools installed on your system:
| Requirement | Version | Installation |
|---|---|---|
| Rust (stable) | 2021 edition | rustup.rs — `curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs |
| Node.js | v22+ | nodejs.org or nvm install 22 |
| Tauri system deps | v2 | See per-platform instructions below |
# Debian / Ubuntu / Kali
sudo apt install libwebkit2gtk-4.1-dev build-essential curl wget file \
libxdo-dev libssl-dev libayatana-appindicator3-dev librsvg2-dev
# Fedora
sudo dnf install webkit2gtk4.1-devel openssl-devel curl wget file \
libxdo-devel libappindicator-gtk3-devel librsvg2-devel
# Arch
sudo pacman -S webkit2gtk-4.1 base-devel curl wget file \
libxdo openssl libappindicator-gtk3 librsvg- Xcode (from App Store or
xcode-select --install) - No extra Tauri system dependencies needed — WebKit is built into macOS
- Microsoft Visual Studio Build Tools with "Desktop development with C++" workload
- WebView2 (pre-installed on Windows 10 1803+)
# 1. Clone the repository
git clone https://github.com/YSF-Studio/ziploom.git
cd ziploom
# 2. Install Node.js dependencies
npm install
# 3. Build the application (production release)
npm run tauri buildThe compiled binaries will be in:
src-tauri/target/release/bundle/
├── deb/ZipLoom_1.0.0_amd64.deb # Debian/Ubuntu package
├── appimage/ZipLoom_1.0.0_amd64.AppImage # Portable Linux binary
├── dmg/ZipLoom_1.0.0_x64.dmg # macOS disk image
└── msi/ZipLoom_1.0.0_x64.msi # Windows installer
make build # Build for current platform
make build-linux # .deb + .AppImage
make build-macos # .dmg
make build-win # .msimake dev
# Or manually:
npm run tauri devThis starts a Vite dev server on localhost:1420 and opens the Tauri window. Changes to Svelte files hot-reload instantly. Changes to Rust code trigger an automatic recompile.
# Run all Rust unit & integration tests
cd src-tauri && cargo test
# Run a specific test
cargo test test_name
# Run tests with output
cargo test -- --nocaptureIf the release build opens but shows a blank/white screen, the frontend assets may not have been bundled correctly. Try rebuilding with:
npm run build # First build SvelteKit frontend
npm run tauri build # Then build TauriIf you're building inside a VM or headless environment and the app fails to render:
WEBKIT_DISABLE_COMPOSITING_MODE=1 LIBGL_ALWAYS_SOFTWARE=1 ./src-tauri/target/release/ziploom-tauriBinaries built from source or GitHub Actions are not signed by Apple. The first time you open ZipLoom:
xattr -d com.apple.quarantine /path/to/ZipLoom.dmgOr right-click → Open (one-time bypass).
If you encounter Rust compilation errors, ensure you're on the stable toolchain:
rustup default stable
rustup update| Component | Stack | Location |
|---|---|---|
| Frontend | SvelteKit + Vite | src/ |
| Backend | Rust via Tauri v2 | src-tauri/src/ |
| Archive Engine | Pure Rust (zip, tar, flate2, bzip2, zstd, sevenz-rust, unrar) | src-tauri/src/archive_ops.rs |
| Threat Scanner | Pure Rust heuristic engine | src-tauri/src/scanner.rs |
| Encryption | AES-256 | src-tauri/src/crypto.rs |