binlex
by c3rb3ru5d3d53c
Binlex is a high-performance binary analysis framework that models malware code as genetic traits to enable fast and precise malware similarity detection and threat hunting.
A Binary Genetic Traits Lexer Framework
Primary Use Case
Binlex is primarily used by malware analysts and reverse engineers to extract and analyze instructions, functions, and code blocks from binary files, enabling efficient detection of malware patterns and similarities across large datasets. It supports automated threat hunting and collaborative malware research through its command-line tools, IDA plugin, and vector database server.
- Extracts instructions, basic blocks, and functions from binaries into a genetic trait hierarchy (genomes, chromosomes, allele pairs, genes)
- Enables malware similarity detection using a DNA fingerprint-like approach
- Includes a fast command-line interface for searching patterns across thousands of samples
- Provides an IDA Pro plugin for integration with reverse engineering workflows
- Offers a vector database server leveraging Graph Neural Networks and similarity hashing for precise function matching
- Supports collaborative analysis with usernames, timestamps, and sample hashes metadata
- Provides Rust API and Python bindings for custom tooling development
- Cross-platform support for Linux, Windows, and MacOS
Installation
- Download the precompiled binaries from the GitHub release page
- For development, clone the repository from https://github.com/c3rb3ru5d3c/binlex
- Use the Rust API or Python bindings as needed for custom integration
- Install IDA plugin by following the plugin setup instructions included in the repository
- Run the binlex server for vector database functionality as per server documentation
Usage
>_ binlex analyze <binary_file>Extracts and analyzes instructions, functions, and blocks from the specified binary file
>_ binlex search <pattern>Searches for specific genetic trait patterns across indexed malware samples
>_ binlex server startStarts the binlex vector database server for collaborative malware function similarity analysis
>_ binlex ida pluginIntegrates binlex functionality within IDA Pro for enhanced reverse engineering
- Integrate Binlex with existing reverse engineering workflows via the IDA Pro plugin to accelerate malware similarity analysis.
- Leverage the vector database server to automate large-scale threat hunting and prioritize samples based on genetic trait similarity.
- Use the Rust API and Python bindings to develop custom detection rules and automate binary triage in malware research labs.
- Incorporate Binlex into purple team exercises to simulate advanced malware analysis and improve collaboration between red and blue teams.
- Deploy Binlex in CI/CD pipelines for continuous security validation of binaries and early detection of malicious code reuse.
Docs Take 2 Hours. AI Takes 10 Seconds.
Ask anything about binlex. Installation? Config? Troubleshooting? Get answers trained on real docs and GitHub issues—not generic ChatGPT fluff.
This tool hasn't been indexed yet. Request indexing to enable AI chat.
Admin will review your request within 24 hours
Related Tools
x64dbg
x64dbg/x64dbg
An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.
theZoo
ytisf/theZoo
A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.
flare-vm
mandiant/flare-vm
A collection of software installations scripts for Windows systems that allows you to easily setup and maintain a reverse engineering environment on a VM.
capa
mandiant/capa
The FLARE team's open-source tool to identify capabilities in executable files.
retoolkit
mentebinaria/retoolkit
Reverse Engineer's Toolkit
awesome-yara
InQuest/awesome-yara
A curated list of awesome YARA rules, tools, and people.