capa detects capabilities in executable files. You run it against a PE file or shellcode and it tells you what it thinks the program can do. For example, it might suggest that the file is a backdoor, is capable of installing services, or relies on HTTP to communicate.
Changelog v1.1 RC1
draft release to test and verify automated builds.
[hide][Hidden Content]]