CAPA

Forensics & Incident Response

A framework that analyzes executable files to automatically identify their malicious capabilities, such as backdoor behavior, service installation, and network communication.

Track releases GitHub Website

Python Latest v9.4.0 · 2mo ago Security brief →

Features

Detects ATT&CK‑mapped tactics like defense evasion, discovery, execution, exfiltration, and persistence
Identifies specific capabilities (e.g., file transfer over C2, shell command execution, HTTP communication)
Works on PE, ELF, .NET modules, and raw shellcode files

Recent releases

View all 1 releases →

v9.4.0 Security relevant 2mo

Security fixes

Fixed insecure YAML deserialization vulnerability

Notable features

PyGhidra support
Credential access rules
Improved error handling

View release on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Releases

View all →

Releases per week

Apr 1

Apr 8

Apr 15

Apr 22

Apr 29

May 6

May 13

May 20

May 27

Jun 3

Cadence 0.1 / wk

Last release 63d

Tracked 1

Security

Full profile →

Security score 6.6/10

OpenSSF 5.9/10

Open CVEs 0

SBOM Active maintainer

Community

GitHub stars 6,034

Forks 698

Open issues 274

Open PRs 38

Stars/wk velocity 0.0

About

Stars

6,034

Forks

698

Languages

Python Vue JavaScript

View on GitHub Homepage Live demo Documentation

Install & Platforms

Install via

binary

Similar tools

Rizin

Flare

About

Stars

6,034

Forks

698

Languages

Python Vue JavaScript

View on GitHub Homepage Live demo Documentation

Install & Platforms

Install via

binary

Similar tools

Rizin

Flare

Beta — feedback welcome: [email protected]