Hacksguard is a blazingly fast, multi-threaded Terminal UI (TUI) static analysis tool designed for SOC analysts, threat hunters, and reverse engineers. Built entirely in Rust, it provides an intuitive dashboard for quick triage and deep inspection of Portable Executable (PE) files right from your terminal.
- Blazing Fast & Multi-Threaded: The core analysis pipeline (PE parsing, YARA scanning, and entropy calculation) runs concurrently. This ensures zero UI latency, even when analyzing large executables.
- Advanced Risk Scoring: Hacksguard automatically compiles a 0-100% Risk Score based on 5 heuristic axes (Entropy, Suspicious APIs, PE Anomalies, Strings, and Packing), visualized beautifully through an interactive radar chart.
- Integrated YARA Engine: Powered by the
borealcrate, Hacksguard dynamically loads local YARA rules (e.g., Elastic protections-artifacts and Neo23x0 signature-base) to detect known threats, packers, and evasion techniques. - Deep PE Inspection: Comprehensive breakdown of the PE format, including Headers, Sections, Imports (categorized by severity), Exports, Security Mitigations (ASLR, DEP, CFG), and Authenticode verification.
- Visual Entropy Graph: A dedicated Entropy tab plots the Shannon entropy distribution of the file using sparklines, allowing analysts to visually spot encrypted or packed payloads instantly.
- Auto-Decoding Strings: Automatically extracts and categorizes strings (IPs, URLs, Registry keys). Suspicious strings matching the Base64 alphabet are decoded on the fly directly in the interface.
- Built-in Disassembler & Hex View: Inspect raw x86/x64 opcodes at the Entry Point via the
iced-x86integration, or dive into raw bytes with the built-in Hex Dump viewer. - Overlay Detection: Automatically detects appended hidden data at the end of the binary, a technique commonly used by droppers and malicious installers.
- CLI Mode / CI-CD Ready: Run
hacksguard --json <file>to bypass the terminal UI and export the full analysis report as a structured JSON object for SIEM/SOAR integrations.
Make sure you have Rust and Cargo installed. Clone the repository with its submodules:
git clone --recursive https://github.com/Rhacknarok/hacksguard.git
cd hacksguard
cargo build --releaseIf already cloned without submodules:
git submodule update --init --recursive
cargo build --releaseThe compiled binary will be available at target/release/hacksguard.
For Nix or NixOS users is a package
available in Nixpkgs. Keep in mind that the lastest releases might only
be present in the unstable channel.
$ nix-env -iA nixos.hacksguardRun Hacksguard by providing the path to the executable you want to analyze:
cargo run --release -- <path/to/binary.exe>Tab/Right Arrow: Next TabShift+Tab/Left Arrow: Previous TabUp/Down/k/j: ScrollPageUp/PageDown: Fast Scrollq/Esc: Quit
ratatui&crossterm- TUI renderinggoblin- PE/ELF parsingboreal- Pure Rust YARA engineiced-x86- Disassembler
- Elastic Protections Artifacts - YARA rules
- Neo23x0 Signature Base - YARA rules









