{"id":33145421,"url":"https://github.com/packing-box/bintropy","last_synced_at":"2025-12-04T21:00:48.742Z","repository":{"id":40946150,"uuid":"382563382","full_name":"packing-box/bintropy","owner":"packing-box","description":"Analysis tool for estimating the likelihood that a binary contains compressed or encrypted bytes","archived":false,"fork":false,"pushed_at":"2024-12-01T22:17:16.000Z","size":342,"stargazers_count":47,"open_issues_count":0,"forks_count":4,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-09-30T05:21:17.707Z","etag":null,"topics":["binary-analysis","elf","elf-binaries","elf-format","entropy","executable-packing","lief","mach-o","malware-analysis","malware-packers","malware-research","packing-detection","pe-file","pe-files","pe-format","python","research-tools"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/packing-box.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2021-07-03T08:20:56.000Z","updated_at":"2025-04-07T06:08:15.000Z","dependencies_parsed_at":"2023-01-24T06:46:04.646Z","dependency_job_id":"505abf16-31dd-4534-8f10-81bc09b3eeab","html_url":"https://github.com/packing-box/bintropy","commit_stats":null,"previous_names":["dhondta/bintropy"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/packing-box/bintropy","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/packing-box%2Fbintropy","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/packing-box%2Fbintropy/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/packing-box%2Fbintropy/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/packing-box%2Fbintropy/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/packing-box","download_url":"https://codeload.github.com/packing-box/bintropy/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/packing-box%2Fbintropy/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":27505889,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-12-04T02:00:07.142Z","response_time":60,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["binary-analysis","elf","elf-binaries","elf-format","entropy","executable-packing","lief","mach-o","malware-analysis","malware-packers","malware-research","packing-detection","pe-file","pe-files","pe-format","python","research-tools"],"created_at":"2025-11-15T13:00:33.470Z","updated_at":"2025-12-04T21:00:48.729Z","avatar_url":"https://github.com/packing-box.png","language":"Python","funding_links":[],"categories":[":wrench: Tools"],"sub_categories":["Before 2000"],"readme":"\u003cp align=\"center\"\u003e\u003cimg src=\"https://github.com/packing-box/bintropy/raw/main/docs/logo.png\"\u003e\u003c/p\u003e\r\n\u003ch1 align=\"center\"\u003eBintropy \u003ca href=\"https://twitter.com/intent/tweet?text=Bintropy%20-%20Python%20implementation%20of%20the%20related%20analysis%20tool%20for%20packing%20detection%20based%20on%20entropy.%0D%0Ahttps%3a%2f%2fgithub%2ecom%2fpacking-box%2fbintropy%0D%0A\u0026hashtags=python,pe,lief,elf,macho,entropy,packer,packingdetection\"\u003e\u003cimg src=\"https://img.shields.io/badge/Tweet--lightgrey?logo=twitter\u0026style=social\" alt=\"Tweet\" height=\"20\"/\u003e\u003c/a\u003e\u003c/h1\u003e\r\n\u003ch3 align=\"center\"\u003eDetect packers on PE/ELF/Mach-O files using entropy.\u003c/h3\u003e\r\n\r\n[![PyPi](https://img.shields.io/pypi/v/bintropy.svg)](https://pypi.python.org/pypi/bintropy/)\r\n[![Python Versions](https://img.shields.io/pypi/pyversions/bintropy.svg)](https://pypi.python.org/pypi/bintropy/)\r\n[![Build Status](https://github.com/packing-box/bintropy/actions/workflows/python-package.yml/badge.svg)](https://github.com/packing-box/bintropy/actions/workflows/python-package.yml)\r\n[![DOI](https://zenodo.org/badge/382563382.svg)](https://zenodo.org/badge/latestdoi/382563382)\r\n[![License](https://img.shields.io/pypi/l/bintropy.svg)](https://pypi.python.org/pypi/bintropy/)\r\n\r\nThis tool is an implementation in Python of Bintropy, an analysis tool presented in [this paper](https://ieeexplore.ieee.org/document/4140989) in the scope of packing detection based on entropy. It implements both modes of operation and an additional one, respectively on the entire binary, per section or per segment. It uses the entropy values mentioned in the [paper](https://ieeexplore.ieee.org/document/4140989) for deciding whether the binary contains compressed/encrypted bytes.\r\n\r\nIt relies on [`lief`](https://github.com/lief-project/LIEF) for abstracting either **PE**, **ELF** or **Mach-O** executables. This tool thus supports these three formats.\r\n\r\n```sh\r\n$ pip install bintropy\r\n```\r\n\r\n```sh\r\n$ bintropy --help\r\n```\r\n\r\n### Modes of operation\r\n\r\nUse the `-m`/`--mode` option.\r\n\r\n- `0`: full binary (default)\r\n- `1`: per section\r\n- `2`: per segment\r\n\r\nNote that mode 2 will logically give results very similar to mode 0.\r\n\r\n```sh\r\n$ bintropy binary\r\n\u003c\u003c\u003c boolean \u003e\u003e\u003e\r\n\r\n$ bintropy binary --dot-not-decide\r\n\u003c\u003c\u003c highest block entropy, average block entropy \u003e\u003e\u003e\r\n```\r\n\r\n```sh\r\n$ bintropy binary --mode [1|2]\r\n\u003c\u003c\u003c boolean \u003e\u003e\u003e\r\n\r\n$ bintropy binary -m [1|2] --do-not-decide\r\n\u003c\u003c\u003c highest block entropy, average block entropy \u003e\u003e\u003e\r\n```\r\n\r\n### Benchmarking\r\n\r\nUse the `-b`/`--benchmark` option to get one more value, the processing time in seconds.\r\n\r\n```sh\r\n$ bintropy binary -b\r\n\u003c\u003c\u003c boolean, processing time \u003e\u003e\u003e\r\n\r\n$ bintropy binary -b --do-not-decide\r\n\u003c\u003c\u003c highest block entropy, average block entropy, processing time \u003e\u003e\u003e\r\n```\r\n\r\n### Overriding default entropy values\r\n\r\nThe [reference paper](https://ieeexplore.ieee.org/document/4140989) uses 6.677 for the average block entropy and 7.199 for the highest block entropy (obtained by analyzing a dataset of PE files and using the first mode of operation). These values can be overriden with the dedicated options.\r\n\r\n```sh\r\n$ bintropy binary --threshold-average-entropy 5.678 --threshold-highest-entropy 6.789\r\n[...]\r\n```\r\n\r\n### Plotting\r\n\r\nThis tool features plot generation for drawing binary's sections and the entropy within.\r\n\r\n```sh\r\n$ bintropy binary --plot\r\n\u003c\u003c\u003c boolean \u003e\u003e\u003e\r\n```\r\n\r\nExample of generated figures:\r\n\r\n\u003cp align=\"center\"\u003e\u003cimg src=\"https://github.com/packing-box/bintropy/raw/main/docs/example.png\"\u003e\u003c/p\u003e\r\n\r\n## :star: Related Projects\r\n\r\nYou may also like these:\r\n\r\n- [Awesome Executable Packing](https://github.com/packing-box/awesome-executable-packing): A curated list of awesome resources related to executable packing.\r\n- [Dataset of packed ELF files](https://github.com/packing-box/dataset-packed-elf): Dataset of ELF samples packed with many different packers.\r\n- [Dataset of packed PE files](https://github.com/packing-box/dataset-packed-pe): Dataset of PE samples packed with many different packers (fork of [this repository](https://github.com/chesvectain/PackingData)).\r\n- [Docker Packing Box](https://github.com/packing-box/docker-packing-box): Docker image gathering packers and tools for making datasets of packed executables.\r\n- [DSFF](https://github.com/packing-box/python-dsff): Library implementing the DataSet File Format (DSFF).\r\n- [PEiD](https://github.com/packing-box/peid): Python implementation of the well-known Packed Executable iDentifier ([PEiD](https://www.aldeid.com/wiki/PEiD)).\r\n- [PyPackerDetect](https://github.com/packing-box/pypackerdetect): Packing detection tool for PE files (fork of [this repository](https://github.com/cylance/PyPackerDetect)).\r\n- [REMINDer](https://github.com/packing-box/reminder): Packing detector using a simple heuristic (inspired from [this paper](https://ieeexplore.ieee.org/document/5404211)).\r\n\r\n\r\n## :clap:  Supporters\r\n\r\n[![Stargazers repo roster for @packing-box/bintropy](https://reporoster.com/stars/dark/packing-box/bintropy)](https://github.com/packing-box/bintropy/stargazers)\r\n\r\n[![Forkers repo roster for @packing-box/bintropy](https://reporoster.com/forks/dark/packing-box/bintropy)](https://github.com/packing-box/bintropy/network/members)\r\n\r\n\u003cp align=\"center\"\u003e\u003ca href=\"#\"\u003e\u003cimg src=\"https://img.shields.io/badge/Back%20to%20top--lightgrey?style=social\" alt=\"Back to top\" height=\"20\"/\u003e\u003c/a\u003e\u003c/p\u003e\r\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpacking-box%2Fbintropy","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpacking-box%2Fbintropy","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpacking-box%2Fbintropy/lists"}