A privacy-focused, AI-powered malware static analysis tool that runs entirely on GitHub Pages (frontend) and GitHub Actions (backend serverless jobs) with zero databases and fully ephemeral sessions.
- β No backend server - Only GitHub Actions processes analysis jobs
- β No database - No state, no persistence
- β No storage - Reports exist only in memory during the page session
- β Fully ephemeral - Everything vanishes on page refresh
- β Privacy-first - Your files never leave your control (except for optional backend analysis)
- Hash Calculation: SHA256, SHA1, MD5
- File Metadata: Type, size, MIME detection
- String Extraction: ASCII and Unicode strings with suspicious pattern detection
- PE Header Parsing: For Windows executables (.exe, .dll)
- DOS and PE headers
- File characteristics
- Section analysis
- Import/Export tables (basic)
- Entropy Calculation: Detect packed/encrypted sections
- Suspicious Pattern Detection: Identify malware indicators
- Deep Static Analysis: Advanced file inspection
- YARA Scanning: Pattern matching with public rules
- AI-Powered Assessment: Threat level evaluation
- Behavior Analysis: Suspicious activity detection
- Confidence Scoring: Risk assessment
- Windows Executables:
.exe,.dll,.msi - Scripts:
.js,.vbs,.ps1,.bat - Archives:
.zip - Android:
.apk
- JSON: Machine-readable format
- HTML: Standalone report with embedded styles
- Text: Simple text-based report
- Fork this repository
- Enable GitHub Pages:
- Go to Settings β Pages
- Source: Deploy from branch
main - Folder:
/ (root)
- Access your tool:
https://yourusername.github.io/malware-analysis-tool/
# Clone the repository
git clone https://github.com/yourusername/malware-analysis-tool.git
cd malware-analysis-tool
# Serve with any static server
python -m http.server 8000
# or
npx serve
# Open http://localhost:8000To enable GitHub Actions backend analysis:
-
Create a Personal Access Token:
- Go to GitHub Settings β Developer settings β Personal access tokens
- Generate new token with
repoandactionsscopes
-
Configure the tool:
- Add to URL:
?gh_owner=USERNAME&gh_repo=REPO&gh_token=TOKEN - Or store in localStorage (persists across sessions)
- Add to URL:
-
Update workflow file:
- Edit
.github/workflows/malware-analysis.yml - Customize analysis steps as needed
- Edit
- Backend analysis sends file data to GitHub Actions
- Files are immediately deleted after analysis
- No artifacts are stored
- Results are returned to frontend only
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β GitHub Pages β
β (Static Frontend) β
β β
β ββββββββββββββββ ββββββββββββββββ ββββββββββββββββ β
β β File Upload β β Analysis β β Reports β β
β β & Preview ββ β Engine ββ β & Export β β
β ββββββββββββββββ ββββββββββββββββ ββββββββββββββββ β
β β β β
β β β β
β βΌ βΌ β
β ββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β Client-Side Analysis β β
β β β’ Hashing β’ PE Parsing β’ Strings β’ Entropy β β
β ββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β β
ββββββββββββββββββββββββββΌβββββββββββββββββββββββββββββββ
β (Optional)
βΌ
βββββββββββββββββββββββββββββββββ
β GitHub Actions β
β (Serverless Backend) β
β β
β βββββββββββββββββββββββββββ β
β β Deep Static Analysis β β
β β YARA Scanning β β
β β AI Assessment β β
β β β οΈ Ephemeral Only β β
β βββββββββββββββββββββββββββ β
βββββββββββββββββββββββββββββββββ
malware-analysis-tool/
βββ index.html # Main HTML file
βββ styles.css # Styles and design system
βββ js/
β βββ main.js # Main application logic
β βββ crypto-utils.js # Hash calculation utilities
β βββ pe-parser.js # PE file parser
β βββ strings-extractor.js # String extraction
β βββ entropy-calculator.js # Entropy analysis
β βββ github-actions.js # Backend integration
β βββ report-generator.js # Export functionality
βββ .github/
β βββ workflows/
β βββ malware-analysis.yml # GitHub Actions workflow
βββ README.md
- β Store any uploaded files
- β Keep analysis results in databases
- β Track users or their activities
- β Create persistent logs
- β Share data with third parties
- β Process everything client-side when possible
- β Delete backend files immediately after analysis
- β Use ephemeral session storage only
- β Provide full transparency (open source)
- π Use for static analysis only - never execute suspicious files
- π Run in an isolated environment when analyzing real malware
- π Don't upload sensitive or confidential files
- π Verify the tool's source code before use
- Modern, Minimalistic Design: Clean interface with smooth animations
- Responsive Layout: Works on desktop, tablet, and mobile
- Dark Mode Ready: Easy to extend with dark theme
- Drag & Drop: Intuitive file upload
- Real-time Progress: Visual feedback during analysis
- Interactive Charts: Entropy visualization
- Tabbed Interface: Organized results display
- Modern web browser with ES6+ support
- (Optional) Python 3.10+ for GitHub Actions backend
Edit the respective JavaScript modules in the js/ directory:
pe-parser.js- Add PE parsing featuresstrings-extractor.js- Add pattern detectionentropy-calculator.js- Customize entropy analysis
Edit .github/workflows/malware-analysis.yml:
- Add Python dependencies
- Implement custom analysis steps
- Integrate AI models (Ollama, HuggingFace, etc.)
- name: Download YARA rules
run: |
git clone https://github.com/Yara-Rules/rules.git /tmp/yara-rules
- name: Run YARA scan
run: |
yara -r /tmp/yara-rules/malware /tmp/sample_file- GitHub Pages: Unlimited static hosting
- GitHub Actions: 2,000 minutes/month free
- Storage: No storage used (ephemeral)
- Average analysis: ~30 seconds
- Monthly capacity: ~4,000 analyses (free tier)
- Total cost: $0 π°
Contributions are welcome! Please:
- Fork the repository
- Create a feature branch
- Make your changes
- Submit a pull request
- Add support for more file types (ELF, Mach-O, APK deep analysis)
- Implement additional client-side parsers
- Integrate more AI models
- Improve UI/UX
- Add more export formats
- Enhance YARA rule sets
MIT License - See LICENSE file for details
This tool is for educational and research purposes only.
- Always handle malware samples in isolated environments
- Never execute suspicious files on production systems
- The AI analysis is probabilistic and may have false positives/negatives
- This tool does not replace professional malware analysis
- Use at your own risk
- GitHub for Pages and Actions infrastructure
- YARA for pattern matching capabilities
- PE File Format documentation
- Open source security community
For questions, issues, or suggestions:
- Open an issue on GitHub
- Submit a pull request
- Check existing discussions
Made with β€οΈ for the security community
Privacy-First β’ AI-Powered β’ Fully Ephemeral