See inside any binary.
Drop a file — what it does, what it talks to, and whether it’s safe, in seconds. Nothing executes. Free for everyone.
Software ships as binaries. The tools that vet it read manifests, signatures, and hashes. We read the code.
Every upload, full report
Drop a binary. Get the reverse engineer's answer.
bettercap
#5b65f309 · 29.0 MB · first seen 10d ago
CVEs
19
Hardening
4 weak
Capabilities
35
Network
166
Behaviors
76
Functions
31k
Libraries
14
Imports
148
Secrets
None
Platform Linux (glibc)
Arch x86_64
Type executable
Signing Unsigned
A real report from the public corpus — every number is live. Open it →
What does it do?
Capabilities read from the code, in plain language.
Bear.app → iCloud sync · Touch ID auth · keychain accessWhat does it talk to?
Every endpoint baked into the file, extracted.
Bear.app → sentry.io · bear.app · twitter.comWhat's inside?
91 libraries recognized and versioned — exportable as a CycloneDX or SPDX SBOM, with CVEs attached.
Bear.app → Sentry · Zxcvbn · CocoaLumberjack + 88 moreHas it got relatives?
Every binary is compared against the whole corpus — variants, lookalikes, repacked builds.
Bear.app → 99,636 comparable · 20 visual variants
The corpus
binaries. Every one mapped.
Each tile is that file’s real byte map — sections colored, structure laid out by the bytes themselves. Malware sits next to coreutils next to Mac apps with their App Store listings attached. Click any of them.
Live renders from the public corpus — Debian, Homebrew, winget, firmware images, and every upload.
Browse the corpus →Recovered structure
Stripped, compiled, shipped. Still readable.
The engine lifts machine code to an intermediate language, names functions from a corpus of 1.3M signatures, and rebuilds the call graph. Below: Bear.app as it ships, and what comes back.
what ships
00000000 ca fe ba be 00 00 00 0200000008 01 00 00 07 00 00 00 0300000010 00 00 40 00 00 4a f0 b000000018 00 00 00 0e 01 00 00 0c00000020 00 00 00 00 00 4b 40 0000000028 00 40 53 40 00 00 00 0e00000030 00 00 00 00 00 00 00 0000000038 00 00 00 00 00 00 00 00
The first 64 bytes of Bear.app’s executable — cafebabe, a universal binary with two architecture slices.
what comes back
method -[SFAppDelegate setupAppTheme] 0x10005f084calls objc_opt_new → BearThemeManager -[SFAppDelegate setThemeManager:] +[SFNotesPreferenceManager sharedPreferenceManager] currentAppThemeName · loadThemeNamed:called by -[SFAppDelegate applicationWillFinishLaunching:]
One of 13,091 functions recovered — classes, selectors, and call graph intact.
Who it’s for
One engine. Four jobs.
For machines
The same analysis, one POST away.
Everything on this site is an API. Send a binary, get the report back as JSON — fast enough to sit inline in a decision.
App firewalls & EDR — allow or block with the evidence attached, before the file runs.
CI & release gates — fail the build when a new capability, a weak mitigation, or a vulnerable library appears between versions.
AI agents — an MCP server and a query DSL over 50+ fields let agents triage binaries and ask their own follow-up questions.
$ curl -F binary=@drop.bin \ https://api.openbinary.ai/api/v1/upload { "sha256": "5b65f309…", "verdict": "malicious", "capabilities": ["opens_network", "loads_code_dynamically", …], "libraries": 14, "cves": 19 }
Beyond one file
Two builds. A thousand files. Or a whole fleet of them.
Diff whole releases
Compare two builds or two entire OS releases — files added and removed, contents changed, SBOM components bumped.
FreeBSD 11.4 → 14.3 → +383 / −435 files · 61 SBOM changes
Open that diff, live →Unpack whole images
OS releases, distro images, firmware blobs — recursive unpack across 91 formats, a report for every file inside, one SBOM for the artifact.
FreeBSD · NetBSD · OpenBSD · AlmaLinux · firmware
Browse the package library →Watch your fleet
Inventory every binary across your hosts — what runs where, what changed, and which machines carry the vulnerable version.
See plans →EU Cyber Resilience Act
Know what ships in your firmware — before the EU asks.
The CRA makes binary-level transparency a legal requirement for every product with digital elements sold in the EU. Source scanners never see the shipped artifact — openbinary reads the artifact itself: unpack the image, identify every component, attach CVEs, export the machine-readable SBOM, diff it release over release.
binaries analyzed
architectures
firmware formats
CWE detection rules
Free for everyone. No account needed.
Search the corpus, drop a binary, read the full report. Pro adds private workspaces, firmware analysis, every architecture, and the API.
Static analysis — nothing ever executes · Pure-Rust engine · Built in the EU · On-prem and air-gapped deploys available