Suite Standard

Some of the file types supported by Cerbero Suite are:

APK, APNG, AXML, BMP, BZ2, CHM, CLASS, DEX, DIB, DLL, DOC, DOCX, ELF, EOT, EXE, GIF, GZIP, JAR, JPEG, JSE, LNK, LZMA, MACH-O, MSI, O, OCX, ODT, OTF, PDB, PDF, PFB, PNG, PPS, PPT, PPTX, PRX, PUFF, RAW, RTF, SO, SQLITE3, SWF, SYS, T1, T2, TIFF, TTC, TTF, VBE, WOFF, XDP, XLS, XLSX, XML, ZIP

Product information

State-of-the-art suite of tools for malware triage and file analysis. Analysis for many file formats including PE, Mach-O, ELF, Java, SWF, DEX, PDF, DOC, XLS, RTF, Zip and many more. Automatic analysis, interactive analysis, byte-code disassemblers (.NET MSIL, Java, DEX, ActionScript2/3, VBA, fonts), hex editor with layouts, JavaScript debugger, extremely rich Python3 SDK, extension support, C++/PDB structures importer, support for projects and bookmarks. Completely multi-platform (Windows, Linux, OS X). Visit our blog to see Cerbero Suite in action!

Features

This is a list of some relevant features of Cerbero Suite. Please note that it is not possible to enumerate all features because of the complexity and on-going improvement of the product.


  • Various scan modes
    • Single file scan
    • Directory scan
    • Full and custom disk scan
  • Fast multithreaded profiling
  • Automatized updates
  • Large files support
  • Identification among many other things of:
    • Embedded files
    • Personal information
    • Parsing issues
    • Possible shellcode
    • Unused, unreferenced or custom data
      • Entropic analysis of foreign data
    • Metadata
    • Scripting and bytecode
  • File format view
  • Extraction of C++ types via Clang
    • Support for all advanced C++ type features
  • Supported file formats:
    • Android Application Package (APK)
      • Binary XML converter
    • Compound File Binary Format (DOC, XLS, PPT, MSI, etc.)
      • Visual Basic Application code extraction
      • DOC safe text preview
    • Compression formats (GZIP, BZIP2, LZMA)
    • Dalvik Executable (DEX)
      • Dalvik disassembler
      • Layout ranges
    • Device Independent Bitmap (DIB, BMP)
    • Executable and Linkable Format
      • Preliminary support
    • Fonts
      • Compact Font Format (CFont)
        • Type1 and Type2 disassembler
      • Embedded Open Type (EOT)
        • TrueType converter
        • MicroType Express (cvt, hdmx, VDMX tables not rebuilded)
      • Open Type (OTF)
        • TrueType bytecode disassembler
        • Compact Font Format
      • Tag Image File Format (TIFF)
      • TrueType (SFont, TTF)
        • TrueType bytecode disassembler
      • TrueType Collection (TTC)
      • Type1 (T1, PFB)
        • Type1 disassembler
      • Web Open Font Format (WOFF)
        • TrueType converter
    • Graphics Interchange Format (GIF)
    • Info-Tech Storage Format (CHM, CHI, CHQ, CHW, etc.)
    • Java Class (CLASS)
      • Class bytecode disassembler
      • Layout ranges
    • Joint Photographic Experts Group (JPEG)
    • Mach-O (App, Kext, DyLib)
      • Universal binaries
      • Apple code signatures
      • Apple binary protection
    • Program Database (PDB)
      • Types extraction/li>
    • Portable Document Format (PDF)
      • Decryption
      • JavaScript extraction
      • Object search
    • Portable Executable (PE, EXE, DLL, SYS, OCX, etc.)
      • Analisys
      • Layout ranges
      • Embedded resources validation and analysis
      • Embedded resources preview
      • Digital certificates validation
      • Full format support
      • MSIL disassembler
    • Portable Network Graphics (PNG, APNG)
    • Rich Text Format (RTF)
      • OLE extraction
      • Safe text preview
    • Shockwave Flash (SWF)
      • ActionScript2 disassembler
      • ActionScript3 disassembler
  • SQLite3
    • Tables inspection
    • Free pages inspection
  • Windows Encoded Scripts (VBE, JSE)
  • Windows Lnk (LNK)
  • XML Data Package (XDP)
    • Embedded PDF extraction
    • JavaScript extraction
  • XML
  • Zip Archive (ZIP: covers many file extensions)
    • Decompression: Deflate, BZIP2, LZMA
    • Decryption: ZipCrypto, WinZip AES
    • Zip bomb detection
    • Incomplete archives support
  • Advanced report saving functionality:
    • Generate reports for millions of files
    • Include the scanned files into the report project itself
    • Optional compression
    • Optional symmetric encryption
  • Powerful Python 3 SDK
    • Custom scripts
    • Access to core classes
    • Access to format classes
    • Access to filters
    • User defined actions
    • Action configuration
    • Hooks
    • Key providers
    • Logic providers
    • Scan providers
    • Use of imported C++ types
    • Creation of new views
    • Output console
    • Command line
    • Capstone support
    • libmagic support
    • YARA support
  • Powerful filter technology including:
    • Conversion algorithms
    • Compression algorithms
    • Encryption algorithms
    • Cryptographic hashes
    • Disassemblers
    • Capability to apply filters to embedded files
    • Range parameters
    • Sandboxed Lua scripting
  • Plugins and actions
    • JavaScript beautifier
    • JavaScript debugger
    • Pastebin upload
    • XML indenter
    • Entropic analysis
  • Embedded file analysis
    • Custom embedded files (with optional filters)
  • Intuitive workspace
    • Advanced and customizable hex view
      • Visualization of data ranges
    • Plots and pie charts
    • Easy risk evaluation
    • Syntax highlighting
    • Media preview
    • Global and individual bookmarks
      • Analysis view jump
    • Global and individual file notes
    • Dock-based interface with navigability
  • Cryptographic hashes
  • Advanced password input dialog
  • Names unmangling
    • Visual C++
    • GCC 3 & 4
  • Tools
    • Full-fledged Hex-Editor
    • Header Manager
      • C++ types importer via Clang
      • Explorer
    • Full-fledged JavaScript debugger
  • 3rd Party Libraries
    • Capstone (including Python bindings)
    • libmagic (including Python bindings)
    • YARA (including Python bindings)
  • This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit. (http://www.openssl.org/)