Product
Introducing Socket Fix for Safe, Automated Dependency Upgrades
Automatically fix and test dependency updates with socket fix—a new CLI tool that turns CVE alerts into safe, automated upgrades.
By John-David Dalton - Apr 25, 2025
📅 You're Invited: Meet the Socket team at RSAC (April 28 – May 1).RSVP →
bintropy
Analysis tool for estimating the likelihood that a binary contains compressed or encrypted bytes
- Maintainers
- 1
Bintropy 
Detect packers on PE/ELF/Mach-O files using entropy.
This tool is an implementation in Python of Bintropy, an analysis tool presented in this paper in the scope of packing detection based on entropy. It implements both modes of operation and an additional one, respectively on the entire binary, per section or per segment. It uses the entropy values mentioned in the paper for deciding whether the binary contains compressed/encrypted bytes.
It relies on lief for abstracting either PE, ELF or Mach-O executables. This tool thus supports these three formats.
$ pip install bintropy
$ bintropy --help
Modes of operation
Use the -m/--mode option.
0: full binary (default)1: per section2: per segment
Note that mode 2 will logically give results very similar to mode 0.
$ bintropy binary
<<< boolean >>>
$ bintropy binary --dot-not-decide
<<< highest block entropy, average block entropy >>>
$ bintropy binary --mode [1|2]
<<< boolean >>>
$ bintropy binary -m [1|2] --do-not-decide
<<< highest block entropy, average block entropy >>>
Benchmarking
Use the -b/--benchmark option to get one more value, the processing time in seconds.
$ bintropy binary -b
<<< boolean, processing time >>>
$ bintropy binary -b --do-not-decide
<<< highest block entropy, average block entropy, processing time >>>
Overriding default entropy values
The reference paper uses 6.677 for the average block entropy and 7.199 for the highest block entropy (obtained by analyzing a dataset of PE files and using the first mode of operation). These values can be overriden with the dedicated options.
$ bintropy binary --threshold-average-entropy 5.678 --threshold-highest-entropy 6.789
[...]
Plotting
This tool features plot generation for drawing binary's sections and the entropy within.
$ bintropy binary --plot
<<< boolean >>>
Example of generated figures:
Related Projects
You may also like these:
- Awesome Executable Packing: A curated list of awesome resources related to executable packing.
- Dataset of packed ELF files: Dataset of ELF samples packed with many different packers.
- Dataset of packed PE files: Dataset of PE samples packed with many different packers (fork of this repository).
- Docker Packing Box: Docker image gathering packers and tools for making datasets of packed executables.
- DSFF: Library implementing the DataSet File Format (DSFF).
- PEiD: Python implementation of the well-known Packed Executable iDentifier (PEiD).
- PyPackerDetect: Packing detection tool for PE files (fork of this repository).
- REMINDer: Packing detector using a simple heuristic (inspired from this paper).
FAQs
Analysis tool for estimating the likelihood that a binary contains compressed or encrypted bytes
We found that bintropy demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
CISA Rebuffs Funding Concerns as CVE Foundation Draws Criticism
CISA denies CVE funding issues amid backlash over a new CVE foundation formed by board members, raising concerns about transparency and program governance.
By Sarah Gooding - Apr 24, 2025
Product
Introducing Historical Analytics – Now in Beta
We’re excited to announce a powerful new capability in Socket: historical data and enhanced analytics.
By Phil Gates-Idem - Apr 24, 2025