This is a tool that inspects files of any kind without executing them and performs static analysis to identify potentially suspicious characteristics.
The concepts behind it are hashing, entropy checks, metadata extraction, signature matching and heuristic scoring, these ideas have been around for years.
I just wanted to build my own version from scratch, understand each concept while building it, and end up with something of my own that I'd actually use myself, so I built Hexora.
It doesn't run binaries. It doesn't emulate malware. It just reads bytes, fingerprints the file, extracts whatever metadata it can, looks for suspicious patterns, and tries to answer one question:
"Does this deserve a closer look?"
- Computes
SHA-256,SHA-1andMD5hashes - Detects file types using
signaturesinstead ofextensions - Extracts
metadatafrom common formats - Calculates
entropyand runs a simpleheuristicrisk engine - Looks for suspicious
strings,URLsandIP addresses - Generates a detailed report
Everything is static analysis. Nothing gets executed.
Uploaded files are isolated by browser session.
You can just use the hosted version: Hexora
If you'd rather run it yourself:
git clone https://github.com/Shaivarth/Hexora.git
cd Hexora
docker compose up --buildOr without Docker:
cd backend
python3 -m venv .venv
# macOS / Linux
source .venv/bin/activate
# Windows (PowerShell)
.venv\Scripts\Activate.ps1
pip install -r requirements.txt
uvicorn app.main:app --reloadThen open http://localhost:8000.
FastAPI, SQLAlchemy, SQLite, HTML/CSS/JS, Docker
Hexora is a triage tool.
A high score doesn't prove something is malicious. A low score doesn't prove it's safe.
The idea is to give a clearer starting point to decide where to focus or how to move ahead.
MIT.