The Complete
Security Analysis Suite
NiTools, NiWeb, and NiHooks — three mission-critical tools for static binary analysis, web reconnaissance, and dynamic process monitoring. Self-hosted, no API keys, real results.
Deep dive into binary files without execution. Extract strings, analyze PE headers, detect cryptography, and disassemble code — all in your browser.
- PE Header & Sections
- X86/X64 Disassembly
- String Extraction
- Crypto Detection (30+)
- Import/Export Tables
- Entropy Analysis
Real DNS lookups, subdomain enumeration via Certificate Transparency, WHOIS/RDAP, SSL inspection, and HTTP header security auditing — all proxied through our backend.
- Real DNS (DoH)
- Subdomain Enum (CT)
- WHOIS / RDAP
- SSL Certificate
- Header Security Audit
- 25+ Recon Tools
Monitor and manipulate running processes in real-time. Install hooks, intercept API calls, scan memory, and observe behavior as it executes. Windows desktop application.
- Process Attachment
- Function Hooking
- API Monitoring
- Memory Scanning
- IAT/EAT/Inline Hooks
- Live Statistics
How We Stack Up
// Professional-grade tools competing with industry leaders
vs Ghidra & IDA Pro
Static AnalysisThe gold standard in reverse engineering
- ✓ Instant Access: Runs in browser — no install, no Java, no setup
- ✓ Modern UI: Purpose-built dark interface vs legacy tools from the 2000s
- ✓ Free: NiTools is free — IDA Pro starts at $1,879+
- ✓ Privacy First: Client-side only — files never leave your machine
- ✗ Ghidra and IDA have more advanced decompilation (on our roadmap)
vs PE-bear & CFF Explorer
PE AnalysisDedicated PE file analyzers
- ✓ More Features: Crypto detection, entropy analysis, MITRE ATT&CK mapping built in
- ✓ Better Search: Advanced filtering and pagination across all views
- ✓ No Download: Works in any modern browser, no install required
- ✓ Actively Maintained: Regular updates vs abandoned or infrequent tools
- ✓ All-in-One: 25+ modules vs single-purpose tooling
vs x64dbg & WinDbg
DebuggingPopular Windows debuggers
- ✓ Zero Setup: No debugger install, no admin rights, no risk
- ✓ Safe Analysis: Static analysis catches threats before execution
- ✓ MITRE ATT&CK: Auto-mapped technique coverage vs manual research
- ✓ NiHooks: Our runtime counterpart for dynamic hooking when you need it
- ✗ Full debuggers provide step-through execution and live register inspection
vs VirusTotal / Online Scanners
File ScanningCloud-based AV scanning platforms
- ✓ True Privacy: Files NEVER leave your browser — nothing is uploaded
- ✓ Deep Analysis: Full structural analysis vs signature matching only
- ✓ Offline Capable: Works without internet once the page loads
- ✓ No Rate Limits: Analyze as many files as you want, instantly
- ✗ VirusTotal has 70+ AV engine signatures we don't replicate
// Feature Comparison Matrix
| Feature | NiTools | NiHooks | Ghidra | IDA Pro | PE-bear | VirusTotal |
|---|---|---|---|---|---|---|
| Price | ✓ Free | ~ Licensed | ✓ Free | ✗ $1,879+ | ✓ Free | ✓ Free |
| Installation | ✓ None | ✗ Yes (Win) | ✗ Yes + Java | ✗ Yes | ✗ Yes | ✓ Web |
| Privacy (no upload) | ✓ Client-side | ✓ Local | ✓ Local | ✓ Local | ✓ Local | ✗ Uploads file |
| PE Analysis | ✓ Full | ✓ Runtime | ✓ Full | ✓ Full | ~ Basic | ✗ No |
| Disassembly | ✓ Yes | ✓ Live view | ✓ Advanced | ✓ Best-in-class | ✗ No | ✗ No |
| Crypto Detection | ✓ 30+ algos | ✓ Memory scan | ~ Limited | ~ Plugins | ✗ No | ✗ No |
| Entropy Analysis | ✓ Yes | ✓ Yes | ✓ Yes | ✓ Yes | ✗ No | ✗ No |
| MITRE ATT&CK | ✓ Auto-mapped | ✓ Runtime map | ✗ Manual | ✗ Manual | ✗ No | ✗ No |
| Runtime Hooking | ✗ No | ✓ Advanced | ✗ No | ~ Plugins | ✗ No | ✗ No |
| Learning Curve | ✓ Easy | ~ Medium | ✗ Steep | ✗ Steep | ~ Medium | ✓ Easy |
When to Use Each Tool
// Decision matrix for operational context selection
Use NiTools When:
Analyzing unknown binaries safely without execution · Performing initial recon on malware samples · Extracting hardcoded strings · Understanding program structure · Detecting packed or obfuscated code
Use NiWeb When:
Auditing a domain's security posture · Enumerating subdomains via CT logs · Inspecting SSL/TLS configuration · Checking DNS records and DMARC · Verifying security headers are set
Use NiHooks When:
Debugging running applications · Monitoring API calls in real-time · Modifying program execution flow · Analyzing anti-debugging techniques · Testing software security dynamically
Best Together:
Use NiWeb to audit the target's domain infrastructure, NiTools for static binary analysis, then NiHooks for dynamic runtime inspection. Full-spectrum coverage.