Ni
NiTools
Sign In
8.0
Static Binary Analysis Platform

Analyze Any Binary
Without Execution

PE header parsing, x86/x64 disassembly, entropy analysis, MITRE ATT&CK mapping, and cryptographic constant detection — all running client-side in your browser. No upload, no server, no risk.

Sign In with Discord Try as Guest (3 scans)

GUEST: 3 free analyses  •  REGISTERED + APPROVED: unlimited  •  Sign in for full access

Core Analysis Modules

Client-Side
pe-parser

PE Header Analysis

Full parsing of DOS/NT headers, section table, data directories, import & export tables, and resource hierarchy.

IN-BROWSER
disasm

x86 / x64 Disassembly

Recursive descent disassembler with instruction decoding, jump resolution, and function boundary detection.

IN-BROWSER
entropy

Entropy Analysis

Per-section Shannon entropy graphed with packed/encrypted region detection and compression likelihood scoring.

IN-BROWSER
strings

String Extraction

ASCII and UTF-16 string extraction with IOC classification — URLs, IPs, registry paths, file paths, and credentials.

IN-BROWSER
crypto

Crypto Constant Detection

Identifies 30+ cryptographic algorithm signatures — AES, RC4, ChaCha20, MD5, SHA families, and custom constants.

IN-BROWSER
mitre

MITRE ATT&CK Mapping

Heuristic mapping of detected behaviors to ATT&CK technique IDs with tactic classification and confidence scoring.

IN-BROWSER

All Analysis Capabilities

15+ Modules

All analysis runs entirely in your browser. Your binary never leaves your machine.

01 — pe-header
PE Headers
CLIENT

DOS stub, NT headers, COFF characteristics

02 — sections
Section Table
CLIENT

Section names, RVAs, sizes, and flags

03 — imports
Import Table
CLIENT

All imported DLLs and function thunks

04 — exports
Export Table
CLIENT

Exported symbols, ordinals, and addresses

05 — disasm
Disassembler
CLIENT

x86/x64 with jump targets and call graph

06 — entropy
Entropy Graph
CLIENT

Per-section Shannon entropy visualization

07 — strings
String Extractor
CLIENT

ASCII + UTF-16 with IOC tagging

08 — crypto
Crypto Detection
CLIENT

30+ algorithm constant signatures

09 — mitre
MITRE ATT&CK
INTEL

Behavior-to-technique heuristic mapping

10 — hashes
File Hashes
CLIENT

MD5, SHA-1, SHA-256 computed in-browser

11 — resources
Resources
CLIENT

Embedded resource tree and type classification

12 — packer
Packer Detection
CLIENT

UPX, MPRESS, and common protector signatures

What NiTools Detects

27+ Families

YARA-style rule engine with cryptographic constant signatures and behavioral pattern matching across 27+ malware families.

Ransomware
Encryption
LockBit, BlackCat, Cl0p, Hive, Conti, Ryuk patterns
RATs & Backdoors
Persistence
Remote access tool signatures and C2 strings
Stealers
Exfiltration
Raccoon, Vidar, RedLine credential thief patterns
Cryptominers
Resource Abuse
XMRig strings, mining pool URLs, pool config patterns
Packers
Evasion
UPX, MPRESS, Themida, and custom packer signatures
Crypto Constants
Algorithm
AES, RC4, ChaCha20, MD5, SHA-1, SHA-256, SHA-512
Offensive Tools
Red Team
Cobalt Strike, Metasploit, Mimikatz artifacts
Banking Trojans
Financial
Dridex, Zeus, Emotet loader pattern detection

FAQ

Common Questions
Never. All analysis — PE parsing, disassembly, entropy calculation, string extraction — runs entirely inside your browser using WebAssembly and JavaScript. Your binary never leaves your machine. Not even a hash is sent.
NiTools fully supports Windows PE32 and PE32+ executables (.exe, .dll, .sys, .drv). Any file can be loaded for string extraction and entropy analysis. The disassembler works on any x86/x64 code section regardless of container format.
NiTools uses a heuristic rule engine that correlates detected indicators — suspicious API imports, crypto constants, obfuscated strings, packer signatures — to ATT&CK technique IDs. Each mapping includes a confidence score and the contributing evidence. No AI or cloud lookup is involved.
No. Guest access gives you 3 free analyses per session without any login. Signing in with Discord and getting approved removes all limits and saves your analysis history. There is no paid tier for NiTools — it's free for approved members.
Yes — and it's safer than most alternatives. Since analysis is 100% client-side, malware cannot execute through the browser. You can safely analyze live ransomware, RATs, or wipers without risking infection. For behavioral analysis of live samples, pair with NiHooks.
Initialize Access

Ready to Start?

Sign in with Discord for full access, or try NiTools as a guest with 3 free analyses. No email required — Discord OAuth only.

Sign In with Discord

or try as guest — 3 free analyses, no account needed

How We Stack Up

vs Industry

Professional-grade analysis that competes with industry leaders — running entirely in your browser.

vs Ghidra & IDA Pro
Static Analysis
  • Faster Setup: Runs instantly in browser, no installation or Java required
  • Modern UI: Glassmorphic dark interface vs legacy tools from the 2000s
  • Free: NiTools is free, no limitations (IDA Pro costs $1,879+)
  • Privacy First: Everything runs client-side, no files uploaded, no telemetry
  • Ghidra/IDA have more advanced decompilation (coming soon)
vs PE-bear & CFF Explorer
PE Analysis
  • More Features: Crypto detection, entropy analysis, MITRE ATT&CK mapping
  • Better Search: Advanced string filtering and pagination across all views
  • Instant Access: No download, runs in any modern browser
  • Actively Maintained: Regular updates vs abandoned or infrequent tools
  • All-in-One: 20+ analysis modules vs single-purpose tools
vs x64dbg & WinDbg
Debugging
  • Zero Setup: No debugger to install, no admin rights required
  • Static Focus: Pre-execution analysis catches threats before they run
  • MITRE ATT&CK: Automated technique mapping vs manual research
  • Better for Analysts: Purpose-built for malware triage workflows
  • Full debuggers offer step-through execution and live register inspection
vs VirusTotal / Online Scanners
File Scanning
  • Privacy: Files NEVER leave your browser — nothing uploaded
  • Deep Analysis: Full structural analysis vs signature-only scanning
  • Offline Use: Works without internet after page loads
  • No Rate Limits: Scan as many files as you want
  • VirusTotal has 70+ AV engine signatures we don’t
Feature Matrix
Feature NiTools Ghidra IDA Pro PE-bear VirusTotal
Price Free Free $1,879+ Free Free
Installation None (browser) Yes + Java Yes Yes Web
Modern UI Yes ~ Basic ~ Basic ~ Dated Yes
PE Analysis Full Full Full Basic No
Disassembly Yes Advanced Best No No
Crypto Detection 30+ algos ~ Limited ~ Plugins No No
Entropy Analysis Yes Yes Yes No No
MITRE ATT&CK Auto-mapped Manual Manual No No
Privacy (no upload) Client-side Local Local Local Uploads
Learning Curve Easy Steep Steep ~ Medium Easy