WASMShark
Getting Started
Installation
Requirements
Step 1 — Clone and Setup
Step 2 — Python Dependencies
Step 3 — eBPF Runtime Monitor
Step 4 — Wasabi Dynamic Instrumentation
Step 5 — Node.js and long.js
Step 6 — wasmtime (for eBPF demos)
Step 7 — Graphviz (for CFG visualization)
Step 8 — Generate Test Samples
Verify Installation
Quick Start
Basic Scan
Full Analysis
Static + Dynamic Analysis
View Dynamic CFG
Directory Scan with CSV
Diff Two Samples
eBPF Runtime Monitor
W+X Memory Detection
Watch Mode
Analysis Modules
Static Analysis
Binary Parser
Disassembler
Per-Function Metrics
CFG Builder
Taint Analysis
Entropy Analysis
Crypto Constant Detection
Scoring Engine
Import Fingerprinting (Imphash)
Dynamic Analysis (Wasabi)
How It Works
Runtime Metrics Collected
Static ↔ Dynamic Correlations
Example Output
State Machine Extraction
Dynamic CFG Reconstruction
CFG Node Colors
Supported Samples
eBPF Runtime Monitor
How It Works
Basic Usage
Alert Levels
W+X Memory Detection Demo
Command Line Options
Runtime Report Fields
Threat Score Calculation
CFG Analysis
Algorithms
Lengauer-Tarjan Dominance Tree
Tarjan’s SCC Algorithm
Natural Loop Detection
Irreducible CFG Detection
Path Count Estimation
CFG Fingerprinting
Running CFG Analysis
Anomaly Detection
Module Overview Export
Detection
Detection Rules
Rule Format
Severity Levels
Available Conditions
Rule Files
Notable Rules
Writing Custom Rules
Plugins
Built-in Plugins
plugin_call_graph
plugin_cfg_anomaly
plugin_cfg_advanced
plugin_complexity_analyzer
plugin_memory_safety
plugin_memory_behavior
plugin_opcode_anomaly
plugin_string_deobfuscator
Running Plugins
Writing Custom Plugins
Reference
CLI Reference
Arguments
Output Options
Analysis Options
Batch Operations
Examples
Watch Mode
eBPF Monitor
Output Formats
HTML Report
JSON Report
SARIF Report
CSV Report
Dynamic CFG DOT
Architecture
Module Map
Data Flow
Plugin Interface
Rule Engine
WASMShark
Index
Index