WASMShark

Getting Started

  • Installation
    • Requirements
    • Step 1 — Clone and Setup
    • Step 2 — Python Dependencies
    • Step 3 — eBPF Runtime Monitor
    • Step 4 — Wasabi Dynamic Instrumentation
    • Step 5 — Node.js and long.js
    • Step 6 — wasmtime (for eBPF demos)
    • Step 7 — Graphviz (for CFG visualization)
    • Step 8 — Generate Test Samples
    • Verify Installation
  • Quick Start
    • Basic Scan
    • Full Analysis
    • Static + Dynamic Analysis
    • View Dynamic CFG
    • Directory Scan with CSV
    • Diff Two Samples
    • eBPF Runtime Monitor
    • W+X Memory Detection
    • Watch Mode

Analysis Modules

  • Static Analysis
    • Binary Parser
    • Disassembler
      • Per-Function Metrics
    • CFG Builder
    • Taint Analysis
    • Entropy Analysis
    • Crypto Constant Detection
    • Scoring Engine
    • Import Fingerprinting (Imphash)
  • Dynamic Analysis (Wasabi)
    • How It Works
    • Runtime Metrics Collected
    • Static ↔ Dynamic Correlations
    • Example Output
    • State Machine Extraction
    • Dynamic CFG Reconstruction
      • CFG Node Colors
    • Supported Samples
  • eBPF Runtime Monitor
    • How It Works
    • Basic Usage
    • Alert Levels
    • W+X Memory Detection Demo
    • Command Line Options
    • Runtime Report Fields
    • Threat Score Calculation
  • CFG Analysis
    • Algorithms
      • Lengauer-Tarjan Dominance Tree
      • Tarjan’s SCC Algorithm
      • Natural Loop Detection
      • Irreducible CFG Detection
      • Path Count Estimation
      • CFG Fingerprinting
    • Running CFG Analysis
    • Anomaly Detection
    • Module Overview Export

Detection

  • Detection Rules
    • Rule Format
      • Severity Levels
    • Available Conditions
    • Rule Files
    • Notable Rules
    • Writing Custom Rules
  • Plugins
    • Built-in Plugins
      • plugin_call_graph
      • plugin_cfg_anomaly
      • plugin_cfg_advanced
      • plugin_complexity_analyzer
      • plugin_memory_safety
      • plugin_memory_behavior
      • plugin_opcode_anomaly
      • plugin_string_deobfuscator
    • Running Plugins
    • Writing Custom Plugins

Reference

  • CLI Reference
    • Arguments
    • Output Options
    • Analysis Options
    • Batch Operations
    • Examples
    • Watch Mode
    • eBPF Monitor
  • Output Formats
    • HTML Report
    • JSON Report
    • SARIF Report
    • CSV Report
    • Dynamic CFG DOT
  • Architecture
    • Module Map
    • Data Flow
    • Plugin Interface
    • Rule Engine
WASMShark
  • Search

© Copyright 2025, WASMShark | Designed by Dhruthan

Built with Sphinx using a theme provided by Read the Docs.