| name | id | category | description | state |
|---|
| Beatrix Simple File Input | net.sf.beatrix.module.input.file.simple | input | ...is used to specify one single input files for the detector. Where in this case "file" excludes directories, if you have to use the whole content of a directory (recursively) use "Beatrix File List Input" module. | Beatrix >= 0.1 |
| Beatrix File List Input | net.sf.beatrix.module.input.file.list | input | ... is used to specify one or more input files for the detector. Where file refers to any kind of file including directories. If a file maps to a directory the contents of that folder get included recursively. | Beatrix >= 0.1 |
| Beatrix Network Input | net.sf.beatrix.module.input.network | input | Network input based on the JNetPcap and pcap libraries | devel branch (0.2) |
| Beatrix Sploit Dump Input | net.sf.beatrix.module.extra.input.sploit.dump | input | .. utilizes the MetaSploit Framework directly from within the module using JRuby | devel branch (WiP) |
| Beatrix Sploit Dumper Input | net.sf.beatrix.module.extra.input.sploit.dumper | input | ... reads in a XML database which contains shellcode and/or exploit generated by the MetaSploit Framework. | devel branch (0.2) |
| Beatrix Disassembler Dumper | net.sf.beatrix.module.dumper.disassembler | dumper | ... is used to disassemble the given input into x86 instructions. It uses the Bastard's libdisasm library to do so and therefore the details which one is able to display refers to the structure introduced by this library. To handle potential endless streams of data, this Beatrix Dumper produces chunks of input bytes. | Beatrix >= 0.1 |
| Beatrix Byte Forwarding Dumper | net.sf.beatrix.module.dumper.forwarder | dumper | ... just forwards the given byte-stream. To handle potential endless streams of data, this Beatrix Dumper produces chunks of input bytes. | Beatrix >= 0.1 |
| Beatrix Instruction Category Extractor | net.sf.beatrix.module.extractor.instructionCategory | extractor | ... is used to categorize the disassembled instructions provided by e.g. the "Beatrix Disassembler Dumper" module. There are categories for each of the main sub groups of instrucitons: Control flow, arithmetic, logic, etc. | Beatrix >= 0.1 |
| Beatrix Dummy Extractor | net.sf.beatrix.module.extractor.dummy | extractor | This module does not do any extraction but passes through the data gained by the dumper. | Beatrix >= 0.1 |
| Beatrix Scriptable Extractor | net.sf.beatrix.module.extractor.scripting | extractor | Scripting support for Beatrix Extractor modules | devel branch (WiP) |
| Beatrix PEiD Signature Analyzer | net.sf.beatrix.module.analyzer.signature | analyzer | ... takes a PEiD UserDB file and looks for the provided signature within a byte stream. | Beatrix >= 0.1 |
| Beatrix Signature Analyzer | net.sf.beatrix.module.analyzer.signature | analyzer | ... utilizes PEiD UserDB or OpenAntiVirus.org files to look for the provided signature within a byte stream. Successor of the "Beatrix PEiD Signature Analyzer" | devel branch (0.2) |
| Beatrix Dummy Formatter | net.sf.beatrix.module.formatter.dummy | formatter | This module doesn't do any formatting but passes through the internal representation of an classification event. | Beatrix >= 0.1 |
| Beatrix Intrusion Detection Message Exchange Format (IDMEF) Formatter | net.sf.beatrix.module.formatter.idmef | formatter | ... formats the internal representation of classification events to the Intrusion Detector Message Exchange Format (IDMEF) | devel branch (WiP) |
| Beatrix Standard Output | net.sf.beatrix.module.output.std | output | ... takes a classification event and uses its build-in toString() functionality to print proper information to the standard output. | Beatrix >= 0.1 |
| Beatrix Log File Output | net.sf.beatrix.module.output.file | output | ... takes a classification event and uses its build-in toString() functionality to write proper information to the specified log file. | devel branch (0.2) |
| Beatrix Standard SWT UI Output | net.sf.beatrix.module.output.swt | output | ... takes a classification event and displays it using its build-in toString() functionality list it in a SWT GUI. | Beatrix >= 0.1 |
| Beatrix Standard Swing UI Output | net.sf.beatrix.module.output.swing | output | ... takes a classification event and displays it using its build-in toString() functionality list it in a Swing GUI. | Beatrix >= 0.1 |
