8000
Skip to content

elementmerc/anya

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

175 Commits
.cargo
.cargo
 
 
.choco
.choco
 
 
.githooks
.githooks
 
 
.github
.github
 
 
.rpm
.rpm
 
 
anya-stubs
anya-stubs
 
 
benches
benches
 
 
debian
debian
 
 
docker
docker
 
 
docs
docs
 
 
e2e
e2e
 
 
examples
examples
 
 
scripts
scripts
 
 
src-tauri
src-tauri
 
 
src
src
 
 
tests
tests
 
 
ui
ui
 
 
.dockerignore
.dockerignore
 
 
.gitignore
.gitignore
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
Cargo.lock
Cargo.lock
 
 
Cargo.toml
Cargo.toml
 
 
Dockerfile
Dockerfile
 
 
LICENSE.TXT
LICENSE.TXT
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
SECURITY.md
SECURITY.md
 
 
build.rs
build.rs
 
 
components.json
components.json
 
 
docker-compose.yml
docker-compose.yml
 
 
icon.svg
icon.svg
 
 
index.html
index.html
 
 
install.sh
install.sh
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 
postcss.config.cjs
postcss.config.cjs
 
 
tailwind.config.js
tailwind.config.js
 
 
tsconfig.json
tsconfig.json
 
 
vite.config.ts
vite.config.ts
 
 
vitest.config.ts
vitest.config.ts
 
 

Repository files navigation

Anya logo

Anya

Fast, offline static malware analysis platform

CI Release AGPL-3.0 | Commercial Platform

Any file, 24+ deep parsers 75% heuristic, 100% with KSD on calibration set Zero network calls MITRE ATT&CK

Anya GUI demo

Anya analyses files without executing them. Drop a PE, ELF, Mach-O, PDF, Office doc, script, archive, disk image, or any of 24+ supported formats onto the GUI, or pipe files through the CLI. Get hashes, entropy, imports, sections, IOC indicators, MITRE ATT&CK mappings, known malware family matching, a confidence-scored verdict, and a risk score. 250+ files per minute, entirely offline.

Anya (AHN-yah) means "eye" in Igbo.

Install

Download from GitHub Releases →

Platform GUI CLI
Windows .exe installer (NSIS) .zip
macOS .dmg (Intel + Apple Silicon) Universal binary (.tar.gz)
Linux .AppImage / .deb / .rpm Static musl binary (.tar.gz)

Also available on SourceForge.

# One-liner install (prompts for CLI, GUI, or both)
curl -fsSL https://raw.githubusercontent.com/elementmerc/anya/main/install.sh | bash
# Docker
docker run --rm -v "$(pwd)/samples:/samples:ro" elementmerc/anya:latest --file /samples/malware.exe --json

Warning

Seriously, just use the installer or grab a release. The source is here for transparency, not for building. If you clone and cargo build anyway — well, don't say I didn't warn you.

CLI

anya --file suspicious.exe                    # Analyse a file
anya --file suspicious.exe --json             # JSON output
anya --file suspicious.exe --explain          # Verdict + explanations
anya --directory ./samples --recursive        # Batch scan with progress bar
anya --file suspicious.exe --case nightfall   # Save to investigation case
anya --file suspicious.exe --format html --output report.html

Full flag reference: anya --help

GUI

Drag a file or folder onto the window, or use the + button.

  • Overview — risk score, hashes, verdict, notes
  • Entropy — section chart, byte histogram, flatness
  • Imports — DLL tree with inline explanations
  • Sections — permissions, entropy, characteristics
  • Strings — extracted strings with IOC classification
  • Security — ASLR, DEP, Authenticode, toolchain, certificates
  • Format — deep analysis for 24+ file types
  • MITRE — mapped techniques with tactic grouping
  • Graph — evidence web (single file) or relationship graph (batch)

Batch mode: drop a folder to scan everything. Searchable sidebar, interactive relationship graph.

Teacher Mode: toggle in Settings for contextual explanations on every finding.

Why Anya?

Anya VirusTotal PEStudio CAPA DIE
Offline / no upload
Formats Any file (24+ deep) Many PE only PE/ELF PE/ELF/Mach-O
Heuristic verdict Aggregates
MITRE ATT&CK Partial
YARA scanning ✓ (cloud)
GUI + CLI Both Browser GUI only CLI only Both
Batch analysis API Scriptable Scriptable
IOC extraction
Case management
Cross-platform Web Windows
Price Free / Commercial Free / $10K+ Free / €200+ Free Free

Calibration

Anya's scoring engine is calibrated against real malware and benign samples. Every release is tested before shipping.

xychart-beta
    title "Detection & False Positive Rate"
    x-axis ["v1.0", "v1.1", "v1.2", "v2.0", "v2.0.3", "v2.0.4"]
    y-axis "%" 0 --> 100
    line "Detection" [73.0, 82.0, 87.5, 99.9, 99.9, 100.0]
    line "FP rate (x10)" [27.0, 15.0, 3.0, 1.0, 0.1, 0.0]
Loading

FP rate scaled 10x for visibility on the same axis.

Version Malware Benign Total Heuristic Combined FP Rate
v2.0.4 ~37,800 ~11,700 ~49,500 75.4% 100.0% 0.000%
v2.0.3 ~9,100 ~11,300 ~21,700 99.9% 0.009%

Reading the two detection columns. The heuristic column is Anya's pure static-analysis scorer on each sample, with the Known Sample Database turned off — this is the honest "cold start" number you should expect on a fresh binary that has never been seen before. The combined column is heuristic plus the Known Sample Database matcher, which recognises samples by TLSH similarity against a locally-bundled catalogue. On the calibration dataset every malware sample resolves at TLSH distance zero against its own entry in the catalogue, so the combined column is the expected ceiling on known samples.

Verify independently: anya benchmark ./your-samples/ --ground-truth malware --json

Docs

Licence

AGPL-3.0-or-later. See LICENSE.TXT.

Commercial licensing: daniel@themalwarefiles.com

About

A malware analysis platform built in Rust

Topics

rust security privacy offline static-analysis incident-response reverse-engineering malware forensics cybersecurity infosec malware-analysis binary-analysis threat-intelligence tauri mitre-attack threat-detection pe-analysis ioc-detection elf-analysis

Resources

Readme

License

AGPL-3.0 license

Contributing

Contributing

Security policy

Security policy
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

507B Releases 7

Anya v2.0.4 Latest
Apr 14, 2026
+ 6 releases

Contributors

Languages
0