The Binary Vulnerability Analysis tool is an AI-powered scanner designed to detect vulnerabilities in binary files. Users can upload a binary file to the tool, which will then perform a series of analyses against a vast database of more than 20,000 historical vulnerabilities. The analysis process may take a few minutes, depending on the size of the file.The tool follows a specific sequence of steps for analysis. First, it decompiles the executable file using Ghidra, a popular reverse engineering software. It then removes filler content, cleans and formats the code, and deduces Windows symbols and inline function calls.Next, the tool generates function-wise embeddings using a finetuned CodeT5+Embedding model, which has been trained on the Big Clone Bench and CodeSearchNet datasets. These embeddings allow for better understanding and representation of the code.To identify potential vulnerabilities, the tool checks for similarities against the DiverseVul dataset, which is a collection of known vulnerabilities. Additionally, it leverages SemGrep, a tool powered by rules, to perform further vulnerability checks.Overall, the Binary Vulnerability Analysis tool offers a comprehensive approach to identifying vulnerabilities in binary files. By utilizing AI algorithms and a vast database of vulnerabilities, it provides users with an efficient and reliable method for assessing the security of their binaries.
