capa Explorer Web: A Web-Based Tool for Program Capability Analysis

The capa Explorer Web is a new browser-based tool developed by Mandiant's FLARE team to visualize the capabilities identified by capa, a reverse engineering tool that automates the identification of program capabilities. This tool provides an intuitive and interactive way to visualize capa analysis results, allowing users to sort, search, and filter rule match details. capa Explorer Web supports loading capa result documents from local JSON files and does not require any data transfer to a server. The tool offers different views, including a table view showing rule match details, a function-centric view for static analysis, and a process-tree view for dynamic analysis results. capa Explorer Web is accessible online and can be downloaded for offline use. It has been integrated with VirusTotal, enabling users to explore capa results directly from the platform with a premium subscription. Future enhancements include improving the process tree view and adding views for extracted indicators of compromise.