Introducing Analyse It!

[Trident]

Hello,

Today I am announcing a free tool called Analyse It!
Download link fill follow very soon as I am doing the final touches.

This is the same tool I used for the McAfee test, with new and improved capabilities.

It is a small self-contained HTML file (115kb).

The tool has the following capabilities:

• It allows testers to easily test software web protection capabilities, keeping track of blocked, missed or dead links. This is suitable for testers that record videos.
• Quick parsing of large lists of URLs
• File Intelligence: Analyse It allows users to lookup files verdicts. It unifies VirusTotal*, Hybrid Analysis**, AbuseIPDB**** and Gemini APIs****
• Supports pulling of behavioural reports from VirusTotal and they are analysed by AI.
• On every VT behavioural report, you can quickly and easily check the domain/IP reputation.
• Talk to CADY: CADY is your personal malware expert and is also context-aware. You can look-up a file and then ask follow-up questions.
• Beautiful animations and frosted glass material

The tool is tested on the following browsers:

• Chrome under Mac OS - no issues
• Edge under Windows - no issues
• Chrome under Windows - no issues
• Safari under Mac OS - severe problems detected with the CORS policy

What's coming very soon: submit file to CADY for expert static analysis.

Known issues: on some occasions, the Hybrid Analysis results are not being parsed correctly/not displayed. This will be fixed in the future.

*You must register a free account with VirusTotal and get your API key. You need to paste it in settings.

VirusTotal

VirusTotal

www.virustotal.com

CORS proxy is provided in settings and must be activated. From settings, click on CORS Activation and then click on "Activate Proxy" in the website that appears.

**You need to register with Hybrid Analysis and get your API key. You need to paste it in settings.

Free Automated Malware Analysis Service - powered by Falcon Sandbox - Login

Submit malware for free analysis with Falcon Sandbox and Hybrid Analysis technology. Hybrid Analysis develops and licenses analysis tools to fight malware.

hybrid-analysis.com

***You need to register with AbuseIPDB and get your API key. You need to paste it in settings.

Login - AbuseIPDB

www.abuseipdb.com

****Use Google AI Studio to create an API key for Gemini 2.5 which is the API utilised in this project.

Sign in - Google Accounts

ALL APIs ARE FREE (as long as users stay within the reasonable limits). For example, VT offers 500 lookups a day.

THE TOOL DOES NOT COLLECT OR PROCESS ANY PERSONAL INFORMATION.

 

[Trident]

Alpha: Analyse-It-/Anlayse It_alpha.zip at main · TridentLNN/Analyse-It-

 

[RoxasDev]

Really solid work, Trident.
This is exactly the kind of lightweight and practical tool that actually brings value to testers and analysts.

The concept of unifying multiple services (VT, Hybrid Analysis, AbuseIPDB, Gemini, etc.) into a single, portable interface with user-provided API keys is super smart. Instead of juggling different dashboards, you get everything streamlined in one place — that’s actually useful for everyday analysis.

No hype, no “next-gen” buzzwords, just a clean implementation of something that makes our work faster and more consistent. Honestly, that’s way more impressive than bloated dashboards pretending to be full-blown AVs.

Kudos — this is the kind of initiative the community needs more of.

 

[Trident]

Really solid work, Trident.
This is exactly the kind of lightweight and practical tool that actually brings value to testers and analysts.

The concept of unifying multiple services (VT, Hybrid Analysis, AbuseIPDB, Gemini, etc.) into a single, portable interface with user-provided API keys is super smart. Instead of juggling different dashboards, you get everything streamlined in one place — that’s actually useful for everyday analysis.

No hype, no “next-gen” buzzwords, just a clean implementation of something that makes our work faster and more consistent. Honestly, that’s way more impressive than bloated dashboards pretending to be full-blown AVs.

Kudos — this is the kind of initiative the community needs more of.

Thank you, that’s very kind and encouraging.

This is the initial phase, I am reading the API guides to figure out how I can add upload to these services (VT, Hybrid Analysis) directly from the dashboard. So the overall combination of behavioural report in multiple VT sandboxes, Hybrid Analysis sandbox, domain/IP intelligence and Gemini can help produce a more reliable analysis…

The way I see it implemented:
1. User will select a file
2. File is uploaded to VT and Hybrid Analysis… not sure if these APIs can return a response when analysis is done, if they can, it will be implemented. If not, user will have to check back again in 10-15 min.
3. Once these analysis are done, the results and the file itself (if possible) are submitted to Gemini for a third expert opinion.
4. On the UI, an analysis queue will have to be implemented to facilitate this feature.

This could be really useful.

 

[Adrian Ścibor]

A very cool solution for those just starting out with testing. Automation is something that makes work easier!

 

[Trident]

A very cool solution for those just starting out with testing. Automation is something that makes work easier!

Yes, it could be useful to see what exactly the file is doing, understand if it’s a false positive, if there are VM evasions (and the process just terminated on you) you will know why… and then you can ask AI why certain actions are being performed… over time as users ask, they’ll learn.

And it makes the whole process a bit less boring with less clicks…

 

[Mops21]

Hi @Trident

Will you make an Installer for this please

Mops21

 

[Trident]

Hi @Trident

Will you make an Installer for this please

Mops21

For now it is a single HTML file, you just double click to open in browser and it’s all ready to be used. It remembers the API keys (browser storage) and there is import/export so you don’t have to go harvest them again and again.

Installation won’t really be necessary, but who knows what features it could have.

But because it is based on react, it feels just like an application.

 

[Mops21]

For now it is a single HTML file, you just double click to open in browser and it’s all ready to be used. It remembers the API keys (browser storage) and there is import/export so you don’t have to go harvest them again and again.

Installation won’t really be necessary, but who knows what features it could have.

But because it is based on react, it feels just like an application.

Hi @Trident

Thank you very much for your infos

Need I this api file. I did not have this and did not register on the site

Mops21

 

[Trident]

The first update will be delivered in few days and will be a big one.

Features that will be added:

VirusTotal engine number: engine quality (interpretation) heuristic. This relies on proprietary formula that assigns different weight to different engines.

VirusTotal deduplication: detections that have the same name (substring of another detection) will be hidden. E.g no need to see Vipre when it will be the same detection as Bitdefender.

Behavioural report will no longer be one dump (long report) but will be divided in different categories

Behavioural Graph provides visual overview of the malware actions

Behavioural report allows PDF generation and export

IoC manager allows users to add domain, file hash and so on as an IoC. The list of IoCs can then be exported. Accumulating IoCs from multiple malware samples is possible, to facilitate threat hunting.

Mitre Att&CK matrix no longer displayed as a table, but as a proper matrix

AI analysis and CADY support 3 different response type/lengths: short, medium, expert.

UI and settings enhancements

 

[Trident]

AI analysis is automatically triggered in this case. Just to clarify, Kaspersky is placed as top tier, the rest is placed as mid-tier/untrusted.

 

[Trident]

Improvements to the analysis flow, as I keep tweaking formulas:
Performance and security improvements

Introduced origin selection

Introduced Overall Threat Factor and age/timestamp/first seen heuristics

Introduced behavioural scoring

Introduced PDF report

Improved settings

 

[simmerskool]

great feature, thanks for taking the time to do this. It would be helpful (for me) if when you make a new post about it, you included the link again (& again...)

 

[Trident]

great feature, thanks for taking the time to do this. It would be helpful (for me) if when you make a new post about it, you included the link again (& again...)

Will do, thanks for your feedback, there are some more features to come.

 

[Miravi]

You really achieved a sleek experience. I like the choice of IBM Plex Sans, by the way. Sturdy, remarkably legible, and fits the vibe.

 

[Trident]

You really achieved a sleek experience. I like the choice of IBM Plex Sans, by the way. Sturdy, remarkably legible, and fits the vibe.

It’s one of my favourite fonts, very aesthetic, clean, at the same time not boring. Serious, but not extremely corporate. The whole UI attempts to escape from the highly corporate vibe but without looking unprofessional.

 

[Trident]

Just wanna let you know guys that I've set up the architecture for the project to be online - as a webpage. No downloads will be needed when the project is finalised.

Analyse It!

 

[stonjean633]

Just wanna let you know guys that I've set up the architecture for the project to be online - as a webpage. No downloads will be needed when the project is finalised.

Analyse It!

Also add the max file limit for analysis for those who are unaware of the VT/HA max size. Seems to be a promising project thou!

 

[Trident]

Also add the max file limit for analysis for those who are unaware of the VT/HA max size. Seems to be a promising project thou!

I am working on a help page. It will be integrated soon.

 

[Fan-of-spyshelter]

Good job
I assume we’re not just talking about an Hashing overlay here too

To really make this official, you need to be an authorized partner to access their private APIs and be allowed to integrate their tools into the website you own dear expert.

Please provide confirmation — normally shown as a clickable partner logo on your site — if you want to concretize your project.
• VirusTotal: the API can not be used as a substitute for antivirus products
• Hybrid Analysis: 15-day free trial only with a free account
• MITRE ATT&CK: allowed as long as you reproduce their name AND license notice