One Tool to Rule Them All: File Metadata & Static Analysis for Malware Analysts and SOC Teams

A Python CLI tool for static file analysis targeting malware analysts, digital forensics practitioners, and SOC engineers. It extracts multi-algorithm hashes (MD5 through SHA-512, plus optional ssdeep/tlsh), detects file types via 60+ magic numbers, and parses PE/ELF/Mach-O metadata including timestamps, imphash, entry points, packing heuristics, and digital signatures — all without executing or decompiling the file. A `--full` flag adds byte-level stats, per-block entropy maps, hex dumps, string pattern extraction (URLs, IPs, registry keys), and deep format-specific analysis. Output is available as human-readable tables, JSON, or CSV for automation and SIEM integration. The tool also includes a MalwareBazaar integration script to download real samples by SHA256 or tag and compare analysis results against threat intel feeds.