Ligand.

Ligand is a terminal-based intelligence tool focused on binary inspection, system analysis, and live network observation. It is designed for reverse engineering, security research, and low-level inspection tasks.

Features
$ ligand scan payload.bin
ELF parsed successfully
Detected capabilities: network, command execution
Packet capture enabled on active interfaces
Analysis complete

Capabilities

Binary Inspection

ELF parsing, string extraction, symbol inspection, and x86-64 disassembly.

Behavior Inference

Static capability detection based on embedded strings and execution indicators.

Network Monitoring

Live packet capture across multiple interfaces with protocol awareness.

Terminal Interface

High-performance TUI built for keyboard-driven workflows.

Rust-Based

Memory-safe implementation focused on performance and portability.

Research-Oriented

Intended for malware analysis, CTFs, and experimental reverse engineering.

Architecture

Ligand integrates multiple low-level components into a single interface:

  • sysinfo — system and kernel data
  • goblin — ELF parsing
  • capstone — disassembly engine
  • pnet — raw packet capture
  • ratatui — terminal UI
+-------------------+
|      Ligand       |
+-------------------+
|  Interface Layer  |
+-------------------+
| ELF | Net | Sys   |
+-------------------+
| Capstone | Pnet   |
+-------------------+
|   Kernel / NIC    |
+-------------------+

Status

Ligand is under active development. Features and stability will improve over time.

Download