Open-Source Binary Intelligence

Know Every Version.
Secure Every Binary.

Cross-platform collectors scan PE, ELF, Mach-O, plist, and script files. Automated CVE matching with EPSS scoring and CISA KEV integration surfaces real threats β€” not noise.

Request Preview Access Login β†’
macOS Linux x64 ARM64 ARM32 Windows Embedded & SmallSat
Scroll to explore
⚑

Scan Any OS

Native collectors for macOS, Linux, Windows, and ARM. Lightweight static binaries traverse entire filesystems in seconds.

πŸ”

Extract Versions

Deep PE resource parsing, ELF note sections, Mach-O plist extraction, and script regex β€” no version escapes detection.

Δ

Detect Drift

Compare scans over time to identify new executables, changed versions, removed components, leftover agents, and unauthorized software across enterprise, embedded, and satellite fleets.

🛡️

CVE Matching

Automated NVD sync with CPE resolution, EPSS exploitation probability, CISA KEV catalog, and GitHub PoC search.

πŸ“Š

Actionable Reports

Urgency-ranked vulnerability dashboards with composite risk scores. Export JSONL or browse the interactive web interface.

πŸ›°οΈ Flight-Ready

From Routers
to Orbit

VersionGopher's ARM32 static collector is small enough to run on embedded Linux systems, IoT gateways, and small satellite flight computers. A single statically-linked binary β€” no shared libraries, no runtime, no network required. Scan firmware in air-gapped environments and exfil results when connectivity allows.

242KB
Stripped + UPX
0
Dependencies
34K+
Files/Second
πŸ”§
Embedded Linux & RTOS

Static binary runs on any ARM32/ARM64 Linux β€” BusyBox routers, industrial PLCs, avionics, and CubeSat flight software.

πŸ›°οΈ
SmallSat Firmware Audits

Inventory every binary on a satellite payload before launch. Cross-reference against NVD to verify no known-vulnerable libraries fly.

πŸ”’
Air-Gapped Operation

Runs entirely offline. Collect JSONL on the target, transfer via serial/USB/downlink, and analyze on the ground station.

Footage: NASA/GSFC Β· BurstCube & SNOOPI CubeSats deployed from the ISS, SpaceX CRS-30, April 2024 Β· OSIRIS-REx departure from asteroid Bennu

See your entire
software estate

Search and filter across hundreds of thousands of binaries. Every version, every path, every file type β€” indexed and queryable in real time.

VersionGopher dashboard showing version search results
Software & Environment Drift Detection

Detect software drift
before it becomes risk

Operating environments rarely stay frozen after deployment. MSPs change, MSSPs rotate, endpoint agents are replaced, old tools are only partially removed, and new executables appear over time.

VersionGopher compares current scans against known-good baselines to reveal what changed across your software estate - from enterprise endpoints and servers to embedded Linux systems and pLEO satellite payloads.

Baseline Comparison

Compare any scan against a golden image, previous scan, or approved mission baseline.

Unexpected Executables

Find new binaries, scripts, payload processors, agents, or tools that were not present in the approved environment.

Version Drift

Track upgrades, downgrades, patched libraries, stale components, and silent version changes.

Agent Overlap & Cleanup Gaps

Detect leftover RMM, EDR, antivirus, VPN, monitoring, or MSSP tooling after vendor transitions.

Fleet-Level Change Tracking

See which systems drifted, when they drifted, and whether the change is isolated or spreading.

Mission Baseline Assurance

Verify onboard software still matches the approved pre-launch or post-update baseline across pLEO and SmallSat systems.

Know whether endpoint security, remote-management, VPN, monitoring, and operations agents are actually present - and whether legacy tools were fully removed.

VersionGopher does not just tell you what version is present. It tells you what changed, what appeared, and what no longer matches the approved baseline.

Prioritize
real threats

CVE results ranked by composite risk score combining CVSS severity, EPSS exploitation probability, CISA KEV status, and known PoC availability.

VersionGopher CVE vulnerability analysis panel

How VersionGopher Works

Click to explore each component of the scanning pipeline.

Cross-Platform Collectors

Lightweight native binaries compiled for every major platform. Drop a single executable on any target, run it, and get structured JSONL output ready for analysis. No dependencies, no installation, no runtime required.

  • macOS Universal (ARM64 + x86_64)
  • Linux x64 static (glibc-free, runs on CentOS 7+)
  • Linux ARM64 / ARM32 static (routers, IoT, embedded)
  • Windows x64 (MSVC, Version.lib + Advapi32.lib)
Terminal
$ ./version_gopher -d /firmware -J > scan.jsonl
$ wc -l scan.jsonl
  34,291 scan.jsonl

Deep Binary Analysis

The PE parser walks the full RT_VERSION resource tree, handling both type-0 (binary) and type-1 (text) VS_VERSIONINFO string entries. No arbitrary size limits on resource sections β€” firmware updaters with 50MB+ embedded blobs are parsed correctly.

  • PE: VS_VERSIONINFO with FileVersion / ProductVersion
  • ELF: .note sections, symbol table version strings
  • Mach-O: embedded Info.plist CFBundleVersion extraction
  • Scripts: regex patterns for version= / VERSION / __version__
  • Unicode-safe: full CJK and Cyrillic path traversal
JSONL Output
{
  "filepath": "/firmware/ε‘η”ŸδΊ§/update.exe",
  "filename": "update",
  "version": "31.125.0.0",
  "file_type": "PE"
}

Automated CVE Matching

Resumable NVD sync builds a local SQLite CVE database. The matching engine resolves products via CPE dictionaries, applies version range logic, and enriches every result with exploitation intelligence.

  • NVD 2.0 API with resumable incremental sync
  • CPE product/vendor resolution from binary metadata
  • EPSS exploitation probability scores
  • CISA Known Exploited Vulnerabilities catalog
  • GitHub PoC/exploit search with confidence scoring
  • Composite risk score: CVSS Γ— EPSS Γ— KEV Γ— PoC
Risk Score
CVE-2024-3094  xz-utils  5.6.0
β”œβ”€ CVSS:   10.0 (CRITICAL)
β”œβ”€ EPSS:   94.7%
β”œβ”€ KEV:    Yes (CISA deadline 2024-04-19)
β”œβ”€ PoC:    3 confirmed exploits
└─ Risk:   PATCH IMMEDIATELY

Visual Intelligence Dashboard

A responsive web interface for exploring scan results, filtering by type and severity, and drilling into individual CVE matches. Supports multi-scan comparison, scan history management, and JSONL import from collector output.

  • Full-text search across filenames, paths, and versions
  • Severity-sorted CVE results with urgency alert banners
  • Scan history with provenance tracking
  • JSONL import for air-gapped and hosted deployments
  • Real-time progress for large-scan CVE analysis
Quick Start
$ cd web && pip install -r requirements.txt
$ python3 -m flask run --port 5000
# Open http://localhost:5000
# Import scan.jsonl β†’ instant results
πŸ›οΈ Federal Compliance

Built for the
SBOM era

The 2025 CISA–NSA joint guidance "A Shared Vision of Software Bill of Materials" β€” endorsed by 21 international agencies β€” calls for organizations to generate, analyze, and integrate SBOMs into operational security workflows. VersionGopher gives you the binary-level component inventory that SBOM pipelines depend on. Read the NSA press release β†’

πŸ“‹
Component Inventory

Discover every binary, library, and versioned component on a target β€” the foundational data layer for SPDX and CycloneDX SBOM generation.

πŸ”—
Vulnerability Mapping

Automatically map discovered versions to CVEs via NVD. The joint guidance emphasizes using SBOMs for "risk-informed decision making" β€” not just inventory.

🌐
Supply Chain Visibility

21 international partners. One standard. VersionGopher's cross-platform scanning meets the guidance's call for interoperable, automated software transparency.

Ready to see what's running?

Download a collector, scan your target, import the results.

Request Preview Access Open Dashboard