Ligand is a terminal based intelligence tool for binary analysis, system inspection, and live network monitoring.
It is built for reverse engineers, security researchers, red teamers, and CTF players who want low level visibility without heavy tooling or GUI overhead.
Ligand focuses on clarity, performance, and control.
- ELF parsing and inspection
- String extraction
- Section and symbol analysis
- x86-64 disassembly using Capstone
- Capability inference from binary behavior
- Real-time packet capture
- Multi-interface support (e.g.
wlan0,eth0) - Source and destination IP detection
- Protocol and traffic direction analysis
- Host and kernel information
- Runtime system context awareness
- Lightweight system intelligence
- Interactive TUI built with
ratatui - Keyboard-driven workflow
- No browser, no telemetry, no background services
- Memory-safe by design
- High performance
- Portable across Linux systems
- Designed for real machines, not sandboxes
Ligand is composed of multiple low-level inspection engines unified under a terminal interface:
goblin— ELF parsingcapstone— disassemblypnet— raw packet capturesysinfo— system informationratatui— terminal UI
The controls are up and down for menu choosing and then fn up and fn down for scrolling on the page