46 مستودعات
أدوات مساعدة للهندسة العكسية، وتفكيك التجميع، وتحليل التلوث (taint analysis).
Explore 46 awesome GitHub repositories matching part of an awesome list · أدوات تحليل الملفات الثنائية. Refine with filters or upvote what's useful.
dnSpy is a specialized toolset for the reverse engineering, analysis, and modification of compiled .NET binaries. It functions as a decompiler that converts assemblies back into readable high-level source code, an assembly editor for modifying bytecode and metadata, and a debugger for inspecting compiled binaries. The project integrates a hex editor specifically for inspecting and modifying raw bytes and Common Intermediate Language structures. It allows for the direct modification of binary contents to change application behavior without requiring the original project source files. The tool
Debugger and assembly editor for .NET applications.
Unicorn is a multi-architecture CPU emulation framework and library that utilizes just-in-time compilation to execute instructions across various processor architectures, including ARM, x86, and RISC-V. It functions as both a JIT compilation engine and an instrumentation tool, allowing for the execution of machine code without the need for physical hardware. The framework is distinguished by its hook-based execution instrumentation, which enables the interception of specific instructions and memory accesses to trigger custom callback functions. It provides a language-agnostic binding layer an
CPU emulator framework for binary instrumentation and analysis.
Angr is a binary analysis framework and static analysis tool used for reverse engineering compiled binaries. It serves as a binary decompiler and a lifting platform that translates machine code into a common intermediate representation to enable cross-architecture analysis. The framework integrates a symbolic execution engine and constraint solvers to determine the inputs required to reach specific program states. It also employs untrusted code sandboxing to isolate guest code from the host environment during analysis. Its capabilities cover control flow and data flow analysis, including the
Framework for binary analysis and symbolic execution.
Capstone is a multi-architecture disassembly framework and binary translation system. It converts binary machine code into human-readable assembly instructions for a wide variety of hardware instruction set architectures and virtual machines. The framework supports a diverse range of targets, including x86, ARM, RISC-V, and MIPS, as well as virtual machine environments like WebAssembly and the Ethereum Virtual Machine. It functions as an instruction analysis tool capable of extracting granular decomposition data and semantic information from disassembled code. The engine is designed for low-
Multi-architecture disassembly framework for binary analysis.
Peda هي مجموعة أدوات أمنية وإطار عمل لتطوير الاستغلال مصمم لتحليل الملفات الثنائية، وأتمتة مصحح الأخطاء، وفحص الذاكرة. تعمل كمجموعة من نصوص Python التي توسع مصحح الأخطاء لأتمتة تحليل الملفات المجمعة وفحص ذاكرة العملية. يوفر المشروع أدوات متخصصة لأبحاث فساد الذاكرة، بما في ذلك أداة توليد حمولة لإنشاء أنماط دورية لاكتشاف تجاوز سعة المخزن المؤقت (buffer overflows) وباحث عن الأدوات (gadget finder) لتحديد تسلسلات البرمجة الموجهة للعودة (ROP) داخل الملفات الثنائية. يتميز بتقديم أداة تصور تحول بيانات السجل الخام، والتفكيك، والذاكرة إلى نص ملون لتبسيط تحليل حالات وحدة المعالجة المركزية. يغطي إطار العمل مجموعة واسعة من القدرات بما في ذلك تحليل أمان الملفات الثنائية لاكتشاف الحماية، ومسح الذاكرة بالتعبيرات النمطية، والقدرة على تعيين بيئات العمليات مباشرة من نواة النظام. كما يتضمن أدوات لتعديل عناوين الذاكرة وتوليد قوالب shellcode.
Python-based exploit development assistance for GDB.
Qira is a runtime analysis tool and interactive binary debugger designed for the QEMU emulator. It functions as a binary execution tracer that records a full timeline of instruction invocations and provides a system for monitoring memory operations within guest processes. The project enables the analysis of compiled binaries by tracing instruction-level execution and mapping raw memory addresses to user-defined annotations. It includes capabilities for state-snapshotting to manage execution forks, allowing the navigation of divergent logic paths and the inspection of CPU register states and s
QEMU-based interactive execution tracer for binary analysis.
This project is a binary static analysis tool designed to recover hidden and non-standard encoded strings from compiled binaries. It functions as a malware analysis utility and string decryptor, extracting obfuscated text to reveal concealed program behavior without executing the code. The tool automates the recovery of embedded strings through a combination of emulated instruction execution and abstract syntax tree evaluation. It utilizes pattern-based heuristic detection to identify obfuscation routines and employs cross-platform binary parsing to process multiple executable formats. The s
Automatically extracts and deobfuscates strings from malware.
ipsw is a specialized toolkit for iOS firmware analysis, binary reverse engineering, and hardware interaction. It provides a suite of tools for downloading, extracting, and analyzing firmware images and kernel caches, alongside a MachO binary analysis tool for disassembling and patching executables. The project distinguishes itself through integrated language-model-powered code reconstruction to translate machine code into high-level source code. It also features an automation client for the App Store Connect API to manage certificates and application settings. The framework covers a broad r
Tool for parsing and extracting Apple firmware IPSW files.
BinNavi هي بيئة تطوير متكاملة (IDE) للتحليل الثنائي تسمح بفحص وتصفح وتعديل والتعليق على رسوم تدفق التحكم ورسوم استدعاء الدوال للكود الذي تم فك تجميعه.
IDE for inspecting and annotating control-flow graphs.
MachOView fork
Visualizing and editing Mach-O file structures.
Binary Analysis Platform
Platform for binary analysis and program transformation.
QEMU README
QEMU fork for emulating Apple T8030 hardware.
Corelan Repository for mona.py
Tooling to assist exploit developers with debugging tasks.
محلل ثابت للكود الثنائي، مع تكامل IDA. يقوم بتحليل القيم والتلوث (taint analysis)، وإعادة بناء الأنواع، واكتشاف أخطاء استخدام الذاكرة بعد التحرير (use-after-free) والتحرير المزدوج (double-free)
Static binary code analysis toolkit for reverse engineers.
Multi-architecture assembler for IDA Pro. Powered by Keystone Engine.
Multi-architecture assembly patching plugin based on the Keystone engine.
IDA pro plugin to find crypto constants (and more)
Identifies cryptographic constants using YARA rules.
الفائز بمسابقة إضافات IDA لعام 2016! التنفيذ الرمزي (Symbolic Execution) بضغطة زر واحدة!
Provides taint analysis and symbolic execution capabilities.
Imports Reconstructor
Tool for reconstructing imports in PE files.
Technical documentation for the Mach-O executable file format.
RetDec plugin for IDA (Interactive Disassembler).
IDA Pro plugin for the RetDec machine-code decompiler.