6 Repos
Programmable platforms for automated binary analysis and symbolic execution.
Explore 6 awesome GitHub repositories matching part of an awesome list · Binary Analysis Frameworks. Refine with filters or upvote what's useful.
Angr is a binary analysis framework and static analysis tool used for reverse engineering compiled binaries. It serves as a binary decompiler and a lifting platform that translates machine code into a common intermediate representation to enable cross-architecture analysis. The framework integrates a symbolic execution engine and constraint solvers to determine the inputs required to reach specific program states. It also employs untrusted code sandboxing to isolate guest code from the host environment during analysis. Its capabilities cover control flow and data flow analysis, including the
Platform-agnostic binary analysis framework.
capa is a binary capability scanner that identifies high-level behaviors and actions an executable can perform, such as network communication or file manipulation. It functions as a malware behavior analysis tool and a MITRE ATT&CK mapping framework, scanning PE, ELF, .NET, and shellcode files through both static analysis and dynamic sandbox report processing. The tool distinguishes itself through a YAML-based detection rule engine that defines detection logic in human-readable files, with conditions expressed as feature combinations and logical operators. It integrates with IDA Pro, Ghidra,
Identify capabilities in PE, ELF or .NET executable files.
LIEF ist ein Framework zum Parsen, Modifizieren und Analysieren ausführbarer Binärformate und System-Shared-Caches über mehrere Plattformen hinweg. Es dient als plattformübergreifende Bibliothek für die programmatische Manipulation von ELF-, PE- und MachO-Binärdateien. Das Projekt bietet Tools zur Änderung der internen Struktur und der Sektionen ausführbarer Dateien, um das Programmverhalten zu ändern. Es enthält zudem einen dedizierten Parser zur Wiederherstellung einzelner dynamischer Bibliotheken aus kombinierten System-Shared-Caches. Das Toolset deckt die Analyse ausführbarer Binärdateien, das Disassemblieren von Maschinencode und die Extraktion von Debug-Metadaten und Symbolinformationen ab. Es unterstützt zudem die bidirektionale Übersetzung von Maschinencode und Assembler über verschiedene Prozessorarchitekturen hinweg.
Instrument, parse, and rebuild PE, ELF, Mach-O, and DEX formats.
Triton is a dynamic binary analysis framework designed to automate reverse engineering. It functions as a multi-architecture CPU emulator, an SMT-based symbolic execution engine, and a dynamic taint analysis tool. The framework translates raw machine instructions into abstract syntax trees, allowing it to represent binary program logic as a structured intermediate representation. This allows the system to map multiple hardware instruction sets to a single analysis framework and translate machine instructions into mathematical formulas for solving constraints. Its capabilities cover the simul
Dynamic binary analysis library.
Platform for Architecture-Neutral Dynamic Analysis
Platform for architecture-neutral dynamic analysis.
Binary Analysis Platform
A framework for binary analysis and program verification.