7 Repos
Tools for monitoring and debugging program execution at runtime.
Explore 7 awesome GitHub repositories matching part of an awesome list · Dynamic Analysis. Refine with filters or upvote what's useful.
Cutter is a binary analysis platform and graphical user interface for the Rizin reverse engineering framework. It provides an environment for analyzing the internal logic and data structures of compiled binaries through integrated disassembly and visualization. The platform supports a containerized deployment model to provide isolated environments for binary analysis, which is used to examine suspicious binaries without risking the host system. It is an extensible security tool that allows for the addition of custom analysis capabilities and visualizers via native plugins and scripts. The to
Provides a live debugging engine to monitor program execution in real time alongside static analysis.
This project is a suite of runtime diagnostic tools designed to detect memory leaks, concurrency races, and language-specification violations during software execution. It provides a collection of dynamic analysis tools that identify addressability issues, uninitialized memory usage, and memory safety bugs in applications. The toolset includes a thread safety analyzer to identify data races and deadlocks in concurrent code, as well as an undefined behavior sanitizer to detect operations that violate language specifications. The system covers broad capabilities in memory safety monitoring and
Suite of tools for detecting memory, thread, and leak errors.
GEF is a Python-based extension for GDB that serves as a framework for binary analysis, exploit development, and low-level debugging. It functions as a dynamic analysis extension designed to assist in reverse engineering workflows and malware analysis by enhancing the debugger's ability to inspect process state and memory. The project is distinguished by its specialized heap analysis tools, which allow for the inspection of glibc heap arenas, bins, and chunks to detect memory corruption. It also provides a dedicated toolkit for exploit development, including cyclic pattern generation for offs
Enables monitoring and manipulation of running processes in real time to observe execution flow and state changes.
Volatility is a memory forensics framework and digital forensics tool designed to extract and analyze evidence from volatile computer memory dumps. It functions as a memory dump parser and analysis platform used to identify running processes, network connections, and loaded modules from a system RAM capture. The framework enables the reconstruction of system state to uncover malicious activity, such as rootkits and injected code, during malware incident response and threat hunting. It provides capabilities for digital forensic investigations to detect unauthorized access and indicators of com
Advanced memory forensics framework for incident response.
PINCE is a dynamic debugger, instruction tracer, and memory scanner designed for the analysis and manipulation of running processes. It functions as a process memory manipulator and editor, allowing for the identification, modification, and monitoring of values within a target application's active memory. The tool distinguishes itself through memory pointer analysis, tracing addresses and offsets to locate static pointers that lead to dynamic data across different sessions. It also enables the execution of internal functions within a running process by manipulating the instruction pointer and
Observes program execution flow and memory access patterns at runtime to understand data processing.
LiME (formerly DMD) is a Loadable Kernel Module (LKM), which allows the acquisition of volatile memory from Linux and Linux-based devices, such as those powered by Android. The tool supports acquiring memory either to the file system of the device or over the network. LiME is unique in that it is the first tool that allows full memory captures from Android devices. It also minimizes its interaction between user and kernel space processes during acquisition, which allows it to produce memory captures that are more forensically sound than those of other tools designed for Linux memory acquisitio
Loadable kernel module for memory acquisition on Linux.
Noriben - Portable, Simple, Malware Analysis Sandbox
Automated malware analysis tool using system monitoring.