awesome-repositories.com
Blog
awesome-repositories.com

Descubre los mejores repositorios open-source con nuestra búsqueda potenciada por IA.

ExplorarBúsquedas curadasAlternativas open-sourceSoftware autohospedableBlogMapa del sitio
ProyectoAcerca deCómo clasificamosPrensaServidor MCP
Aviso legalPrivacidadTérminos
© 2026 Bringes Technology SRL·VAT RO45896025·hello@awesome-repositories.com
·

89 repositorios

Awesome GitHub RepositoriesBinary Analysis

Advanced frameworks for automated binary code analysis and symbolic execution.

Explore 89 awesome GitHub repositories matching part of an awesome list · Binary Analysis. Refine with filters or upvote what's useful.

Awesome Binary Analysis GitHub Repositories

Encuentra los mejores repositorios con IA.Buscaremos los repositorios que mejor coincidan usando IA.
  • werwolv/imhexAvatar de WerWolv

    WerWolv/ImHex

    53,892Ver en GitHub↗

    ImHex is a professional-grade hex editor and binary data analysis platform designed for inspecting, modifying, and reverse engineering raw file contents. It functions as a schema-driven engine that interprets complex binary structures by applying custom definitions to map and visualize byte-level data. The platform distinguishes itself through a dedicated domain-specific language that allows users to define structural schemas for automated file parsing. This capability is supported by a dynamic plugin architecture and an event-driven registry, which enable the integration of external modules

    Provides a hex editor tailored for reverse engineering.

    C++analyzerbinary-analysisc-plus-plus
    Ver en GitHub↗53,892
  • 0xd4d/dnspyAvatar de 0xd4d

    0xd4d/dnSpy

    29,539Ver en GitHub↗

    dnSpy is a specialized toolset for the reverse engineering, analysis, and modification of compiled .NET binaries. It functions as a decompiler that converts assemblies back into readable high-level source code, an assembly editor for modifying bytecode and metadata, and a debugger for inspecting compiled binaries. The project integrates a hex editor specifically for inspecting and modifying raw bytes and Common Intermediate Language structures. It allows for the direct modification of binary contents to change application behavior without requiring the original project source files. The tool

    Inspects assembly metadata tables to resolve class hierarchies, method signatures, and cross-references within the binary.

    C#
    Ver en GitHub↗29,539
  • icsharpcode/ilspyAvatar de icsharpcode

    icsharpcode/ILSpy

    25,447Ver en GitHub↗

    ILSpy is a .NET decompiler and binary analyzer designed to convert compiled .NET assemblies back into readable C# source code. It functions as a metadata explorer and a common intermediate language viewer, enabling the analysis of compiled code and the execution of reverse engineering workflows. The project distinguishes itself through specialized translation capabilities, such as converting compiled binary XML (BAML) back into human-readable XAML for user interface analysis. It also provides tools for inspecting native machine code and extracting metadata from program database (PDB) files.

    Converts raw metadata entries into readable source code to understand the underlying structure of compiled elements.

    C#
    Ver en GitHub↗25,447
  • radare/radare2Avatar de radare

    radare/radare2

    24,129Ver en GitHub↗

    radare2 is a reverse engineering framework and binary analysis toolset. It functions as a multi-architecture disassembler, low-level binary debugger, and hexadecimal editor for inspecting executable structures and interpreting machine code when original source files are unavailable. The framework provides capabilities for decompiling machine instructions, performing symbolic analysis, and diffing binary files to identify structural changes across versions. It also includes a digital forensic analyzer and disk analyzer for browsing filesystem formats in userland. The toolset supports binary p

    Processes raw bytes through successive stages of format parsing, disassembly, and high-level structural analysis.

    C
    Ver en GitHub↗24,129
  • corkami/picsAvatar de corkami

    corkami/pics

    11,464Ver en GitHub↗

    Pics is a comprehensive reference library providing visual documentation for binary file structures, character encodings, processor instruction sets, and hardware architecture maps. It serves as a centralized resource for the dissection and analysis of diverse binary formats, including executables, images, and archives. The project specializes in mapping complex specifications into visual layouts. This includes the creation of schematic diagrams to explain the physical and logical organization of hardware components and the maintenance of a catalog for processor opcodes across multiple hardwa

    Visualizes the internal layout and structural dissections of binary files such as images and archives.

    Assembly
    Ver en GitHub↗11,464
  • wader/fqAvatar de wader

    wader/fq

    10,528Ver en GitHub↗

    fq es un procesador de datos binarios de línea de comandos utilizado para decodificar, transformar y analizar flujos de bytes crudos y datos a nivel de bit en formatos estructurados. Funciona como un motor de consulta binario funcional que permite filtrar y mapear estructuras binarias, así como un convertidor que traduce blobs binarios complejos y formatos de archivo propietarios a JSON, YAML o XML estándar. La herramienta se distingue como un manipulador de bits de bajo nivel capaz de realizar cortes a nivel de bit, operaciones a nivel de bit y hashing criptográfico en archivos crudos. También sirve como analizador de protocolos de red con la capacidad de reensamblar flujos TCP fragmentados y descifrar tráfico TLS para inspección a nivel de aplicación. El proyecto cubre amplias capacidades en el análisis binario y la transformación de datos, incluyendo soporte para definiciones de decodificadores personalizados y una amplia gama de formatos especializados como Mach-O, ASN1 BER y Avro OCF. Proporciona utilidades para la búsqueda en árboles binarios, decodificación de texto estructurado y serialización bidireccional entre formatos binarios y de texto. Los usuarios pueden interactuar con el sistema a través de una interfaz de línea de comandos y un REPL interactivo para pruebas de consulta en tiempo real.

    Inspects and decodes binary data formats.

    Go
    Ver en GitHub↗10,528
  • pwndbg/pwndbgAvatar de pwndbg

    pwndbg/pwndbg

    10,051Ver en GitHub↗

    pwndbg is a GDB plugin and binary analysis framework designed for reverse engineering, exploit development, and low-level program analysis. It extends the core functionality of the debugger to provide advanced memory inspection and automation tools. The project distinguishes itself with specialized capabilities for heap analysis across glibc, jemalloc, and musl, as well as a comprehensive kernel debugging toolkit for inspecting Linux kernel tasks and slab allocators. It includes an integrated ROP gadget searcher for constructing exploit chains and an LLM-powered debugging assistant that provi

    Extracts detailed information about heap memory groups through metadata analysis.

    Pythonbinary-ninjacapture-the-flagctf
    Ver en GitHub↗10,051
  • angr/angrAvatar de angr

    angr/angr

    8,898Ver en GitHub↗

    Angr is a binary analysis framework and static analysis tool used for reverse engineering compiled binaries. It serves as a binary decompiler and a lifting platform that translates machine code into a common intermediate representation to enable cross-architecture analysis. The framework integrates a symbolic execution engine and constraint solvers to determine the inputs required to reach specific program states. It also employs untrusted code sandboxing to isolate guest code from the host environment during analysis. Its capabilities cover control flow and data flow analysis, including the

    Framework for binary analysis and symbolic execution.

    Python
    Ver en GitHub↗8,898
  • avast-tl/retdecAvatar de avast-tl

    avast-tl/retdec

    8,556Ver en GitHub↗

    Retdec is an LLVM-based machine code decompiler and static binary analysis tool designed for binary reverse engineering. It translates binary executable code into high-level representations to facilitate the reconstruction of program logic from compiled machine code. The system utilizes a retargetable frontend architecture and a multi-stage lifting pipeline to convert raw bytes into a common intermediate language. It differentiates custom program logic from known library code through signature-based identification and provides utilities for binary symbol demangling to restore human-readable n

    Decompiles machine code into C-like output using LLVM.

    C++
    Ver en GitHub↗8,556
  • lolbas-project/lolbasAvatar de LOLBAS-Project

    LOLBAS-Project/LOLBAS

    8,323Ver en GitHub↗

    LOLBAS is a curated database and knowledge base of signed Windows binaries that can be misused to bypass security restrictions and execute unauthorized code. It serves as a technical registry that maps trusted system files to their functional capabilities and the offensive tactics they enable. The project distinguishes itself by providing a capability-driven indexing system and a tactics registry that relates legitimate binary functionality to known security evasion techniques. It includes an association layer that links specific system binaries to attack patterns and tactical objectives, pro

    Provides detection rules to identify when signed binaries are used for security evasion.

    XSLTblueteamdfirliving-off-the-land
    Ver en GitHub↗8,323
  • firerpa/lamdaAvatar de firerpa

    firerpa/lamda

    7,834Ver en GitHub↗

    This project is an Android RPA framework designed for automating user interfaces and system tasks on rooted Android devices using Python and ADB. It provides a suite of tools for rooted device management, allowing for programmatic control of system settings, application lifecycles, and shell command execution via a remote API. The framework distinguishes itself through a combination of dynamic instrumentation and AI integration. It can inject scripts into running processes to hook Java interfaces and modifies application behavior in real time. Additionally, it supports large language model in

    Analyzes application behavior and interactions with the operating system to identify security vulnerabilities.

    Pythonadbagentsai
    Ver en GitHub↗7,834
  • lauriewired/ghidramcpAvatar de LaurieWired

    LaurieWired/GhidraMCP

    7,649Ver en GitHub↗

    GhidraMCP is a Model Context Protocol server that exposes Ghidra binary analysis and decompilation functions to external intelligence models. It acts as a bridge that connects the Ghidra reverse engineering suite to external tools through a standardized communication protocol, facilitating automated reverse engineering and software auditing. The project enables the extraction of decompiled code and program structural data to populate the context windows of language models. It features a binary symbol management tool capable of dynamic symbol resolution, allowing method and data names to be up

    Extracts decompiled code and detailed analysis data from binaries to support automated reverse engineering.

    Java
    Ver en GitHub↗7,649
  • jart/blinkAvatar de jart

    jart/blink

    7,534Ver en GitHub↗

    Blink is a JIT-based instruction emulator and x86-64 Linux emulator designed to run Linux binaries and ELF files across different host operating systems and architectures. It functions as a binary execution sandbox and system call simulator, providing a controlled environment for running programs. The project distinguishes itself with a terminal user interface for monitoring execution, managing breakpoints, and visualizing JIT compilation paths. It supports self-modifying code through a cache-invalidating memory model and provides execution environment isolation using restricted directory ove

    Traces system calls and logs execution flow to analyze how programs interact with the operating system.

    C
    Ver en GitHub↗7,534
  • 0xd4d/de4dotAvatar de 0xd4d

    0xd4d/de4dot

    7,426Ver en GitHub↗

    de4dot is a .NET deobfuscator, unpacker, and assembly analysis tool. It is designed to remove obfuscation layers, restore metadata, and simplify bytecode control flow to transform protected binaries back into human-readable code. The project features specialized systems for decrypting strings and constants using both static and dynamic analysis. It identifies specific protection tools through pattern-based detection and strips anti-analysis protections, such as tamper detection and anti-debugging code. The tool provides a suite of reverse engineering capabilities, including binary wrapper un

    Fixes verifiable code and preserves assembly metadata to ensure compatibility with decompilers.

    C#
    Ver en GitHub↗7,426
  • crytic/slitherAvatar de crytic

    crytic/slither

    6,141Ver en GitHub↗

    Trail of Bits lifts machine code to an intermediate representation and performs dynamic symbolic execution, taint analysis, and constraint solving on native binaries.

    Pythonethereumsoliditystatic-analysis
    Ver en GitHub↗6,141
  • mandiant/capaAvatar de mandiant

    mandiant/capa

    6,062Ver en GitHub↗

    capa is a binary capability scanner that identifies high-level behaviors and actions an executable can perform, such as network communication or file manipulation. It functions as a malware behavior analysis tool and a MITRE ATT&CK mapping framework, scanning PE, ELF, .NET, and shellcode files through both static analysis and dynamic sandbox report processing. The tool distinguishes itself through a YAML-based detection rule engine that defines detection logic in human-readable files, with conditions expressed as feature combinations and logical operators. It integrates with IDA Pro, Ghidra,

    Compiles system calls, file operations, and network activity from malware execution into structured reports.

    Python
    Ver en GitHub↗6,062
  • fireeye/capaAvatar de fireeye

    fireeye/capa

    6,062Ver en GitHub↗

    capa is a static analysis tool that scans executable files to identify what a program can do, detecting capabilities such as API calls, byte sequences, and structural patterns without executing the code. It supports multiple file formats including PE, ELF, .NET, and shellcode, and can also process runtime behavior traces from sandbox reports generated by CAPE, DRAKVUF, or VMRay. The tool integrates directly with reverse engineering environments through plugins for IDA Pro and Ghidra, allowing analysts to view capability matches and author detection rules within their disassembler of choice. C

    Detects capabilities in executable files and shellcode.

    Python
    Ver en GitHub↗6,062
  • qilingframework/qilingAvatar de qilingframework

    qilingframework/qiling

    5,965Ver en GitHub↗

    A True Instrumentable Binary Emulation Framework

    Provides an advanced framework for binary emulation.

    Python
    Ver en GitHub↗5,965
  • cuckoosandbox/cuckooAvatar de cuckoosandbox

    cuckoosandbox/cuckoo

    5,959Ver en GitHub↗

    Cuckoo is an open-source automated malware analysis system that executes suspicious files inside isolated virtual machines and produces structured behavioral reports. The platform captures system calls, file operations, and network activity during execution, compiling them into comprehensive analysis documents for programmatic consumption. The system operates through a modular analysis pipeline that processes behavioral data, applying YARA signature patterns against captured artifacts to identify known malware families. Each analysis run starts from a clean virtual machine snapshot to ensure

    Collects system calls, file operations, and network activity from malware execution into structured reports.

    JavaScript
    Ver en GitHub↗5,959
  • darthton/blackboneAvatar de DarthTon

    DarthTon/Blackbone

    5,431Ver en GitHub↗

    Blackbone es una colección de herramientas especializadas para escaneo de memoria, inyección de procesos e interfaces de controladores de kernel utilizadas para manipular el entorno de ejecución de Windows. Proporciona un framework para ejecutar código remoto, mapear imágenes ejecutables portátiles y gestionar hilos a través de diferentes límites de procesos. El proyecto incluye un controlador de memoria de kernel para acceder a la memoria del kernel y modificar derechos de manejo para ocultar asignaciones de la detección en modo usuario. También cuenta con una librería para interceptar llamadas a funciones en procesos remotos usando interrupciones de software y puntos de interrupción de hardware. El kit de herramientas cubre capacidades más amplias en la manipulación de memoria virtual, como leer, escribir y asignar memoria en procesos locales o remotos. Además, proporciona utilidades para la búsqueda de patrones de memoria para localizar secuencias de bytes específicas y gestión de módulos para inyectar o expulsar binarios.

    Offers a library for Windows memory hacking.

    C++
    Ver en GitHub↗5,431
Ant.1234…5Siguiente
  1. Home
  2. Part of an Awesome List
  3. Developer Tools
  4. Binary Analysis

Explorar subetiquetas

  • Dynamic Behavioral Analysis2 sub-etiquetasAnalyzing a program's behavior by tracing its interactions with the operating system during runtime. **Distinct from Binary Analysis:** Distinct from general Binary Analysis by focusing specifically on runtime syscall and execution flow tracing.
  • Evasion Detection RulesSignatures and logic designed to detect the use of trusted binaries for security evasion. **Distinct from Binary Analysis:** Focuses on the detection of evasion patterns rather than the general analysis of the binary structure.
  • Layered Analysis Pipelines1 sub-etiquetaSuccessive processing stages for binary format parsing and structural analysis. **Distinct from Binary Analysis:** Describes the specific internal architectural pipeline for analysis rather than a general binary analysis framework.
  • Metadata Analysis Tools2 sub-etiquetasTools that analyze assembly metadata tables to resolve types, signatures, and references. **Distinct from Binary Analysis:** Distinct from general binary analysis by focusing specifically on the interpretation of metadata tables for structural resolution.
  • Unpacking UtilitiesTools for identifying and removing protective wrappers from compiled binaries. **Distinct from Binary Analysis:** Distinct from Binary Analysis: focuses specifically on the removal of packers and obfuscation layers rather than general analysis.