46 repositorios
Utilidades para ingeniería inversa, desensamblado y análisis de taint.
Explore 46 awesome GitHub repositories matching part of an awesome list · Herramientas de análisis binario. Refine with filters or upvote what's useful.
dnSpy is a specialized toolset for the reverse engineering, analysis, and modification of compiled .NET binaries. It functions as a decompiler that converts assemblies back into readable high-level source code, an assembly editor for modifying bytecode and metadata, and a debugger for inspecting compiled binaries. The project integrates a hex editor specifically for inspecting and modifying raw bytes and Common Intermediate Language structures. It allows for the direct modification of binary contents to change application behavior without requiring the original project source files. The tool
Debugger and assembly editor for .NET applications.
Unicorn is a multi-architecture CPU emulation framework and library that utilizes just-in-time compilation to execute instructions across various processor architectures, including ARM, x86, and RISC-V. It functions as both a JIT compilation engine and an instrumentation tool, allowing for the execution of machine code without the need for physical hardware. The framework is distinguished by its hook-based execution instrumentation, which enables the interception of specific instructions and memory accesses to trigger custom callback functions. It provides a language-agnostic binding layer an
CPU emulator framework for binary instrumentation and analysis.
Angr is a binary analysis framework and static analysis tool used for reverse engineering compiled binaries. It serves as a binary decompiler and a lifting platform that translates machine code into a common intermediate representation to enable cross-architecture analysis. The framework integrates a symbolic execution engine and constraint solvers to determine the inputs required to reach specific program states. It also employs untrusted code sandboxing to isolate guest code from the host environment during analysis. Its capabilities cover control flow and data flow analysis, including the
Framework for binary analysis and symbolic execution.
Capstone is a multi-architecture disassembly framework and binary translation system. It converts binary machine code into human-readable assembly instructions for a wide variety of hardware instruction set architectures and virtual machines. The framework supports a diverse range of targets, including x86, ARM, RISC-V, and MIPS, as well as virtual machine environments like WebAssembly and the Ethereum Virtual Machine. It functions as an instruction analysis tool capable of extracting granular decomposition data and semantic information from disassembled code. The engine is designed for low-
Multi-architecture disassembly framework for binary analysis.
Peda es una suite de herramientas de seguridad y framework de desarrollo de exploits diseñado para análisis binario, automatización de depuradores e inspección de memoria. Funciona como un conjunto de scripts de Python que extienden un depurador para automatizar el análisis de archivos compilados y la inspección de la memoria de procesos. El proyecto proporciona utilidades especializadas para la investigación de corrupción de memoria, incluyendo una utilidad de generación de payloads para crear patrones cíclicos para descubrir desbordamientos de búfer y un buscador de gadgets para localizar secuencias de programación orientada al retorno (ROP) dentro de binarios. Se diferencia al ofrecer una herramienta de visualización que transforma datos crudos de registros, desensamblado y memoria en texto codificado por colores para simplificar el análisis de los estados de la CPU. El framework cubre una amplia gama de capacidades, incluyendo análisis de seguridad binaria para detectar protecciones, escaneo de memoria mediante expresiones regulares y la capacidad de mapear entornos de procesos directamente desde el kernel del sistema. También incluye herramientas para modificar direcciones de memoria y generar plantillas de shellcode.
Python-based exploit development assistance for GDB.
Qira is a runtime analysis tool and interactive binary debugger designed for the QEMU emulator. It functions as a binary execution tracer that records a full timeline of instruction invocations and provides a system for monitoring memory operations within guest processes. The project enables the analysis of compiled binaries by tracing instruction-level execution and mapping raw memory addresses to user-defined annotations. It includes capabilities for state-snapshotting to manage execution forks, allowing the navigation of divergent logic paths and the inspection of CPU register states and s
QEMU-based interactive execution tracer for binary analysis.
Este proyecto es una herramienta de análisis estático binario diseñada para recuperar cadenas ocultas y codificadas de forma no estándar de binarios compilados. Funciona como una utilidad de análisis de malware y descifrador de cadenas, extrayendo texto ofuscado para revelar el comportamiento oculto del programa sin ejecutar el código. La herramienta automatiza la recuperación de cadenas incrustadas a través de una combinación de ejecución de instrucciones emuladas y evaluación de árboles de sintaxis abstracta. Utiliza detección heurística basada en patrones para identificar rutinas de ofuscación y emplea análisis binario multiplataforma para procesar múltiples formatos ejecutables. El sistema cubre una amplia gama de capacidades forenses, incluyendo la extracción de cadenas específica del lenguaje y la serialización de datos recuperados en formatos compatibles con plataformas de análisis de seguridad externas.
Automatically extracts and deobfuscates strings from malware.
ipsw is a specialized toolkit for iOS firmware analysis, binary reverse engineering, and hardware interaction. It provides a suite of tools for downloading, extracting, and analyzing firmware images and kernel caches, alongside a MachO binary analysis tool for disassembling and patching executables. The project distinguishes itself through integrated language-model-powered code reconstruction to translate machine code into high-level source code. It also features an automation client for the App Store Connect API to manage certificates and application settings. The framework covers a broad r
Tool for parsing and extracting Apple firmware IPSW files.
BinNavi es un IDE de análisis binario que permite inspeccionar, navegar, editar y anotar grafos de flujo de control y grafos de llamadas de código desensamblado.
IDE for inspecting and annotating control-flow graphs.
MachOView fork
Visualizing and editing Mach-O file structures.
Binary Analysis Platform
Platform for binary analysis and program transformation.
QEMU README
QEMU fork for emulating Apple T8030 hardware.
Corelan Repository for mona.py
Tooling to assist exploit developers with debugging tasks.
Analizador estático de código binario, con integración en IDA. Realiza análisis de valores y taint, reconstrucción de tipos, y detección de use-after-free y double-free
Static binary code analysis toolkit for reverse engineers.
Multi-architecture assembler for IDA Pro. Powered by Keystone Engine.
Multi-architecture assembly patching plugin based on the Keystone engine.
IDA pro plugin to find crypto constants (and more)
Identifies cryptographic constants using YARA rules.
¡Ganador del concurso de complementos de IDA 2016! ¡Ejecución simbólica a solo un clic de distancia!
Provides taint analysis and symbolic execution capabilities.
Imports Reconstructor
Tool for reconstructing imports in PE files.
Technical documentation for the Mach-O executable file format.
RetDec plugin for IDA (Interactive Disassembler).
IDA Pro plugin for the RetDec machine-code decompiler.