9 repositorios
Tools for analyzing, disassembling, and profiling compiled binaries.
Explore 9 awesome GitHub repositories matching part of an awesome list · Binary and Reverse Engineering. Refine with filters or upvote what's useful.
radare2 is a reverse engineering framework and binary analysis toolset. It functions as a multi-architecture disassembler, low-level binary debugger, and hexadecimal editor for inspecting executable structures and interpreting machine code when original source files are unavailable. The framework provides capabilities for decompiling machine instructions, performing symbolic analysis, and diffing binary files to identify structural changes across versions. It also includes a digital forensic analyzer and disk analyzer for browsing filesystem formats in userland. The toolset supports binary p
Provides a comprehensive framework for analyzing, disassembling, and profiling compiled binaries.
Il2CppDumper is a reverse engineering tool that recovers original .NET assembly structure from Unity games compiled with il2cpp. It parses il2cpp binaries across multiple executable formats including ELF, Mach-O, PE, NSO, and WASM, and reconstructs the original DLL structure from embedded metadata tables, enabling decompilation and analysis of game code. The tool generates disassembler scripts for IDA, Ghidra, and Binary Ninja that apply recovered type definitions and structure layouts to the binary analysis. It also strips protection layers from memory-dumped libil2cpp.so files and simple PE
Recovers Unity game code from il2cpp binaries by reconstructing DLL structure and generating disassembler scripts.
Capstone is a multi-architecture disassembly framework and binary analysis engine. It translates raw machine code from various CPU architectures, such as x86, ARM, and RISC-V, into human-readable assembly instructions. The engine distinguishes itself by providing instruction semantic decomposition, which lists implicit registers read and written, and the ability to customize instruction mnemonics to meet specific technical analysis standards. It also features resilient stream disassembly, allowing the process to resynchronize and continue after encountering invalid instructions or embedded da
Facilitates reverse engineering by decomposing instructions into granular semantics and extracting operand details.
Android Classyshark is a binary analysis toolset designed to extract structural data from Android executable files. It functions as a bytecode viewer and binary XML parser to analyze compiled Java and Android binaries. The project converts binary XML files into readable formats for the inspection of application manifests, layouts, and resource files. It also provides the ability to analyze class interfaces, members, and dependency counts without requiring access to the original source code. The toolset supports static analysis and the export of binary information into plain text formats for
Analyzes compiled Java and Android binaries to understand internal structures and dependencies.
capa is a static analysis tool that scans executable files to identify what a program can do, detecting capabilities such as API calls, byte sequences, and structural patterns without executing the code. It supports multiple file formats including PE, ELF, .NET, and shellcode, and can also process runtime behavior traces from sandbox reports generated by CAPE, DRAKVUF, or VMRay. The tool integrates directly with reverse engineering environments through plugins for IDA Pro and Ghidra, allowing analysts to view capability matches and author detection rules within their disassembler of choice. C
Analyzes PE, ELF, .NET, and shellcode files to extract program capabilities and code features.
A True Instrumentable Binary Emulation Framework
Emulates and debugs binaries across architectures with reverse execution and state snapshots.
unidbg es un framework para emular y depurar binarios nativos ARM32 y ARM64 en una máquina host. Sirve como depurador de binarios de Android e iOS y emulador de librerías nativas, permitiendo la ejecución de código nativo sin necesidad de hardware físico. El proyecto se distingue por un framework de hooking de funciones nativas y una herramienta de depuración de Model Context Protocol que expone el estado del emulador a asistentes de IA para el análisis binario automatizado. También incluye un analizador de memoria especializado para rastrear asignaciones del lado del invitado e identificar fugas en binarios nativos. El conjunto de herramientas cubre varias áreas de capacidad, incluyendo ingeniería inversa de código nativo, rastreo de ejecución a nivel de instrucción y simulación de puente JNI. Proporciona observabilidad a través de registros de lectura/escritura de memoria y un depurador de consola, mientras utiliza un pool de emuladores thread-safe para reducir la sobrecarga de inicialización.
Provides tools for analyzing, disassembling, and profiling compiled native binaries.
Qira is a binary analysis platform and execution tracer that records every instruction and data access during program execution for interactive playback and debugging. It functions as a runtime analysis environment that uses QEMU to trace execution and inspect memory and register states. The system provides a binary static analysis tool that maps program structure and annotates instructions based on captured runtime data. It includes a runtime memory analyzer to monitor reads and writes to specific addresses and an interactive debugger for navigating execution timelines. The platform covers
Supports annotating binary code and mapping program structure through combined static and runtime analysis.
Lockdoor-Framework es una suite de pruebas de penetración modular diseñada para facilitar evaluaciones de seguridad integrales a través de una interfaz de línea de comandos centralizada. Funciona como una plataforma integrada para reconocimiento, escaneo de vulnerabilidades y explotación de sistemas objetivo, proporcionando un entorno unificado para gestionar flujos de trabajo de seguridad complejos. El framework se distingue por una arquitectura de plugins modular que permite la extensión de capacidades centrales sin modificar el código base subyacente. Incorpora un pipeline de reconocimiento automatizado para mapear superficies de ataque y aprovecha la integración de herramientas externas para envolver utilidades estándar de la industria, permitiendo a los usuarios ejecutar diversas operaciones de seguridad dentro de un sistema único y cohesivo. La herramienta cubre una amplia superficie de capacidades, incluyendo análisis binario e ingeniería inversa para examinar software compilado, así como escaneo automatizado de aplicaciones web para identificar fallos de inyección y errores de configuración. También admite pruebas a nivel de sistema, como escalada de privilegios y auditoría de contraseñas, e incluye un motor dedicado para agregar hallazgos en informes de evaluación de seguridad estandarizados.
Examines compiled software using reverse engineering and debugging techniques to identify hidden malicious behavior or vulnerabilities.