awesome-repositories.com
Blog
awesome-repositories.com

Descubre los mejores repositorios open-source con nuestra búsqueda potenciada por IA.

ExplorarBúsquedas curadasAlternativas open-sourceSoftware autohospedableBlogMapa del sitio
ProyectoAcerca deCómo clasificamosPrensaServidor MCP
Aviso legalPrivacidadTérminos
© 2026 Bringes Technology SRL·VAT RO45896025·hello@awesome-repositories.com
·

8 repositorios

Awesome GitHub RepositoriesBinary Pattern Matching

Searching for specific byte sequences within executable files and documents.

Distinguishing note: None of the candidates cover general binary byte-sequence matching; they focus on domain names or generic data structures.

Explore 8 awesome GitHub repositories matching security & cryptography · Binary Pattern Matching. Refine with filters or upvote what's useful.

Awesome Binary Pattern Matching GitHub Repositories

Encuentra los mejores repositorios con IA.Buscaremos los repositorios que mejor coincidan usando IA.
  • virustotal/yaraAvatar de VirusTotal

    VirusTotal/yara

    9,420Ver en GitHub↗

    YARA is a pattern matching engine and binary analysis tool used to identify and classify malware samples. It functions as a malware research framework that allows for the definition of file descriptions and detection rules to find indicators of compromise within binaries. The system enables the creation of custom detection rules using strings, wildcards, and regular expressions. These rules use boolean logic to match textual or binary patterns, allowing for the classification of files into specific malware families and the automation of threat intelligence. The engine utilizes Aho-Corasick s

    Searches through executable files for specific byte sequences to identify software versions or hidden threats.

    Cyara
    Ver en GitHub↗9,420
  • de4dot/de4dotAvatar de de4dot

    de4dot/de4dot

    7,428Ver en GitHub↗

    de4dot is a .NET deobfuscator and unpacker designed to reverse obfuscation and restore readable code and metadata within .NET assemblies. It functions as a bytecode analyzer that simplifies control flow, strips anti-debugging protections, and extracts original payloads from packed executable wrappers. The project distinguishes itself through a modular deobfuscation pipeline and a sandbox environment used for dynamic string decryption, which executes decryption methods to replace encrypted strings with plain-text values. It can identify specific obfuscation tools through pattern-based binary a

    Identifies obfuscation tools by scanning binary headers and metadata for known byte-sequence signatures.

    C#
    Ver en GitHub↗7,428
  • 0xd4d/de4dotAvatar de 0xd4d

    0xd4d/de4dot

    7,426Ver en GitHub↗

    de4dot is a .NET deobfuscator, unpacker, and assembly analysis tool. It is designed to remove obfuscation layers, restore metadata, and simplify bytecode control flow to transform protected binaries back into human-readable code. The project features specialized systems for decrypting strings and constants using both static and dynamic analysis. It identifies specific protection tools through pattern-based detection and strips anti-analysis protections, such as tamper detection and anti-debugging code. The tool provides a suite of reverse engineering capabilities, including binary wrapper un

    Identifies protection tools by matching specific byte patterns within binary metadata.

    C#
    Ver en GitHub↗7,426
  • rust-lang/rfcsAvatar de rust-lang

    rust-lang/rfcs

    6,406Ver en GitHub↗

    The Rust RFCs repository is the formal home for the Rust language evolution process, housing the structured design documents and community review mechanisms that govern changes to the Rust programming language, its compiler, and its standard library. It defines the complete lifecycle for proposing, discussing, and implementing substantial changes through RFC documents, from initial submission and community feedback through final comment periods and sub-team sign-offs. The repository codifies the governance and collaboration processes that shape Rust's development, including mechanisms for com

    Enables pattern matching on byte arrays using byte literal syntax in match expressions.

    Markdownrfcrfc-processrust
    Ver en GitHub↗6,406
  • yara-rules/rulesAvatar de Yara-Rules

    Yara-Rules/rules

    4,712Ver en GitHub↗

    This project is a community-curated repository of YARA rules used to detect malware, webshells, and other malicious patterns in files. It serves as a dataset of signatures for identifying known malware families, software packers, and threat intelligence indicators. The collection provides specialized detection capabilities for identifying exploit kits and anti-analysis evasion techniques, such as anti-debugging and anti-virtualization methods. It also includes signatures for cryptographic algorithm detection and the identification of unauthorized remote administration tools on servers. The r

    Provides signatures for searching specific byte sequences within executable files and documents to identify malware.

    YARA
    Ver en GitHub↗4,712
  • hluwa/frida-dexdumpAvatar de hluwa

    hluwa/frida-dexdump

    4,487Ver en GitHub↗

    frida-dexdump is an Android memory forensics tool that recovers Dalvik Executable (DEX) files from running application processes using the Frida dynamic instrumentation framework. It functions as a Frida-based runtime analyzer and DEX memory dumper, capable of extracting obfuscated or packed DEX files without modifying the Android system. The tool distinguishes itself through its ability to repair corrupted or missing DEX file headers using heuristic analysis and fuzzy matching techniques. It employs fuzzy boundary detection to identify DEX file boundaries in memory even when headers are dama

    Scans process heap and mapped memory regions for Dalvik Executable magic bytes and structural markers using pattern-based search.

    Python
    Ver en GitHub↗4,487
  • extremecoders-re/pyinstxtractorAvatar de extremecoders-re

    extremecoders-re/pyinstxtractor

    4,119Ver en GitHub↗

    pyinstxtractor is a PyInstaller executable unpacker and Python bytecode recovery tool. It functions as a helper for decompiling compiled Python binaries by extracting bundled binaries and bytecode from executables created with PyInstaller. The project includes a bytecode decryptor to remove encryption from extracted files and a header repair tool that restores corrupted headers. These capabilities ensure that extracted compiled files are compatible with bytecode decompilation software. The utility covers reverse engineering of Python applications, supporting malware analysis workflows throug

    Searches for specific byte sequences in executables to identify the boundaries of embedded files.

    Pythondecompilepycpyc-files
    Ver en GitHub↗4,119
  • mandiant/flare-flossAvatar de mandiant

    mandiant/flare-floss

    3,886Ver en GitHub↗

    Flare-floss is a security utility and static binary string extractor designed to uncover hidden text and configuration data within compiled binaries. It functions as an obfuscated string decoder and reverse engineering tool to translate encoded strings into readable text for security auditing. The project employs emulated execution to capture the decrypted state of strings in memory by running small chunks of binary code in a virtual CPU. It further utilizes static analysis disassembly, intermediate representation analysis, and heuristic-based pattern matching to identify and decode strings t

    Scans binary data for specific byte sequences and opcodes to identify obfuscated string routines.

    Pythondeobfuscationflaregsoc-2026
    Ver en GitHub↗3,886
  1. Home
  2. Security & Cryptography
  3. Binary Pattern Matching

Explorar subetiquetas

  • Byte Literal Pattern Matching1 sub-etiquetaPattern matching on byte arrays using byte literal ranges and values for binary data processing. **Distinct from Binary Pattern Matching:** Distinct from Binary Pattern Matching: focuses on language-level pattern matching with byte literals, not on searching for byte sequences in executables.