awesome-repositories.com
Blog
awesome-repositories.com

Découvrez les meilleurs dépôts open-source grâce à notre recherche par IA.

ExplorerRecherches sélectionnéesAlternatives open sourceLogiciels auto-hébergésBlogPlan du site
ProjetÀ proposNotre méthodologiePresseServeur MCP
Mentions légalesConfidentialitéConditions d'utilisation
© 2026 Bringes Technology SRL·VAT RO45896025·hello@awesome-repositories.com
·

50 dépôts

Awesome GitHub RepositoriesReverse Engineering

Frameworks and debuggers for static and dynamic binary analysis.

Explore 50 awesome GitHub repositories matching part of an awesome list · Reverse Engineering. Refine with filters or upvote what's useful.

Awesome Reverse Engineering GitHub Repositories

Trouvez les meilleurs dépôts grâce à l'IA.Nous recherchons les dépôts les plus pertinents grâce à l'IA.
  • nationalsecurityagency/ghidraAvatar de NationalSecurityAgency

    NationalSecurityAgency/ghidra

    69,740Voir sur GitHub↗

    Ghidra is a software reverse engineering suite designed to analyze compiled binaries and reconstruct program logic without access to original source code. It provides an interactive environment for disassembly and decompilation, utilizing a platform-independent intermediate representation to maintain consistency across diverse hardware architectures. The framework supports automated binary analysis through programmatic routines, enabling the investigation of complex code patterns and security indicators. The platform distinguishes itself through a modular architecture that allows for extensiv

    Comprehensive suite for software reverse engineering and analysis.

    Javadisassemblerreverse-engineeringsoftware-analysis
    Voir sur GitHub↗69,740
  • skylot/jadxAvatar de skylot

    skylot/jadx

    49,088Voir sur GitHub↗

    Jadx is a comprehensive Java decompilation suite designed to transform compiled binary application files into readable source code. It functions as a static analysis workbench, providing a graphical interface for navigating, searching, and inspecting the internal logic of complex software packages. By utilizing a bytecode-to-Java pipeline, the project reconstructs high-level logical structures from low-level binary instructions, making it a primary tool for Android application reverse engineering. The project distinguishes itself through a sophisticated control flow reconstruction engine and

    Decompiles Android APK files.

    Javaandroiddecompilerdex
    Voir sur GitHub↗49,088
  • 0xd4d/dnspyAvatar de 0xd4d

    0xd4d/dnSpy

    29,539Voir sur GitHub↗

    dnSpy is a specialized toolset for the reverse engineering, analysis, and modification of compiled .NET binaries. It functions as a decompiler that converts assemblies back into readable high-level source code, an assembly editor for modifying bytecode and metadata, and a debugger for inspecting compiled binaries. The project integrates a hex editor specifically for inspecting and modifying raw bytes and Common Intermediate Language structures. It allows for the direct modification of binary contents to change application behavior without requiring the original project source files. The tool

    Edits, decompiles, and debugs .NET assemblies.

    C#
    Voir sur GitHub↗29,539
  • radare/radare2Avatar de radare

    radare/radare2

    24,129Voir sur GitHub↗

    radare2 is a reverse engineering framework and binary analysis toolset. It functions as a multi-architecture disassembler, low-level binary debugger, and hexadecimal editor for inspecting executable structures and interpreting machine code when original source files are unavailable. The framework provides capabilities for decompiling machine instructions, performing symbolic analysis, and diffing binary files to identify structural changes across versions. It also includes a digital forensic analyzer and disk analyzer for browsing filesystem formats in userland. The toolset supports binary p

    Portable framework for reverse engineering.

    C
    Voir sur GitHub↗24,129
  • radareorg/radare2Avatar de radareorg

    radareorg/radare2

    23,120Voir sur GitHub↗

    Radare2 is a comprehensive framework for reverse engineering and analyzing compiled software. It provides a command-line environment designed for disassembling, debugging, and patching binary executables across a wide range of processor architectures and operating systems. The system distinguishes itself through a modular, plugin-based architecture that supports cross-platform analysis and automated workflows. It utilizes memory-mapped file access to enable efficient structural inspection and modification of binaries without requiring full file loads. By lifting machine instructions into a un

    Low-level toolchain for forensics, debugging, and binary exploitation.

    Cbinary-analysisccommandline
    Voir sur GitHub↗23,120
  • rizinorg/cutterAvatar de rizinorg

    rizinorg/cutter

    18,957Voir sur GitHub↗

    Cutter is a binary analysis platform and graphical user interface for the Rizin reverse engineering framework. It provides an environment for analyzing the internal logic and data structures of compiled binaries through integrated disassembly and visualization. The platform supports a containerized deployment model to provide isolated environments for binary analysis, which is used to examine suspicious binaries without risking the host system. It is an extensible security tool that allows for the addition of custom analysis capabilities and visualizers via native plugins and scripts. The to

    Advanced graphical platform for reverse engineering and binary analysis.

    C++
    Voir sur GitHub↗18,957
  • devttys0/binwalkAvatar de devttys0

    devttys0/binwalk

    14,048Voir sur GitHub↗

    Binwalk is a firmware analysis tool and binary data carver used to identify and extract embedded files and data segments from binary images. It functions as an embedded file extractor and data entropy analyzer to retrieve fragments from binary blobs when original file system structures are missing. The tool employs signature-based pattern matching and linear byte-stream scanning to detect known byte sequences and isolate hidden files. It uses sliding-window entropy analysis to locate regions of a file that are compressed or encrypted. The system supports recursive file carving, utilizing heu

    Analyzes and extracts firmware images.

    Rust
    Voir sur GitHub↗14,048
  • z3prover/z3Avatar de Z3Prover

    Z3Prover/z3

    11,936Voir sur GitHub↗

    Z3 is an automated theorem prover and satisfiability modulo theories solver designed to determine the validity of complex logical formulas. It functions as a formal verification framework, enabling the systematic checking of hardware and software system specifications against defined logical constraints to identify inconsistencies or design flaws. The engine distinguishes itself through a combination of theory-specific decision procedures and symbolic execution capabilities. It employs conflict-driven clause learning and backtracking search algorithms to prune search spaces, while maintaining

    Theorem prover for symbolic execution.

    C++
    Voir sur GitHub↗11,936
  • pwndbg/pwndbgAvatar de pwndbg

    pwndbg/pwndbg

    10,051Voir sur GitHub↗

    pwndbg is a GDB plugin and binary analysis framework designed for reverse engineering, exploit development, and low-level program analysis. It extends the core functionality of the debugger to provide advanced memory inspection and automation tools. The project distinguishes itself with specialized capabilities for heap analysis across glibc, jemalloc, and musl, as well as a comprehensive kernel debugging toolkit for inspecting Linux kernel tasks and slab allocators. It includes an integrated ROP gadget searcher for constructing exploit chains and an LLM-powered debugging assistant that provi

    GDB plugin for easier exploit development.

    Pythonbinary-ninjacapture-the-flagctf
    Voir sur GitHub↗10,051
  • angr/angrAvatar de angr

    angr/angr

    8,898Voir sur GitHub↗

    Angr is a binary analysis framework and static analysis tool used for reverse engineering compiled binaries. It serves as a binary decompiler and a lifting platform that translates machine code into a common intermediate representation to enable cross-architecture analysis. The framework integrates a symbolic execution engine and constraint solvers to determine the inputs required to reach specific program states. It also employs untrusted code sandboxing to isolate guest code from the host environment during analysis. Its capabilities cover control flow and data flow analysis, including the

    Platform-agnostic binary analysis framework.

    Python
    Voir sur GitHub↗8,898
  • sensepost/objectionAvatar de sensepost

    sensepost/objection

    8,896Voir sur GitHub↗

    Objection is a dynamic instrumentation framework and runtime exploration toolkit for mobile application security analysis. It provides a command-line interface to interact with the memory and state of iOS and Android applications during active execution, serving as a toolkit for runtime analysis and security testing. The project distinguishes itself by providing specialized capabilities to bypass common mobile security controls, including SSL pinning, biometric authentication, and root or jailbreak detection. It enables the extraction of sensitive credentials and data from secure storage syst

    Explores mobile applications at runtime.

    Pythonandroidframeworkfrida
    Voir sur GitHub↗8,896
  • aquynh/capstoneAvatar de aquynh

    aquynh/capstone

    8,839Voir sur GitHub↗

    Capstone is a multi-architecture disassembly framework and binary translation system. It converts binary machine code into human-readable assembly instructions for a wide variety of hardware instruction set architectures and virtual machines. The framework supports a diverse range of targets, including x86, ARM, RISC-V, and MIPS, as well as virtual machine environments like WebAssembly and the Ethereum Virtual Machine. It functions as an instruction analysis tool capable of extracting granular decomposition data and semantic information from disassembled code. The engine is designed for low-

    Disassembles binary code across multiple architectures.

    C
    Voir sur GitHub↗8,839
  • hugsy/gefAvatar de hugsy

    hugsy/gef

    8,020Voir sur GitHub↗

    GEF is a Python-based extension for GDB that serves as a framework for binary analysis, exploit development, and low-level debugging. It functions as a dynamic analysis extension designed to assist in reverse engineering workflows and malware analysis by enhancing the debugger's ability to inspect process state and memory. The project is distinguished by its specialized heap analysis tools, which allow for the inspection of glibc heap arenas, bins, and chunks to detect memory corruption. It also provides a dedicated toolkit for exploit development, including cyclic pattern generation for offs

    Enhanced GDB plugin for exploit development.

    Pythonbinary-ninjactfdebugging
    Voir sur GitHub↗8,020
  • longld/pedaAvatar de longld

    longld/peda

    6,130Voir sur GitHub↗

    Peda est une suite d'outils de sécurité et un framework de développement d'exploits conçus pour l'analyse binaire, l'automatisation de débogueur et l'inspection de la mémoire. Il fonctionne comme un ensemble de scripts Python qui étendent un débogueur pour automatiser l'analyse des fichiers compilés et l'inspection de la mémoire des processus. Le projet fournit des utilitaires spécialisés pour la recherche sur la corruption de mémoire, y compris un utilitaire de génération de payload pour créer des motifs cycliques afin de découvrir les dépassements de tampon (buffer overflows) et un chercheur de gadgets pour localiser les séquences de programmation orientée retour (ROP) au sein des binaires. Il se distingue en offrant un outil de visualisation qui transforme les données brutes des registres, du désassemblage et de la mémoire en texte codé par couleur pour simplifier l'analyse des états du CPU. Le framework couvre un large éventail de capacités, notamment l'analyse de sécurité binaire pour détecter les protections, le scan de mémoire par expression régulière et la capacité de mapper les environnements de processus directement depuis le noyau système. Il inclut également des outils pour modifier les adresses mémoire et générer des templates de shellcode.

    GDB plugin for exploit development.

    Python
    Voir sur GitHub↗6,130
  • androguard/androguardAvatar de androguard

    androguard/androguard

    6,116Voir sur GitHub↗

    Reverse engineering and pentesting for Android applications

    Reverse engineers Android applications.

    Python
    Voir sur GitHub↗6,116
  • jonathansalwan/tritonAvatar de JonathanSalwan

    JonathanSalwan/Triton

    4,202Voir sur GitHub↗

    Triton is a dynamic binary analysis framework designed to automate reverse engineering. It functions as a multi-architecture CPU emulator, an SMT-based symbolic execution engine, and a dynamic taint analysis tool. The framework translates raw machine instructions into abstract syntax trees, allowing it to represent binary program logic as a structured intermediate representation. This allows the system to map multiple hardware instruction sets to a single analysis framework and translate machine instructions into mathematical formulas for solving constraints. Its capabilities cover the simul

    Dynamic binary analysis framework.

    C++
    Voir sur GitHub↗4,202
  • x64dbg/scyllahideAvatar de x64dbg

    x64dbg/ScyllaHide

    4,167Voir sur GitHub↗

    ScyllaHide est un plugin de contournement d'anti-débogage et un outil de rétro-ingénierie conçu pour masquer un débogueur à une application cible. Il fonctionne comme une bibliothèque de hooking d'API en mode utilisateur et un framework d'injection de DLL qui empêche les programmes de se détecter et de se fermer lorsqu'ils sont analysés. Le projet permet l'analyse de logiciels malveillants et l'étude de logiciels protégés en neutralisant les défenses de sécurité. Il y parvient en interceptant et en modifiant les réponses des bibliothèques système pour tromper les applications sur leur environnement d'exécution. L'utilitaire emploie plusieurs méthodes techniques pour maintenir la furtivité, notamment le hooking d'API inline, le proxying d'appels système et le patching du bloc d'environnement de processus (PEB). Il gère également les traps en mode utilisateur et utilise la redirection de bibliothèques dynamiques pour filtrer les réponses d'API sensibles.

    Hides debuggers from anti-debugging techniques.

    C++
    Voir sur GitHub↗4,167
  • plasma-disassembler/plasmaAvatar de plasma-disassembler

    plasma-disassembler/plasma

    3,073Voir sur GitHub↗

    Plasma is an interactive disassembler for x86/ARM/MIPS. It can generates indented pseudo-code with colored syntax.

    Provides an interactive disassembler for multiple architectures.

    Python
    Voir sur GitHub↗3,073
  • joelpx/plasmaAvatar de joelpx

    joelpx/plasma

    3,072Voir sur GitHub↗

    Plasma is an interactive disassembler for x86/ARM/MIPS. It can generates indented pseudo-code with colored syntax.

    Interactive disassembler with pseudo-code generation.

    Python
    Voir sur GitHub↗3,072
  • eteran/edb-debuggerAvatar de eteran

    eteran/edb-debugger

    2,926Voir sur GitHub↗

    edb is a cross-platform AArch32/x86/x86-64 debugger.

    Cross-platform debugger for AArch32 and x86 architectures.

    C++c-plus-pluscapstonedebugger
    Voir sur GitHub↗2,926
Préc.123Suivant
  1. Home
  2. Part of an Awesome List
  3. Security & Privacy
  4. Reverse Engineering