awesome-repositories.com
Blog
awesome-repositories.com

Découvrez les meilleurs dépôts open-source grâce à notre recherche par IA.

ExplorerRecherches sélectionnéesAlternatives open sourceLogiciels auto-hébergésBlogPlan du site
ProjetÀ proposNotre méthodologiePresseServeur MCP
Mentions légalesConfidentialitéConditions d'utilisation
© 2026 Bringes Technology SRL·VAT RO45896025·hello@awesome-repositories.com
·

36 dépôts

Awesome GitHub RepositoriesBinary Analysis Tools

Libraries and utilities for inspecting, disassembling, and extracting information from compiled binary files.

Distinguishing note: This category focuses on low-level binary inspection and code extraction, distinct from general-purpose system administration or security auditing.

Explore 36 awesome GitHub repositories matching operating systems & systems programming · Binary Analysis Tools. Refine with filters or upvote what's useful.

Awesome Binary Analysis Tools GitHub Repositories

Trouvez les meilleurs dépôts grâce à l'IA.Nous recherchons les dépôts les plus pertinents grâce à l'IA.
  • skylot/jadxAvatar de skylot

    skylot/jadx

    49,088Voir sur GitHub↗

    Jadx is a comprehensive Java decompilation suite designed to transform compiled binary application files into readable source code. It functions as a static analysis workbench, providing a graphical interface for navigating, searching, and inspecting the internal logic of complex software packages. By utilizing a bytecode-to-Java pipeline, the project reconstructs high-level logical structures from low-level binary instructions, making it a primary tool for Android application reverse engineering. The project distinguishes itself through a sophisticated control flow reconstruction engine and

    Provides core components for embedding automated binary-to-source extraction into custom software.

    Javaandroiddecompilerdex
    Voir sur GitHub↗49,088
  • x64dbg/x64dbgAvatar de x64dbg

    x64dbg/x64dbg

    48,652Voir sur GitHub↗

    This project is a graphical Windows debugger designed for the analysis and manipulation of compiled binary applications. It functions as a comprehensive binary analysis suite, providing a real-time environment for inspecting CPU registers, monitoring memory states, and tracing instruction execution to investigate system-level software behavior. The tool distinguishes itself through an event-driven debugging loop that allows for precise process control and state modification during runtime. It supports advanced analysis techniques, including hardware-breakpoint injection for monitoring memory

    Provides a comprehensive environment for reverse engineering by monitoring memory and registers.

    C++binary-analysisctfcybersecurity
    Voir sur GitHub↗48,652
  • huihut/interviewAvatar de huihut

    huihut/interview

    37,972Voir sur GitHub↗

    This project is a comprehensive technical knowledge base designed to support developers in mastering systems programming and preparing for technical assessments. It provides a structured collection of fundamental computer science concepts, mapping high-level language constructs to low-level hardware memory layouts, runtime object lifecycles, and system-level operations. The repository distinguishes itself through a hierarchical approach that bridges the gap between theoretical principles and practical implementation. It offers detailed guidance on C++ language mechanisms, standard library usa

    Documents cross-language interoperability and library linking mechanisms to ensure consistent communication between compiled modules.

    C++algorithmccpp
    Voir sur GitHub↗37,972
  • huiyadanli/revokemsgpatcherAvatar de huiyadanli

    huiyadanli/RevokeMsgPatcher

    37,926Voir sur GitHub↗

    RevokeMsgPatcher is a binary patching utility designed to modify the execution logic of desktop messaging applications. By applying low-level changes to compiled executable files and libraries, the tool enables functionality not natively supported by the original software, specifically focusing on message persistence and process management. The utility distinguishes itself through targeted binary instrumentation and control flow redirection. It identifies specific function patterns and memory offsets within proprietary software to inject custom assembly instructions. These modifications allow

    Identifies specific memory offsets and function patterns within software to locate target code blocks.

    C#hex-editorpatchpc
    Voir sur GitHub↗37,926
  • 0xd4d/dnspyAvatar de 0xd4d

    0xd4d/dnSpy

    29,539Voir sur GitHub↗

    dnSpy is a specialized toolset for the reverse engineering, analysis, and modification of compiled .NET binaries. It functions as a decompiler that converts assemblies back into readable high-level source code, an assembly editor for modifying bytecode and metadata, and a debugger for inspecting compiled binaries. The project integrates a hex editor specifically for inspecting and modifying raw bytes and Common Intermediate Language structures. It allows for the direct modification of binary contents to change application behavior without requiring the original project source files. The tool

    Inspects compiled binaries to understand application logic and execution flow when original source code is missing.

    C#
    Voir sur GitHub↗29,539
  • dnspy/dnspyAvatar de dnSpy

    dnSpy/dnSpy

    28,993Voir sur GitHub↗

    dnSpy is a desktop application designed for the analysis, debugging, and modification of compiled .NET assemblies. It functions as an assembly analysis suite and decompiler, translating binary instruction streams back into readable source code to facilitate reverse engineering when original source files are unavailable. The tool distinguishes itself through an integrated binary patching engine and metadata editor, which allow for the direct modification of executable logic and internal metadata tables. It supports in-process debugging instrumentation, enabling users to inject runtime hooks, s

    Provides a comprehensive toolkit for exploring internal organization of compiled software.

    C#
    Voir sur GitHub↗28,993
  • radare/radare2Avatar de radare

    radare/radare2

    24,129Voir sur GitHub↗

    radare2 is a reverse engineering framework and binary analysis toolset. It functions as a multi-architecture disassembler, low-level binary debugger, and hexadecimal editor for inspecting executable structures and interpreting machine code when original source files are unavailable. The framework provides capabilities for decompiling machine instructions, performing symbolic analysis, and diffing binary files to identify structural changes across versions. It also includes a digital forensic analyzer and disk analyzer for browsing filesystem formats in userland. The toolset supports binary p

    Ships a comprehensive toolset for inspecting, disassembling, and extracting information from compiled binary files.

    C
    Voir sur GitHub↗24,129
  • radareorg/radare2Avatar de radareorg

    radareorg/radare2

    23,120Voir sur GitHub↗

    Radare2 is a comprehensive framework for reverse engineering and analyzing compiled software. It provides a command-line environment designed for disassembling, debugging, and patching binary executables across a wide range of processor architectures and operating systems. The system distinguishes itself through a modular, plugin-based architecture that supports cross-platform analysis and automated workflows. It utilizes memory-mapped file access to enable efficient structural inspection and modification of binaries without requiring full file loads. By lifting machine instructions into a un

    Examines file formats to identify symbols, strings, and function entry points for mapping internal binary layouts.

    Cbinary-analysisccommandline
    Voir sur GitHub↗23,120
  • iovisor/bccAvatar de iovisor

    iovisor/bcc

    22,459Voir sur GitHub↗

    BCC is an eBPF development toolkit and tracing framework used for monitoring and analyzing the Linux kernel. It functions as a performance analysis tool and debugging utility to capture system events, measure kernel latency, and provide network observability. The project distinguishes itself by providing a build system that integrates with LLVM to compile C-like code into BPF bytecode at runtime. It utilizes BPF Type Format data for relocations to maintain cross-kernel compatibility and extracts kernel headers to ensure the generated programs match the specific kernel version. The toolkit co

    Implements runtime relocation logic using BPF Type Format data to ensure cross-kernel compatibility.

    C
    Voir sur GitHub↗22,459
  • frida/fridaAvatar de frida

    frida/frida

    19,778Voir sur GitHub↗

    Frida is a dynamic binary instrumentation toolkit that provides a framework for deep process introspection and live application state manipulation. It enables the injection of custom scripts into running processes to trace function calls, modify memory, and analyze application behavior in real-time across diverse operating systems and processor architectures. The project distinguishes itself by embedding a high-performance JavaScript engine directly within the target process, allowing for the execution of user-defined logic for real-time inspection. It utilizes instruction-level hooking to re

    Provides mechanisms for dynamically adjusting memory addresses and registers to ensure stability during cross-architecture binary injection.

    Mesonfridainstrumentationvala
    Voir sur GitHub↗19,778
  • rizinorg/cutterAvatar de rizinorg

    rizinorg/cutter

    18,957Voir sur GitHub↗

    Cutter is a binary analysis platform and graphical user interface for the Rizin reverse engineering framework. It provides an environment for analyzing the internal logic and data structures of compiled binaries through integrated disassembly and visualization. The platform supports a containerized deployment model to provide isolated environments for binary analysis, which is used to examine suspicious binaries without risking the host system. It is an extensible security tool that allows for the addition of custom analysis capabilities and visualizers via native plugins and scripts. The to

    Runs analysis tools inside containers with mapped files to ensure consistent and secure execution.

    C++
    Voir sur GitHub↗18,957
  • rui314/moldAvatar de rui314

    rui314/mold

    16,190Voir sur GitHub↗

    Mold is a high-performance linker designed to replace standard system tools for the creation of executable binaries and shared libraries. It functions as a drop-in replacement for existing linkers, focusing on accelerating the final build phase of large software projects to improve developer productivity. The tool achieves its performance by utilizing multi-threaded processing to distribute the linking of object files across multiple CPU cores. It supports cross-architecture binary linking, allowing it to process compiled files for diverse platforms efficiently. By intercepting standard linke

    Processes compiled object files into executable binaries efficiently across multiple CPU architectures to speed up development cycles.

    C++
    Voir sur GitHub↗16,190
  • gallopsled/pwntoolsAvatar de Gallopsled

    Gallopsled/pwntools

    13,271Voir sur GitHub↗

    Pwntools is a Python-based framework designed for rapid prototyping and automation in binary exploitation, reverse engineering, and security research. It serves as a comprehensive toolkit for interacting with local and remote processes, providing the primitives necessary to manage complex exploit workflows and streamline security analysis tasks. The framework distinguishes itself through its specialized capabilities for binary manipulation and automated exploit construction. It includes dedicated utilities for parsing executable file formats, assembling and disassembling machine code, and gen

    Offers a suite of tools for parsing, inspecting, and extracting information from compiled binary files.

    Pythonassemblybsdcapture-the-flag
    Voir sur GitHub↗13,271
  • horsicq/detect-it-easyAvatar de horsicq

    horsicq/Detect-It-Easy

    10,266Voir sur GitHub↗

    Detect-It-Easy is a binary file identifier and analysis toolkit designed to determine file formats, compilers, and packers. It functions as a binary file identifier that utilizes signature matching and heuristic analysis to identify executable and archive formats. The project includes a custom file signature engine and a scriptable rule system for defining and applying detection logic to identify specific binary patterns. It features specialized detectors for Android packages, such as APK and DEX files, and a malware packer detector to identify protections, obfuscators, and virus families. T

    Offers a comprehensive set of utilities for opcode calculation, debug symbol extraction, and system structure inspection.

    JavaScriptbinary-analysisdebuggerdetect
    Voir sur GitHub↗10,266
  • virustotal/yaraAvatar de VirusTotal

    VirusTotal/yara

    9,420Voir sur GitHub↗

    YARA is a pattern matching engine and binary analysis tool used to identify and classify malware samples. It functions as a malware research framework that allows for the definition of file descriptions and detection rules to find indicators of compromise within binaries. The system enables the creation of custom detection rules using strings, wildcards, and regular expressions. These rules use boolean logic to match textual or binary patterns, allowing for the classification of files into specific malware families and the automation of threat intelligence. The engine utilizes Aho-Corasick s

    Provides a utility for inspecting the contents of binaries to find indicators of compromise.

    Cyara
    Voir sur GitHub↗9,420
  • capstone-engine/capstoneAvatar de capstone-engine

    capstone-engine/capstone

    8,858Voir sur GitHub↗

    Capstone is a multi-architecture disassembly framework and binary analysis engine. It translates raw machine code from various CPU architectures, such as x86, ARM, and RISC-V, into human-readable assembly instructions. The engine distinguishes itself by providing instruction semantic decomposition, which lists implicit registers read and written, and the ability to customize instruction mnemonics to meet specific technical analysis standards. It also features resilient stream disassembly, allowing the process to resynchronize and continue after encountering invalid instructions or embedded da

    Decomposes machine instructions into granular semantics and extracts detailed operand and register access information.

    Carmarm64bpf
    Voir sur GitHub↗8,858
  • aquynh/capstoneAvatar de aquynh

    aquynh/capstone

    8,839Voir sur GitHub↗

    Capstone is a multi-architecture disassembly framework and binary translation system. It converts binary machine code into human-readable assembly instructions for a wide variety of hardware instruction set architectures and virtual machines. The framework supports a diverse range of targets, including x86, ARM, RISC-V, and MIPS, as well as virtual machine environments like WebAssembly and the Ethereum Virtual Machine. It functions as an instruction analysis tool capable of extracting granular decomposition data and semantic information from disassembled code. The engine is designed for low-

    Provides a lightweight binary analysis engine designed for use in firmware or operating system kernels.

    C
    Voir sur GitHub↗8,839
  • hugsy/gefAvatar de hugsy

    hugsy/gef

    8,020Voir sur GitHub↗

    GEF is a Python-based extension for GDB that serves as a framework for binary analysis, exploit development, and low-level debugging. It functions as a dynamic analysis extension designed to assist in reverse engineering workflows and malware analysis by enhancing the debugger's ability to inspect process state and memory. The project is distinguished by its specialized heap analysis tools, which allow for the inspection of glibc heap arenas, bins, and chunks to detect memory corruption. It also provides a dedicated toolkit for exploit development, including cyclic pattern generation for offs

    Executes analysis tasks across various CPU architectures using a unified and extensible interface.

    Pythonbinary-ninjactfdebugging
    Voir sur GitHub↗8,020
  • n64recomp/n64recompAvatar de N64Recomp

    N64Recomp/N64Recomp

    7,877Voir sur GitHub↗

    N64Recomp is a static recompiler and binary-to-C translator designed to convert Nintendo 64 machine code and MIPS architecture binaries into C source code. This system functions as a game console decompiler that enables the native execution of legacy binaries on modern platforms by eliminating the need for runtime interpreters. The project distinguishes itself by translating specialized RSP microcode into executable source code to replace traditional microcode emulation. It employs a system of relocation macros and lookup tables to resolve relocatable memory overlays and dynamic program secti

    Uses relocation macros and lookup tables to resolve dynamic memory addresses for relocatable program overlays.

    C++
    Voir sur GitHub↗7,877
  • google/android-classysharkAvatar de google

    google/android-classyshark

    7,565Voir sur GitHub↗

    Android Classyshark is a binary analysis toolset designed to extract structural data from Android executable files. It functions as a bytecode viewer and binary XML parser to analyze compiled Java and Android binaries. The project converts binary XML files into readable formats for the inspection of application manifests, layouts, and resource files. It also provides the ability to analyze class interfaces, members, and dependency counts without requiring access to the original source code. The toolset supports static analysis and the export of binary information into plain text formats for

    Provides a suite for extracting structural data from Android executable files for external tools and CI pipelines.

    Java
    Voir sur GitHub↗7,565
Préc.12Suivant
  1. Home
  2. Operating Systems & Systems Programming
  3. Binary Analysis Capabilities
  4. Binary Analysis Tools

Explorer les sous-tags

  • Binary Difference Analysis1 sous-tagAnalyzing compiled binaries to identify specific content changes between different versions. **Distinct from Binary Analysis Tools:** Focuses on comparing two versions of a binary rather than general inspection or disassembly.
  • Cross-Architecture Analysis Tools5 sous-tagsTools for analyzing and disassembling binaries across multiple processor architectures. **Distinct from Binary Analysis Tools:** Distinct from general binary analysis tools: focuses on the cross-architecture capability within a unified environment.
  • Isolated Environments1 sous-tagContainerized runtimes for executing binary analysis tools securely and consistently. **Distinct from Binary Analysis Tools:** Focuses on the isolation and deployment environment of the tools rather than the analysis techniques themselves