Open-source alternatives to Retdec

ILSpy is a .NET decompiler and binary analyzer designed to convert compiled .NET assemblies back into readable C# source code. It functions as a metadata explorer and a common intermediate language viewer, enabling the analysis of compiled code and the execution of reverse engineering workflows. The project distinguishes itself through specialized translation capabilities, such as converting compiled binary XML (BAML) back into human-readable XAML for user interface analysis. It also provides tools for inspecting native machine code and extracting metadata from program database (PDB) files.

Flare-floss is a security utility and static binary string extractor designed to uncover hidden text and configuration data within compiled binaries. It functions as an obfuscated string decoder and reverse engineering tool to translate encoded strings into readable text for security auditing. The project employs emulated execution to capture the decrypted state of strings in memory by running small chunks of binary code in a virtual CPU. It further utilizes static analysis disassembly, intermediate representation analysis, and heuristic-based pattern matching to identify and decode strings t

pwndbg is a GDB plugin and binary analysis framework designed for reverse engineering, exploit development, and low-level program analysis. It extends the core functionality of the debugger to provide advanced memory inspection and automation tools. The project distinguishes itself with specialized capabilities for heap analysis across glibc, jemalloc, and musl, as well as a comprehensive kernel debugging toolkit for inspecting Linux kernel tasks and slab allocators. It includes an integrated ROP gadget searcher for constructing exploit chains and an LLM-powered debugging assistant that provi

Jadx is a comprehensive Java decompilation suite designed to transform compiled binary application files into readable source code. It functions as a static analysis workbench, providing a graphical interface for navigating, searching, and inspecting the internal logic of complex software packages. By utilizing a bytecode-to-Java pipeline, the project reconstructs high-level logical structures from low-level binary instructions, making it a primary tool for Android application reverse engineering. The project distinguishes itself through a sophisticated control flow reconstruction engine and

de4dot is a .NET deobfuscator, unpacker, and assembly analysis tool. It is designed to remove obfuscation layers, restore metadata, and simplify bytecode control flow to transform protected binaries back into human-readable code. The project features specialized systems for decrypting strings and constants using both static and dynamic analysis. It identifies specific protection tools through pattern-based detection and strips anti-analysis protections, such as tamper detection and anti-debugging code. The tool provides a suite of reverse engineering capabilities, including binary wrapper un

dnSpy is a desktop application designed for the analysis, debugging, and modification of compiled .NET assemblies. It functions as an assembly analysis suite and decompiler, translating binary instruction streams back into readable source code to facilitate reverse engineering when original source files are unavailable. The tool distinguishes itself through an integrated binary patching engine and metadata editor, which allow for the direct modification of executable logic and internal metadata tables. It supports in-process debugging instrumentation, enabling users to inject runtime hooks, s

Binsider is a collection of specialized toolsets for hexadecimal editing, ELF structural analysis, system call tracing, and execution performance profiling. It provides a suite of utilities designed for binary reverse engineering, encompassing both static structural analysis and dynamic runtime monitoring of compiled binaries. The project distinguishes itself by combining low-level binary manipulation, such as a hex editor for raw byte modification, with an ELF binary analysis tool for inspecting file structures and metadata. It also includes a Linux system call tracer for observing dynamic b

GhidraMCP is a Model Context Protocol server that exposes Ghidra binary analysis and decompilation functions to external intelligence models. It acts as a bridge that connects the Ghidra reverse engineering suite to external tools through a standardized communication protocol, facilitating automated reverse engineering and software auditing. The project enables the extraction of decompiled code and program structural data to populate the context windows of language models. It features a binary symbol management tool capable of dynamic symbol resolution, allowing method and data names to be up

This project is a structured course and instructional guide focused on x64 Windows reverse engineering. It provides a curriculum for analyzing and decompiling Windows binaries through the study of assembly language and operating system internals. The material covers Windows binary analysis and malware analysis, with a specific focus on interpreting x64 machine code to recover original program logic. It guides the user through the process of tracing program behavior and logging function calls to understand how binaries operate. The technical scope includes assembly-level decompilation, debugg

This project is a desktop application designed for the reverse engineering and inspection of compiled Java code. It functions as a graphical interface that translates Java bytecode back into readable source code, allowing users to examine the internal logic of class files and archives when original source files are unavailable. The tool provides a structured environment for navigating complex file hierarchies, including nested archives like JAR and WAR files. By maintaining an in-memory representation of loaded classes, it enables rapid searching and cross-referencing of code elements. The ap

dex2jar is an Android dex decompiler and reverse engineering tool designed to convert Dalvik executable bytecode into Java class files. It functions as a bytecode converter that transforms compiled Android binaries into a format compatible with standard Java analysis tools. The project facilitates Android app decompilation and Java bytecode recovery by translating executable files into readable structures. This allows for the analysis of application logic and the identification of security vulnerabilities or malicious behavior during Android malware analysis. The tool performs static bytecod

Capstone is a multi-architecture disassembly framework and binary translation system. It converts binary machine code into human-readable assembly instructions for a wide variety of hardware instruction set architectures and virtual machines. The framework supports a diverse range of targets, including x86, ARM, RISC-V, and MIPS, as well as virtual machine environments like WebAssembly and the Ethereum Virtual Machine. It functions as an instruction analysis tool capable of extracting granular decomposition data and semantic information from disassembled code. The engine is designed for low-

dnSpy is a specialized toolset for the reverse engineering, analysis, and modification of compiled .NET binaries. It functions as a decompiler that converts assemblies back into readable high-level source code, an assembly editor for modifying bytecode and metadata, and a debugger for inspecting compiled binaries. The project integrates a hex editor specifically for inspecting and modifying raw bytes and Common Intermediate Language structures. It allows for the direct modification of binary contents to change application behavior without requiring the original project source files. The tool

This project is a graphical Windows debugger designed for the analysis and manipulation of compiled binary applications. It functions as a comprehensive binary analysis suite, providing a real-time environment for inspecting CPU registers, monitoring memory states, and tracing instruction execution to investigate system-level software behavior. The tool distinguishes itself through an event-driven debugging loop that allows for precise process control and state modification during runtime. It supports advanced analysis techniques, including hardware-breakpoint injection for monitoring memory

android-common is a collection of shared utility components and framework libraries for Android development. It provides specialized toolkits for reverse engineering, system utility management, data caching, and high-performance user interface components. The project includes a reverse engineering toolkit for inspecting application internals through package decompilation and manifest data extraction. It also features a system utility toolkit for managing file operations and executing shell commands within the Android operating system. The library covers several capability areas, including da

Retoolkit is a reverse engineering tool orchestrator and malware analysis environment provisioner for Windows. It functions as a binary analysis workflow automator that installs and configures the specialized software toolchains required for security research. The project manages the execution and lifecycle of standalone analysis binaries through a registry-based Windows shell context menu. This integration allows users to launch external tools directly from the file system right-click menu by passing selected file paths as command line arguments to third-party executables. The system covers

Cutter is a binary analysis platform and graphical user interface for the Rizin reverse engineering framework. It provides an environment for analyzing the internal logic and data structures of compiled binaries through integrated disassembly and visualization. The platform supports a containerized deployment model to provide isolated environments for binary analysis, which is used to examine suspicious binaries without risking the host system. It is an extensible security tool that allows for the addition of custom analysis capabilities and visualizers via native plugins and scripts. The to

de4dot is a .NET deobfuscator and unpacker designed to reverse obfuscation and restore readable code and metadata within .NET assemblies. It functions as a bytecode analyzer that simplifies control flow, strips anti-debugging protections, and extracts original payloads from packed executable wrappers. The project distinguishes itself through a modular deobfuscation pipeline and a sandbox environment used for dynamic string decryption, which executes decryption methods to replace encrypted strings with plain-text values. It can identify specific obfuscation tools through pattern-based binary a

RevokeMsgPatcher is a binary patching utility designed to modify the execution logic of desktop messaging applications. By applying low-level changes to compiled executable files and libraries, the tool enables functionality not natively supported by the original software, specifically focusing on message persistence and process management. The utility distinguishes itself through targeted binary instrumentation and control flow redirection. It identifies specific function patterns and memory offsets within proprietary software to inject custom assembly instructions. These modifications allow

This project is a comprehensive, community-curated directory of cybersecurity resources, tools, and educational materials. It functions as a centralized index for researchers and students to discover frameworks and utilities across the entire security lifecycle, ranging from initial vulnerability assessment to post-exploitation analysis. The repository distinguishes itself through a hierarchical taxonomy that organizes diverse security disciplines into a searchable, version-controlled knowledge base. Rather than hosting software directly, it utilizes a decentralized aggregation model that lin

Pwntools is a Python-based framework designed for rapid prototyping and automation in binary exploitation, reverse engineering, and security research. It serves as a comprehensive toolkit for interacting with local and remote processes, providing the primitives necessary to manage complex exploit workflows and streamline security analysis tasks. The framework distinguishes itself through its specialized capabilities for binary manipulation and automated exploit construction. It includes dedicated utilities for parsing executable file formats, assembling and disassembling machine code, and gen

XenonRecomp is a static binary translator and Xbox 360 game recompiler. It functions as a binary analysis tool and native code generator that converts machine instructions from Xbox 360 game executables into C++ source code for recompilation on different hardware platforms. The tool features specialized capabilities for translating compiled binaries, including the conversion of assembly jump tables into native switch cases and the detection of function boundaries using stack space data and branch link instructions. It optimizes translated code by converting non-volatile and non-argument regis

This project is a game source code decompilation effort that reconstructs a functional C source code representation of a commercial game from its original binary. It provides a compilation system designed to produce binary ROM files that are bit-for-bit identical to original commercial releases. The project utilizes a containerized toolchain environment to ensure consistent compilation of legacy game source code across different operating systems. This pipeline transforms the decompiled C source into hardware-compatible binaries for the Nintendo 64. The workflow encompasses C-based source re

This project is a diagnostic toolset used to scan CPU hardware and Linux kernel images to assess susceptibility to Spectre, Meltdown, and other transient execution vulnerabilities. It functions as a vulnerability scanner and security auditor designed to identify side-channel attack risks and verify the status of hardware-level security patches. The tool provides capabilities for both active system assessment and standalone kernel image security analysis. It evaluates the presence of security mitigations by analyzing CPU hardware and kernel configurations without requiring a running kernel or

Apkleaks is a static analysis tool and security auditor designed to extract hardcoded secrets, API endpoints, and sensitive data from Android application packages. It operates as a secret scanner that analyzes compiled binaries without executing them to identify potential information leaks and insecure endpoints. The tool utilizes a regex-based data extraction engine to identify sensitive strings within decompiled code. It supports customization through JSON-defined search patterns and provides configuration flags to tune the behavior of the underlying disassembler. The analysis pipeline enc

Android Classyshark is a binary analysis toolset designed to extract structural data from Android executable files. It functions as a bytecode viewer and binary XML parser to analyze compiled Java and Android binaries. The project converts binary XML files into readable formats for the inspection of application manifests, layouts, and resource files. It also provides the ability to analyze class interfaces, members, and dependency counts without requiring access to the original source code. The toolset supports static analysis and the export of binary information into plain text formats for

gdsdecomp is a project recovery suite and game engine reverse engineering toolset. It functions as a bytecode decompiler, binary resource converter, and asset extraction tool designed to reconstruct original directory hierarchies and scripts from compiled binary game assets. The toolset specializes in GDScript bytecode decompilation and compilation, translating compiled bytecode back into human-readable source code or converting source code into executable bytecode for specific engine versions and commit hashes. It includes a game archive patcher to modify project archives by replacing intern