30 open-source projects similar to devttys0/binwalk, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best Binwalk alternative.
Binwalk is a firmware analysis and reverse engineering tool designed to identify, extract, and analyze embedded files and data types within binary firmware blobs. It functions as a binary file signature scanner and entropy analyzer to decompose firmware images into their constituent components. The tool distinguishes itself by combining signature-based pattern matching for known binary headers with entropy analysis. By calculating data randomness across file offsets, it can locate compressed or encrypted sections that do not possess known signatures. The project covers binary data forensics
Capstone is a multi-architecture disassembly framework and binary translation system. It converts binary machine code into human-readable assembly instructions for a wide variety of hardware instruction set architectures and virtual machines. The framework supports a diverse range of targets, including x86, ARM, RISC-V, and MIPS, as well as virtual machine environments like WebAssembly and the Ethereum Virtual Machine. It functions as an instruction analysis tool capable of extracting granular decomposition data and semantic information from disassembled code. The engine is designed for low-
ipsw is a specialized toolkit for iOS firmware analysis, binary reverse engineering, and hardware interaction. It provides a suite of tools for downloading, extracting, and analyzing firmware images and kernel caches, alongside a MachO binary analysis tool for disassembling and patching executables. The project distinguishes itself through integrated language-model-powered code reconstruction to translate machine code into high-level source code. It also features an automation client for the App Store Connect API to manage certificates and application settings. The framework covers a broad r
UEFITool is a firmware analysis tool and image editor designed for parsing, visualizing, and modifying UEFI firmware images. It functions as a specification parser that converts binary firmware data into structured formats based on standard platform interface specifications. The tool provides a visual interface to analyze the tree structure and internal data elements of UEFI platform images. It allows for the modification of firmware images to adjust system boot environments and includes capabilities to search for specific data patterns within binary images. The software covers a range of fi
Krakatau provides an assembler and disassembler for Java bytecode, which allows you to convert binary classfiles to a human readable text format, make changes, and convert it back to a classfile, even for obfuscated code. You can also create your own classfiles from scratch by writing bytecode…
Plasma is an interactive disassembler for x86/ARM/MIPS. It can generates indented pseudo-code with colored syntax.
dnSpy is a specialized toolset for the reverse engineering, analysis, and modification of compiled .NET binaries. It functions as a decompiler that converts assemblies back into readable high-level source code, an assembly editor for modifying bytecode and metadata, and a debugger for inspecting compiled binaries. The project integrates a hex editor specifically for inspecting and modifying raw bytes and Common Intermediate Language structures. It allows for the direct modification of binary contents to change application behavior without requiring the original project source files. The tool
Cutter is a binary analysis platform and graphical user interface for the Rizin reverse engineering framework. It provides an environment for analyzing the internal logic and data structures of compiled binaries through integrated disassembly and visualization. The platform supports a containerized deployment model to provide isolated environments for binary analysis, which is used to examine suspicious binaries without risking the host system. It is an extensible security tool that allows for the addition of custom analysis capabilities and visualizers via native plugins and scripts. The to
Plasma is an interactive disassembler for x86/ARM/MIPS. It can generates indented pseudo-code with colored syntax.
Ghidra is a software reverse engineering suite designed to analyze compiled binaries and reconstruct program logic without access to original source code. It provides an interactive environment for disassembly and decompilation, utilizing a platform-independent intermediate representation to maintain consistency across diverse hardware architectures. The framework supports automated binary analysis through programmatic routines, enabling the investigation of complex code patterns and security indicators. The platform distinguishes itself through a modular architecture that allows for extensiv
Python scriptable Reverse Engineering Sandbox, a Virtual Machine instrumentation and inspection framework based on QEMU
Jadx is a comprehensive Java decompilation suite designed to transform compiled binary application files into readable source code. It functions as a static analysis workbench, providing a graphical interface for navigating, searching, and inspecting the internal logic of complex software packages. By utilizing a bytecode-to-Java pipeline, the project reconstructs high-level logical structures from low-level binary instructions, making it a primary tool for Android application reverse engineering. The project distinguishes itself through a sophisticated control flow reconstruction engine and
radare2 is a reverse engineering framework and binary analysis toolset. It functions as a multi-architecture disassembler, low-level binary debugger, and hexadecimal editor for inspecting executable structures and interpreting machine code when original source files are unavailable. The framework provides capabilities for decompiling machine instructions, performing symbolic analysis, and diffing binary files to identify structural changes across versions. It also includes a digital forensic analyzer and disk analyzer for browsing filesystem formats in userland. The toolset supports binary p
ScyllaHide is an anti-debugger bypass plugin and reverse engineering tool designed to hide a debugger from a target application. It functions as a user-mode API hooking library and DLL injection framework that prevents programs from detecting and closing themselves when being analyzed. The project enables malware analysis and the study of protected software by neutralizing security defenses. It achieves this by intercepting and modifying system library responses to deceive applications about their execution environment. The utility employs several technical methods to maintain stealth, inclu
pwndbg is a GDB plugin and binary analysis framework designed for reverse engineering, exploit development, and low-level program analysis. It extends the core functionality of the debugger to provide advanced memory inspection and automation tools. The project distinguishes itself with specialized capabilities for heap analysis across glibc, jemalloc, and musl, as well as a comprehensive kernel debugging toolkit for inspecting Linux kernel tasks and slab allocators. It includes an integrated ROP gadget searcher for constructing exploit chains and an LLM-powered debugging assistant that provi
Automated static analysis tools for binary programs
Velociraptor is a digital forensics and incident response platform, endpoint detection and response system, and visibility tool. It provides a query engine and remote forensic collector used to hunt for indicators of compromise and perform triage across a fleet of hosts. The system is distinguished by its specialized query language for interrogating host state and parsing binary files. It features a notebook environment that combines markdown documentation with executable query cells to standardize investigative workflows and enable collaborative reporting. The platform covers a wide range o
DataX is a distributed data integration framework and plugin-based ETL tool designed for synchronizing large datasets between heterogeneous sources and destinations. It functions as a JDBC data migration engine and offline synchronization tool, enabling the movement of data between relational databases, NoSQL stores, and object storage. The system utilizes a plugin-based connector architecture that decouples reader and writer logic, allowing it to map and transform data types across different storage engines using a standardized internal representation. This design supports heterogeneous data
JsonPath is a Java library designed for querying and manipulating JSON documents using the JsonPath expression language. It functions as a query engine for extracting and filtering specific data from JSON structures through path-based expressions. The library provides capabilities for transforming JSON documents by modifying values or mapping extracted data into Java objects. It also includes an aggregation library for calculating statistical metrics, such as sums and averages, on numeric arrays. The project handles data extraction through array filtering and numerical aggregation. Performan
Crawlee-python is a web crawling framework for building scalable scrapers using Python. It serves as a comprehensive tool for web scraping automation, providing a system to extract structured data from websites using both lightweight HTTP requests and headless browser automation. The framework is distinguished by its anti-bot evasion capabilities, which include browser fingerprint impersonation and tiered proxy rotation to bypass detection systems and solve challenges such as Cloudflare. It also incorporates artificial intelligence for autonomous website navigation and schema-based data extra
This project is an open source Linux GPU kernel driver implemented as a loadable kernel module. It functions as a GPU firmware loader, providing the low-level driver services necessary to enable direct communication between the operating system and graphics processing units. The driver utilizes a dual-module architecture that separates GPL-licensed kernel code from proprietary firmware blobs. This system extracts and links signed binary firmware images into the kernel modules at driver load time. The project provides driver support for Turing-architecture GPUs and all subsequent newer hardwa
Apache JMeter is a Java-based performance testing tool and multi-protocol traffic simulator used to analyze the stability and scalability of servers and networks. It functions as a distributed load testing framework that coordinates remote worker nodes from a single controller to generate high volumes of concurrent traffic. The project is distinguished by its ability to simulate traffic across diverse backend systems, including HTTP, JDBC, LDAP, JMS, FTP, and TCP. It provides a headless command-line interface for automated execution and a reporting system that transforms raw sample logs into
SwiftyJSON is a Swift JSON parsing library and data wrapper designed to simplify the reading and manipulation of JSON structures. It provides a toolkit for converting raw JSON strings into structured formats without requiring manual type casting or optional chaining for every value. The library focuses on simplifying nested data extraction through subscript-based value access and recursive data resolution. It ensures optional-safe value retrieval by returning default empty values instead of crashing when encountering missing keys or out-of-bounds array indices. The project includes capabilit
pyWhat is a Python-based data extraction tool designed to scan files and text for sensitive identifiers, credentials, and network artifacts using regular expressions. It functions as a pattern matching engine and PII scanner capable of identifying personal identifiers and sensitive data patterns across directories and binary files. The project specializes in the identification of unknown data formats through file signatures and the extraction of high-value identifiers, such as URLs, IP addresses, and phone numbers, from network capture files. It utilizes a rarity-based filtering system and sp
EVTXtract recovers and reconstructs fragments of EVTX log files from raw binary data, including unallocated space and memory images.
Sample staging & detonation utility to be used in combination with Cuckoo Sandbox.
Scalpel is an open source data carving tool. It is not being actively maintained.
Hachoir is a Python library to view and edit a binary stream field by field
Capstone is a multi-architecture disassembly framework and binary analysis engine. It translates raw machine code from various CPU architectures, such as x86, ARM, and RISC-V, into human-readable assembly instructions. The engine distinguishes itself by providing instruction semantic decomposition, which lists implicit registers read and written, and the ability to customize instruction mnemonics to meet specific technical analysis standards. It also features resilient stream disassembly, allowing the process to resynchronize and continue after encountering invalid instructions or embedded da