30 open-source projects similar to dnspy/dnspy, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best DnSpy alternative.
radare2 is a reverse engineering framework and binary analysis toolset. It functions as a multi-architecture disassembler, low-level binary debugger, and hexadecimal editor for inspecting executable structures and interpreting machine code when original source files are unavailable. The framework provides capabilities for decompiling machine instructions, performing symbolic analysis, and diffing binary files to identify structural changes across versions. It also includes a digital forensic analyzer and disk analyzer for browsing filesystem formats in userland. The toolset supports binary p
RevokeMsgPatcher is a binary patching utility designed to modify the execution logic of desktop messaging applications. By applying low-level changes to compiled executable files and libraries, the tool enables functionality not natively supported by the original software, specifically focusing on message persistence and process management. The utility distinguishes itself through targeted binary instrumentation and control flow redirection. It identifies specific function patterns and memory offsets within proprietary software to inject custom assembly instructions. These modifications allow
This project is a graphical Windows debugger designed for the analysis and manipulation of compiled binary applications. It functions as a comprehensive binary analysis suite, providing a real-time environment for inspecting CPU registers, monitoring memory states, and tracing instruction execution to investigate system-level software behavior. The tool distinguishes itself through an event-driven debugging loop that allows for precise process control and state modification during runtime. It supports advanced analysis techniques, including hardware-breakpoint injection for monitoring memory
Pwntools is a Python-based framework designed for rapid prototyping and automation in binary exploitation, reverse engineering, and security research. It serves as a comprehensive toolkit for interacting with local and remote processes, providing the primitives necessary to manage complex exploit workflows and streamline security analysis tasks. The framework distinguishes itself through its specialized capabilities for binary manipulation and automated exploit construction. It includes dedicated utilities for parsing executable file formats, assembling and disassembling machine code, and gen
GKD is an automation engine that leverages the Android accessibility framework to monitor system events and execute predefined interaction rules. By acting as a background service, it identifies interface elements in real-time and performs automated tasks, such as dismissing pop-ups or navigating through application screens, based on the current state of the device. The project distinguishes itself through a declarative rule engine that processes human-readable configuration files. Users can define sophisticated interaction logic using a specialized selector syntax that supports hierarchical
Retdec is an LLVM-based machine code decompiler and static binary analysis tool designed for binary reverse engineering. It translates binary executable code into high-level representations to facilitate the reconstruction of program logic from compiled machine code. The system utilizes a retargetable frontend architecture and a multi-stage lifting pipeline to convert raw bytes into a common intermediate language. It differentiates custom program logic from known library code through signature-based identification and provides utilities for binary symbol demangling to restore human-readable n
Angr is a binary analysis framework and static analysis tool used for reverse engineering compiled binaries. It serves as a binary decompiler and a lifting platform that translates machine code into a common intermediate representation to enable cross-architecture analysis. The framework integrates a symbolic execution engine and constraint solvers to determine the inputs required to reach specific program states. It also employs untrusted code sandboxing to isolate guest code from the host environment during analysis. Its capabilities cover control flow and data flow analysis, including the
pwndbg is a GDB plugin and binary analysis framework designed for reverse engineering, exploit development, and low-level program analysis. It extends the core functionality of the debugger to provide advanced memory inspection and automation tools. The project distinguishes itself with specialized capabilities for heap analysis across glibc, jemalloc, and musl, as well as a comprehensive kernel debugging toolkit for inspecting Linux kernel tasks and slab allocators. It includes an integrated ROP gadget searcher for constructing exploit chains and an LLM-powered debugging assistant that provi
Jadx is a comprehensive Java decompilation suite designed to transform compiled binary application files into readable source code. It functions as a static analysis workbench, providing a graphical interface for navigating, searching, and inspecting the internal logic of complex software packages. By utilizing a bytecode-to-Java pipeline, the project reconstructs high-level logical structures from low-level binary instructions, making it a primary tool for Android application reverse engineering. The project distinguishes itself through a sophisticated control flow reconstruction engine and
Binsider is a collection of specialized toolsets for hexadecimal editing, ELF structural analysis, system call tracing, and execution performance profiling. It provides a suite of utilities designed for binary reverse engineering, encompassing both static structural analysis and dynamic runtime monitoring of compiled binaries. The project distinguishes itself by combining low-level binary manipulation, such as a hex editor for raw byte modification, with an ELF binary analysis tool for inspecting file structures and metadata. It also includes a Linux system call tracer for observing dynamic b
Capstone is a multi-architecture disassembly framework and binary translation system. It converts binary machine code into human-readable assembly instructions for a wide variety of hardware instruction set architectures and virtual machines. The framework supports a diverse range of targets, including x86, ARM, RISC-V, and MIPS, as well as virtual machine environments like WebAssembly and the Ethereum Virtual Machine. It functions as an instruction analysis tool capable of extracting granular decomposition data and semantic information from disassembled code. The engine is designed for low-
PS2Recomp is a static recompiler for PlayStation 2 that translates machine instructions from executable binaries into source code to enable execution on modern hardware. It functions as a binary-to-source translator and a binary analysis tool designed to facilitate the preservation of legacy software. The project distinguishes itself through a hardware emulation runtime that manages memory models and register contexts, combined with a static binary patcher for replacing raw instructions and overriding function bindings. It utilizes a specialized vector unit instruction execution system that m
Detect-It-Easy is a binary file identifier and analysis toolkit designed to determine file formats, compilers, and packers. It functions as a binary file identifier that utilizes signature matching and heuristic analysis to identify executable and archive formats. The project includes a custom file signature engine and a scriptable rule system for defining and applying detection logic to identify specific binary patterns. It features specialized detectors for Android packages, such as APK and DEX files, and a malware packer detector to identify protections, obfuscators, and virus families. T
dnSpy is a specialized suite of tools for the reverse engineering of .NET assemblies, functioning as a decompiler, assembly editor, and debugger. It translates compiled intermediate language back into high-level source code and provides an execution environment for stepping through compiled binaries to inspect runtime state without the original source files. The project includes a BAML decompiler that converts binary application markup language into a disassembled format and translates it into extensible markup language for user interface analysis. It also functions as a binary analysis tool
Selenium is a comprehensive browser automation framework that provides a standardized interface for controlling web browsers to perform automated tasks, user interactions, and data extraction. It functions as a cross-browser testing tool, enabling developers to execute identical automation scripts across various browser engines and operating systems to ensure consistent application behavior. By implementing the WebDriver protocol, it maps high-level automation commands to browser-specific drivers using a standardized HTTP-based wire protocol. The project distinguishes itself through its distr
This project is an educational resource and technical reference archive focused on the core architecture and counter-intuitive behaviors of the JavaScript programming language. It provides a comprehensive collection of language edge cases, syntax anomalies, and runtime inconsistencies that challenge standard developer assumptions. By grounding these examples in the official ECMAScript specification, the repository serves as a guide for understanding the underlying mechanics of the language. The project distinguishes itself by cataloging specific instances of type coercion, operator precedence
This project is a command-line processor designed for the parsing, filtering, and transformation of structured data streams. It functions as a declarative programming environment that treats data as immutable streams, allowing users to perform complex structural modifications through the composition of small, reusable functions. By utilizing a recursive tree traversal engine, the system enables the navigation, inspection, and modification of deeply nested hierarchical data structures. The engine distinguishes itself through a stream-oriented architecture that processes input records one by on
Kitty is a high-performance, GPU-accelerated terminal emulator designed to provide a consistent and extensible workspace across different operating systems. It leverages graphics hardware to render text, images, and complex layouts with low latency, while providing a robust environment for demanding command-line workflows. The project distinguishes itself through its integrated workspace management and programmable interface. It functions as a tiling window manager that organizes terminal windows, tabs, and layouts into persistent, keyboard-driven sessions. Users can automate complex workflow
This project is the core source code for a general-purpose, server-side scripting language designed for web development. It provides a high-performance execution engine that parses and runs scripts to generate dynamic content, supported by a comprehensive standard library for data manipulation, networking, and system interaction. The repository serves as an open-source development platform where the language runtime and its interpreter are built, maintained, and evolved through community-driven governance. The runtime is powered by a stack-based virtual machine that executes compiled bytecode
This project is an interactive command-line shell designed to provide a user-friendly terminal environment for system interaction and task automation. It functions as both an interactive interface for developers and a scripting runtime, featuring a clean, consistent syntax that simplifies command execution and process management. The shell distinguishes itself through a focus on discoverability and real-time feedback. It includes a predictive suggestion engine that offers command completions and history-based hints as you type, alongside a dedicated parser that provides immediate visual feedb
TextMate is a programmable text editor designed for software development and project management. It functions as a highly customizable environment where users can define language-specific behaviors, syntax highlighting rules, and automated workflows to suit their individual development needs. The editor distinguishes itself through a modular, bundle-based extensibility model that allows for deep integration with system shell commands. By piping document buffers through external scripts and command-line tools, users can perform complex text transformations, automate file lifecycle tasks, and b
This project is a structured course and instructional guide focused on x64 Windows reverse engineering. It provides a curriculum for analyzing and decompiling Windows binaries through the study of assembly language and operating system internals. The material covers Windows binary analysis and malware analysis, with a specific focus on interpreting x64 machine code to recover original program logic. It guides the user through the process of tracing program behavior and logging function calls to understand how binaries operate. The technical scope includes assembly-level decompilation, debugg
This project is a desktop application designed for the reverse engineering and inspection of compiled Java code. It functions as a graphical interface that translates Java bytecode back into readable source code, allowing users to examine the internal logic of class files and archives when original source files are unavailable. The tool provides a structured environment for navigating complex file hierarchies, including nested archives like JAR and WAR files. By maintaining an in-memory representation of loaded classes, it enables rapid searching and cross-referencing of code elements. The ap
Android Classyshark is a binary analysis toolset designed to extract structural data from Android executable files. It functions as a bytecode viewer and binary XML parser to analyze compiled Java and Android binaries. The project converts binary XML files into readable formats for the inspection of application manifests, layouts, and resource files. It also provides the ability to analyze class interfaces, members, and dependency counts without requiring access to the original source code. The toolset supports static analysis and the export of binary information into plain text formats for
LIEF is a framework for parsing, modifying, and analyzing executable binary formats and system shared caches across multiple platforms. It serves as a cross-platform library for the programmatic manipulation of ELF, PE, and MachO binary files. The project provides tools for altering the internal structure and sections of executable files to change program behavior. It also includes a dedicated parser for recovering individual dynamic libraries from combined system shared caches. The toolset covers binary executable analysis, machine code disassembly, and the extraction of debug metadata and
ILSpy is a .NET decompiler and binary analyzer designed to convert compiled .NET assemblies back into readable C# source code. It functions as a metadata explorer and a common intermediate language viewer, enabling the analysis of compiled code and the execution of reverse engineering workflows. The project distinguishes itself through specialized translation capabilities, such as converting compiled binary XML (BAML) back into human-readable XAML for user interface analysis. It also provides tools for inspecting native machine code and extracting metadata from program database (PDB) files.
de4dot is a .NET deobfuscator and unpacker designed to reverse obfuscation and restore readable code and metadata within .NET assemblies. It functions as a bytecode analyzer that simplifies control flow, strips anti-debugging protections, and extracts original payloads from packed executable wrappers. The project distinguishes itself through a modular deobfuscation pipeline and a sandbox environment used for dynamic string decryption, which executes decryption methods to replace encrypted strings with plain-text values. It can identify specific obfuscation tools through pattern-based binary a
Flare-floss is a security utility and static binary string extractor designed to uncover hidden text and configuration data within compiled binaries. It functions as an obfuscated string decoder and reverse engineering tool to translate encoded strings into readable text for security auditing. The project employs emulated execution to capture the decrypted state of strings in memory by running small chunks of binary code in a virtual CPU. It further utilizes static analysis disassembly, intermediate representation analysis, and heuristic-based pattern matching to identify and decode strings t
RetDec is a reverse engineering framework and static binary analysis tool. Its primary purpose is to function as an LLVM-based machine code decompiler that translates binary machine code from multiple architectures into high-level C source code. The system employs a multi-stage lifting pipeline to recover program logic, using an intermediate representation to apply optimizations before emitting source code. It distinguishes itself through the ability to identify compilers and packers, perform executable unpacking, and reconstruct class hierarchies and original program structures. The framewo
Retoolkit is a reverse engineering tool orchestrator and malware analysis environment provisioner for Windows. It functions as a binary analysis workflow automator that installs and configures the specialized software toolchains required for security research. The project manages the execution and lifecycle of standalone analysis binaries through a registry-based Windows shell context menu. This integration allows users to launch external tools directly from the file system right-click menu by passing selected file paths as command line arguments to third-party executables. The system covers