30 open-source projects similar to extremecoders-re/pyinstxtractor, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best Pyinstxtractor alternative.
de4dot is a .NET deobfuscator, unpacker, and assembly analysis tool. It is designed to remove obfuscation layers, restore metadata, and simplify bytecode control flow to transform protected binaries back into human-readable code. The project features specialized systems for decrypting strings and constants using both static and dynamic analysis. It identifies specific protection tools through pattern-based detection and strips anti-analysis protections, such as tamper detection and anti-debugging code. The tool provides a suite of reverse engineering capabilities, including binary wrapper un
de4dot is a .NET deobfuscator and unpacker designed to reverse obfuscation and restore readable code and metadata within .NET assemblies. It functions as a bytecode analyzer that simplifies control flow, strips anti-debugging protections, and extracts original payloads from packed executable wrappers. The project distinguishes itself through a modular deobfuscation pipeline and a sandbox environment used for dynamic string decryption, which executes decryption methods to replace encrypted strings with plain-text values. It can identify specific obfuscation tools through pattern-based binary a
pe-sieve is a set of diagnostic tools for scanning Windows process memory to identify malicious implants, shellcode, and hooks. It functions as an in-memory implant detector, malware unpacker, and process callstack analyzer designed to locate and dump memory patches and injected code from running processes. The project identifies advanced evasion techniques, such as process hollowing and reflective injection, by verifying portable executable structures in memory. It distinguishes itself by analyzing process callstacks to detect anomalies and redirections and by reconstructing executable heade
Flare-floss is a security utility and static binary string extractor designed to uncover hidden text and configuration data within compiled binaries. It functions as an obfuscated string decoder and reverse engineering tool to translate encoded strings into readable text for security auditing. The project employs emulated execution to capture the decrypted state of strings in memory by running small chunks of binary code in a virtual CPU. It further utilizes static analysis disassembly, intermediate representation analysis, and heuristic-based pattern matching to identify and decode strings t
YARA is a pattern matching engine and binary analysis tool used to identify and classify malware samples. It functions as a malware research framework that allows for the definition of file descriptions and detection rules to find indicators of compromise within binaries. The system enables the creation of custom detection rules using strings, wildcards, and regular expressions. These rules use boolean logic to match textual or binary patterns, allowing for the classification of files into specific malware families and the automation of threat intelligence. The engine utilizes Aho-Corasick s
python-uncompyle6 is a Python bytecode decompiler and source code recoverer. It converts compiled Python bytecode files back into human-readable source code by identifying code structures and parsing jump instructions. The tool functions as a cross-version bytecode analyzer and disassembler, enabling the inspection and reconstruction of programs created across different versions of the Python interpreter. It identifies logical blocks and branch instructions to recover high-level constructs such as if-else statements, loop structures, comprehensions, and lambdas. Its capabilities include byte
RetDec is a reverse engineering framework and static binary analysis tool. Its primary purpose is to function as an LLVM-based machine code decompiler that translates binary machine code from multiple architectures into high-level C source code. The system employs a multi-stage lifting pipeline to recover program logic, using an intermediate representation to apply optimizations before emitting source code. It distinguishes itself through the ability to identify compilers and packers, perform executable unpacking, and reconstruct class hierarchies and original program structures. The framewo
Steamless is a specialized utility designed to strip SteamStub digital rights management wrappers from game executables. It functions as a decryptor and unpacker that removes these protection layers to recover the raw binary data of the original application. By removing the platform-specific wrapper, the tool restores original entry points and enables executables to run without requiring an authenticated platform instance. This process prepares game binaries for modification by removing the layers that typically prevent third-party tools from accessing the code. The project utilizes static b
pycdc is a reverse engineering toolset that decompiles and disassembles compiled Python bytecode files back into readable source code. It parses .pyc file headers, reconstructs abstract syntax trees from bytecode instructions, and handles version-specific opcodes across Python versions 1.0 through 3.13 with endian-aware binary parsing. The tool recovers numeric constants, string literals, and marshalled Python objects from compiled bytecode, supporting both file-based and in-memory bytecode loading. It provides a human-readable disassembly listing of bytecode instructions alongside full sourc
Cuckoo is an open-source automated malware analysis system that executes suspicious files inside isolated virtual machines and produces structured behavioral reports. The platform captures system calls, file operations, and network activity during execution, compiling them into comprehensive analysis documents for programmatic consumption. The system operates through a modular analysis pipeline that processes behavioral data, applying YARA signature patterns against captured artifacts to identify known malware families. Each analysis run starts from a clean virtual machine snapshot to ensure
Keka is a file compression and archive extraction utility designed for macOS and iOS. It functions as a tool to shrink the size of files and folders to optimize storage and speed up data transfers. The application serves as an encrypted archive manager, allowing users to protect compressed files with passwords and encryption to ensure private data sharing and secure transmission. The software covers broad capabilities in file archiving, including the ability to compress data into archival formats and unpack various archive formats to restore original content to the local system.
This project is a comprehensive, community-driven directory of open-source tools, datasets, and documentation for malware analysis and cybersecurity research. It serves as a centralized index for security professionals and researchers to locate resources for investigating, reverse engineering, and analyzing malicious software. The directory organizes information through a structured taxonomy, covering specialized domains such as memory forensics, network traffic inspection, and honeypot threat research. By aggregating links to external utilities and frameworks, it provides a platform-agnostic
This project is a red teaming knowledge base and offensive security playbook designed to simulate adversary behavior. It serves as a comprehensive collection of technical guides and tactics for executing red team operations. The repository provides detailed instructions for Active Directory exploitation, including Kerberos abuse and domain privilege escalation. It covers defense evasion through API unhooking and payload obfuscation, as well as Windows internals research involving the manipulation of kernel objects and system memory. The capability surface extends to network penetration testi
This project is a curated repository of remote access trojan binaries and malware samples. It serves as a structured analysis dataset and security research toolset designed for studying the behavior and inner workings of remote administration tools. The collection provides a versioned archive of malware samples and backdoor interfaces, with specific categorizations for target platforms including Windows and Android. It organizes these binaries to facilitate the study of malware evolution and the identification of technical patterns. The repository covers several security research areas, incl
Flare-VM is a collection of scripts and an orchestrator designed to automate the installation and configuration of a reverse engineering toolset on Windows virtual machines. It functions as a provisioning system that deploys a consistent environment for malware analysis and security research on guest operating systems. The project utilizes a configuration manager and a graphical interface to allow for the selection of specific software packages and environment variables. It employs a curated manifest to manage the installation of compatible security tools and modifies system registries and ta
7-Zip is a data compression tool and file archiver designed for creating and extracting archives. It functions as a utility for reducing the storage requirements of files and folders through high-ratio lossless compression and managing the 7z open-standard format. The software provides capabilities for cross-platform archive management, allowing users to open and create various archive formats across different operating systems. It supports data backup and recovery, as well as the packaging of multiple files into single archives for distribution. The project implements a variety of compressi
This project is a set of specialized utilities for generating malformed documents, obfuscating payloads, and crafting specific attack vectors to evaluate the resilience of security scanners. It functions as a PDF fuzzing framework and security testing tool designed to create PDF files with embedded payloads for verifying how document viewers and web applications handle vulnerabilities. The toolkit provides capabilities for encoding and hiding malicious content to test the detection effectiveness of security scanners. It includes a security payload generator for crafting specific attack vector
Flare-VM is a Windows malware analysis environment consisting of installation scripts that automate the provisioning of a virtual machine. It provides a comprehensive suite of reverse engineering tools, including decompilers and debuggers, along with the necessary system configurations and environment variables for security research. The project functions as a virtual machine image orchestrator, allowing for the automated creation, management, and export of specialized analysis appliances. It features configuration-driven tool selection and the ability to extend installation logic through cus
PeaZip is a cross-platform archive manager and file compression utility. It functions as a tool for compressing, extracting, and managing files across various formats, including 7Z, ZIP, RAR, and TAR. The project includes a specialized archive format converter for adjusting compatibility and compression levels, and a file integrity verifier for calculating checksums and hashes. It provides security tools for protecting data via authenticated encryption and passwords, as well as secure file deletion to permanently erase data from disk space. The application covers a broad range of capabilitie
dex2jar is an Android dex decompiler and reverse engineering tool designed to convert Dalvik executable bytecode into Java class files. It functions as a bytecode converter that transforms compiled Android binaries into a format compatible with standard Java analysis tools. The project facilitates Android app decompilation and Java bytecode recovery by translating executable files into readable structures. This allows for the analysis of application logic and the identification of security vulnerabilities or malicious behavior during Android malware analysis. The tool performs static bytecod
This project is a curated archive and cybersecurity research dataset of raw source code from various malware families. It serves as a malware analysis library designed to help researchers study the inner workings of different threats and identify attack patterns across multiple platforms and programming languages. The repository supports security research by providing raw text distribution of original source code. This allows for the study of platform vulnerabilities, threat intelligence gathering, and the development of security products and detection signatures. The collection is organized
This project is a community-curated repository of YARA rules used to detect malware, webshells, and other malicious patterns in files. It serves as a dataset of signatures for identifying known malware families, software packers, and threat intelligence indicators. The collection provides specialized detection capabilities for identifying exploit kits and anti-analysis evasion techniques, such as anti-debugging and anti-virtualization methods. It also includes signatures for cryptographic algorithm detection and the identification of unauthorized remote administration tools on servers. The r
TheZoo is a centralized repository and management system designed for the storage, organization, and retrieval of live malicious software samples. It provides a structured environment for security researchers and educators to access, track, and analyze dangerous code for the purpose of threat intelligence and defense development. The system utilizes a command-line interface to manage the lifecycle of malware samples, including the preparation of new submissions and the querying of a centralized database. To ensure safety and authenticity, the platform stores binaries in password-protected, en
This project is a graphical Windows debugger designed for the analysis and manipulation of compiled binary applications. It functions as a comprehensive binary analysis suite, providing a real-time environment for inspecting CPU registers, monitoring memory states, and tracing instruction execution to investigate system-level software behavior. The tool distinguishes itself through an event-driven debugging loop that allows for precise process control and state modification during runtime. It supports advanced analysis techniques, including hardware-breakpoint injection for monitoring memory
Setuptools is a Python package build tool and distribution framework used to bundle code into distributable archives. It functions as a project metadata manager, allowing for the declarative definition of project identity, versioning, and dependencies. The toolkit distinguishes itself by providing an extension compiler for C and C++ source files and a plugin architecture that uses entry points to enable runtime discovery of functionality. It also supports development environment tooling, such as editable installs that link source code directly to the environment to allow immediate changes wit
radare2 is a reverse engineering framework and binary analysis toolset. It functions as a multi-architecture disassembler, low-level binary debugger, and hexadecimal editor for inspecting executable structures and interpreting machine code when original source files are unavailable. The framework provides capabilities for decompiling machine instructions, performing symbolic analysis, and diffing binary files to identify structural changes across versions. It also includes a digital forensic analyzer and disk analyzer for browsing filesystem formats in userland. The toolset supports binary p
Apktool is an Android APK reverse engineering tool designed to decode application packages into human-readable form and rebuild them after modification. It functions as a Dalvik bytecode disassembler and a resource decoder, transforming binary Android XML and DEX files into editable text and Smali representation. The project serves as an application rebuilder, packing modified resources and Smali code back into a functional Android application package. This capability enables the modification of application logic and resources for testing and deployment. The tool covers a broad surface of an
lf is a terminal-based file manager and TUI file explorer that provides keyboard-driven navigation for browsing and organizing files and directories. It operates as a shell-integrated tool that synchronizes the current working directory with the calling shell and supports vi-style keybindings for filesystem operations. The project distinguishes itself through its ability to render images directly in the terminal via the SIXEL graphics protocol and its shell-driven execution model, which allows users to extend functionality using external shell scripts and commands. It also implements a server
PCAPdroid is an Android network traffic analyzer and packet capture tool that operates without requiring root access. It functions as a VPN-based firewall and network controller, capable of recording traffic in PCAPng format and blocking connections to specific domains or malicious hosts. The project distinguishes itself through a proxy-based system for decrypting TLS traffic and routing device network traffic through SOCKS5 proxies or the Tor network. It further allows for the modification of live HTTP requests and responses via custom scripts. Its capabilities cover application connection
Kreuzberg is a document extraction engine that converts PDFs, Office files, images, and over 90 other formats into clean, structured text and metadata. It is built around a compiled Rust core that can be used as a native library, a command-line tool, a REST API server, or a WebAssembly module for browser-based processing. The system is designed to run entirely on self-hosted infrastructure, with no data leaving the user's environment. What distinguishes Kreuzberg is its breadth of integration surfaces and its pipeline architecture. It exposes extraction capabilities through native bindings fo