30 open-source projects similar to mentebinaria/retoolkit, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best Retoolkit alternative.
Flare-VM is a Windows malware analysis environment consisting of installation scripts that automate the provisioning of a virtual machine. It provides a comprehensive suite of reverse engineering tools, including decompilers and debuggers, along with the necessary system configurations and environment variables for security research. The project functions as a virtual machine image orchestrator, allowing for the automated creation, management, and export of specialized analysis appliances. It features configuration-driven tool selection and the ability to extend installation logic through cus
This project is a structured course and instructional guide focused on x64 Windows reverse engineering. It provides a curriculum for analyzing and decompiling Windows binaries through the study of assembly language and operating system internals. The material covers Windows binary analysis and malware analysis, with a specific focus on interpreting x64 machine code to recover original program logic. It guides the user through the process of tracing program behavior and logging function calls to understand how binaries operate. The technical scope includes assembly-level decompilation, debugg
pwndbg is a GDB plugin and binary analysis framework designed for reverse engineering, exploit development, and low-level program analysis. It extends the core functionality of the debugger to provide advanced memory inspection and automation tools. The project distinguishes itself with specialized capabilities for heap analysis across glibc, jemalloc, and musl, as well as a comprehensive kernel debugging toolkit for inspecting Linux kernel tasks and slab allocators. It includes an integrated ROP gadget searcher for constructing exploit chains and an LLM-powered debugging assistant that provi
Flare-VM is a collection of scripts and an orchestrator designed to automate the installation and configuration of a reverse engineering toolset on Windows virtual machines. It functions as a provisioning system that deploys a consistent environment for malware analysis and security research on guest operating systems. The project utilizes a configuration manager and a graphical interface to allow for the selection of specific software packages and environment variables. It employs a curated manifest to manage the installation of compatible security tools and modifies system registries and ta
Retdec is an LLVM-based machine code decompiler and static binary analysis tool designed for binary reverse engineering. It translates binary executable code into high-level representations to facilitate the reconstruction of program logic from compiled machine code. The system utilizes a retargetable frontend architecture and a multi-stage lifting pipeline to convert raw bytes into a common intermediate language. It differentiates custom program logic from known library code through signature-based identification and provides utilities for binary symbol demangling to restore human-readable n
This project is a collection of scripts and configuration files designed to automate the deployment of developer toolsets, big data tools, and system-wide dotfiles. It serves as a provisioning system for installing languages, data analysis tools, and system dependencies across diverse programming stacks. The suite provides specialized automation for macOS developer onboarding and the setup of Python data science workflows. It includes dedicated installers for distributed processing engines like Spark and Hadoop, as well as environments for web and mobile development. The system covers a broa
radare2 is a reverse engineering framework and binary analysis toolset. It functions as a multi-architecture disassembler, low-level binary debugger, and hexadecimal editor for inspecting executable structures and interpreting machine code when original source files are unavailable. The framework provides capabilities for decompiling machine instructions, performing symbolic analysis, and diffing binary files to identify structural changes across versions. It also includes a digital forensic analyzer and disk analyzer for browsing filesystem formats in userland. The toolset supports binary p
dnSpy is a desktop application designed for the analysis, debugging, and modification of compiled .NET assemblies. It functions as an assembly analysis suite and decompiler, translating binary instruction streams back into readable source code to facilitate reverse engineering when original source files are unavailable. The tool distinguishes itself through an integrated binary patching engine and metadata editor, which allow for the direct modification of executable logic and internal metadata tables. It supports in-process debugging instrumentation, enabling users to inject runtime hooks, s
dex2jar is an Android dex decompiler and reverse engineering tool designed to convert Dalvik executable bytecode into Java class files. It functions as a bytecode converter that transforms compiled Android binaries into a format compatible with standard Java analysis tools. The project facilitates Android app decompilation and Java bytecode recovery by translating executable files into readable structures. This allows for the analysis of application logic and the identification of security vulnerabilities or malicious behavior during Android malware analysis. The tool performs static bytecod
Hyprdots is a collection of configuration files and installation scripts designed to set up and customize a Hyprland tiling window manager environment on Linux. It provides an automated system for deploying a personalized desktop interface, including pre-configured themes, styles, and keyboard shortcuts. The project utilizes a modular dotfiles management workflow to organize system settings into discrete files for visual styles and keybindings. It employs shell-scripted installation to automate dependency deployment and uses symbolic links to map a centralized configuration directory to syste
Binsider is a collection of specialized toolsets for hexadecimal editing, ELF structural analysis, system call tracing, and execution performance profiling. It provides a suite of utilities designed for binary reverse engineering, encompassing both static structural analysis and dynamic runtime monitoring of compiled binaries. The project distinguishes itself by combining low-level binary manipulation, such as a hex editor for raw byte modification, with an ELF binary analysis tool for inspecting file structures and metadata. It also includes a Linux system call tracer for observing dynamic b
Shell is a Windows File Explorer context menu manager and shell UI customizer. It functions as a registry-based shell extension that uses a declarative configuration engine to add, remove, and modify context menu entries within the operating system. The project distinguishes itself through a text-based configuration system that supports logical expressions and conditional rules to control menu item visibility. It allows for the creation of multi-level cascade menus and the integration of custom visual identifiers, including SVG icons and glyphs, directly into the shell interface. Broad capab
ILSpy is a .NET decompiler and binary analyzer designed to convert compiled .NET assemblies back into readable C# source code. It functions as a metadata explorer and a common intermediate language viewer, enabling the analysis of compiled code and the execution of reverse engineering workflows. The project distinguishes itself through specialized translation capabilities, such as converting compiled binary XML (BAML) back into human-readable XAML for user interface analysis. It also provides tools for inspecting native machine code and extracting metadata from program database (PDB) files.
mason.nvim is an external tool orchestrator and package manager for Neovim. It automates the installation and lifecycle management of language servers, debuggers, and formatters by acting as a client for remote tooling registries. The project functions as a security-focused installer, utilizing a security firewall to scan and block the installation of compromised or malicious packages. It synchronizes local metadata with remote registries to discover and update available development software. The system handles the full lifecycle of external binaries, including downloading, versioning, and r
OpenInTerminal is a system interface extension for macOS that provides a custom Finder context menu, toolbar extensions, and clipboard utilities. It functions as a terminal emulator launcher and a shell path utility, allowing users to interact with the macOS file system through external applications. The project enables the launch of terminals and text editors directly from the file manager. It includes a shell path utility to copy escaped file paths to the clipboard and supports the configuration of specific terminal emulators and code editors. The software covers workflow automation throug
Flare-floss is a security utility and static binary string extractor designed to uncover hidden text and configuration data within compiled binaries. It functions as an obfuscated string decoder and reverse engineering tool to translate encoded strings into readable text for security auditing. The project employs emulated execution to capture the decrypted state of strings in memory by running small chunks of binary code in a virtual CPU. It further utilizes static analysis disassembly, intermediate representation analysis, and heuristic-based pattern matching to identify and decode strings t
Voidrice is a collection of Linux and Unix dotfiles and a shell-scripted provisioning suite designed to establish a standardized, minimalist desktop environment. It provides a set of configuration files for shells, text editors, and system utilities to ensure a consistent workspace across different machines. The project employs a symlink-based configuration manager to map system files to a central repository for easier versioning. It also includes a text-based directory bookmark system that uses flat text files to index and jump to favorite system paths. The suite covers broad capability are
GhidraMCP is a Model Context Protocol server that exposes Ghidra binary analysis and decompilation functions to external intelligence models. It acts as a bridge that connects the Ghidra reverse engineering suite to external tools through a standardized communication protocol, facilitating automated reverse engineering and software auditing. The project enables the extraction of decompiled code and program structural data to populate the context windows of language models. It features a binary symbol management tool capable of dynamic symbol resolution, allowing method and data names to be up
Homestead is a virtual machine provisioner that creates a standardized PHP development environment. It provides a disposable development workspace that isolates project dependencies and server tools from the host operating system, using Vagrant to orchestrate the machine lifecycle. The system functions as a local site orchestrator, allowing users to map custom domains to specific project folders through virtual host routing and network port forwarding. It includes a dedicated local mail testing tool that intercepts outgoing application emails in a dashboard for inspection without sending them
BaoTa is a web-based Linux server control panel and system administration dashboard designed for managing hosting environments and system resources. It provides a graphical interface to translate administrative actions into system-level configurations, allowing users to manage Linux servers and web hosting stacks without relying solely on the command line. The platform distinguishes itself through AI-driven server operations, utilizing artificial intelligence for performance analysis and the execution of maintenance tasks via natural language commands. It supports multi-node orchestration, en
Breeze Shell is a custom shell extension and operating system context menu customizer. It provides a replacement interface for native system menus, allowing for the modification of both the behavior and appearance of right-click interactions. The project enables the addition of custom buttons and actions to system menus through an embedded script interface. It allows for the complete replacement of default operating system menus with custom interfaces that feature unique visual themes and animations. The software integrates with the operating system to intercept context menu events and injec
Angr is a binary analysis framework and static analysis tool used for reverse engineering compiled binaries. It serves as a binary decompiler and a lifting platform that translates machine code into a common intermediate representation to enable cross-architecture analysis. The framework integrates a symbolic execution engine and constraint solvers to determine the inputs required to reach specific program states. It also employs untrusted code sandboxing to isolate guest code from the host environment during analysis. Its capabilities cover control flow and data flow analysis, including the
Rundeck is a job scheduling and automation platform that enables organizations to execute operational tasks across servers, containers, and cloud APIs from a central web console or API. It functions as a multi-node command execution engine, allowing scripts and commands to run across distributed Linux and Windows nodes, and serves as a self-service operations portal that delegates specific tasks to authorized users without granting full system access. The platform also operates as an incident response automation tool, automatically triggering diagnostic and remediation workflows when monitorin
Gow is a collection of tools designed to install Unix-based system utilities on Windows and extend the Windows shell with custom context menu options. It provides a suite of open source binary applications that bring common Unix system administration and file manipulation tools to the Windows operating system. The project integrates these utilities into the Windows environment by managing system environment paths and distributing static, portable binaries. It further extends the Windows File Explorer by adding context menu options that allow users to launch command and terminal prompts direct
Cutter is a binary analysis platform and graphical user interface for the Rizin reverse engineering framework. It provides an environment for analyzing the internal logic and data structures of compiled binaries through integrated disassembly and visualization. The platform supports a containerized deployment model to provide isolated environments for binary analysis, which is used to examine suspicious binaries without risking the host system. It is an extensible security tool that allows for the addition of custom analysis capabilities and visualizers via native plugins and scripts. The to
de4dot is a .NET deobfuscator and unpacker designed to reverse obfuscation and restore readable code and metadata within .NET assemblies. It functions as a bytecode analyzer that simplifies control flow, strips anti-debugging protections, and extracts original payloads from packed executable wrappers. The project distinguishes itself through a modular deobfuscation pipeline and a sandbox environment used for dynamic string decryption, which executes decryption methods to replace encrypted strings with plain-text values. It can identify specific obfuscation tools through pattern-based binary a
RevokeMsgPatcher is a binary patching utility designed to modify the execution logic of desktop messaging applications. By applying low-level changes to compiled executable files and libraries, the tool enables functionality not natively supported by the original software, specifically focusing on message persistence and process management. The utility distinguishes itself through targeted binary instrumentation and control flow redirection. It identifies specific function patterns and memory offsets within proprietary software to inject custom assembly instructions. These modifications allow
This project is a comprehensive, community-curated directory of cybersecurity resources, tools, and educational materials. It functions as a centralized index for researchers and students to discover frameworks and utilities across the entire security lifecycle, ranging from initial vulnerability assessment to post-exploitation analysis. The repository distinguishes itself through a hierarchical taxonomy that organizes diverse security disciplines into a searchable, version-controlled knowledge base. Rather than hosting software directly, it utilizes a decentralized aggregation model that lin
Pwntools is a Python-based framework designed for rapid prototyping and automation in binary exploitation, reverse engineering, and security research. It serves as a comprehensive toolkit for interacting with local and remote processes, providing the primitives necessary to manage complex exploit workflows and streamline security analysis tasks. The framework distinguishes itself through its specialized capabilities for binary manipulation and automated exploit construction. It includes dedicated utilities for parsing executable file formats, assembling and disassembling machine code, and gen
Dobby is a dynamic function hooking framework and binary instrumentation tool designed to intercept and redirect function calls in compiled binaries. It serves as a cross-platform and cross-architecture library that provides a unified interface for modifying program execution flow across different operating systems and CPU architectures. The library enables low-level binary instrumentation and runtime application instrumentation by injecting custom handlers into live processes. It is used for software reverse engineering to observe real-time data flow and logic by hooking internal functions.