30 open-source projects similar to qilingframework/qiling, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best Qiling alternative.
Blink is a JIT-based instruction emulator and x86-64 Linux emulator designed to run Linux binaries and ELF files across different host operating systems and architectures. It functions as a binary execution sandbox and system call simulator, providing a controlled environment for running programs. The project distinguishes itself with a terminal user interface for monitoring execution, managing breakpoints, and visualizing JIT compilation paths. It supports self-modifying code through a cache-invalidating memory model and provides execution environment isolation using restricted directory ove
capa is a static analysis tool that scans executable files to identify what a program can do, detecting capabilities such as API calls, byte sequences, and structural patterns without executing the code. It supports multiple file formats including PE, ELF, .NET, and shellcode, and can also process runtime behavior traces from sandbox reports generated by CAPE, DRAKVUF, or VMRay. The tool integrates directly with reverse engineering environments through plugins for IDA Pro and Ghidra, allowing analysts to view capability matches and author detection rules within their disassembler of choice. C
Angr is a binary analysis framework and static analysis tool used for reverse engineering compiled binaries. It serves as a binary decompiler and a lifting platform that translates machine code into a common intermediate representation to enable cross-architecture analysis. The framework integrates a symbolic execution engine and constraint solvers to determine the inputs required to reach specific program states. It also employs untrusted code sandboxing to isolate guest code from the host environment during analysis. Its capabilities cover control flow and data flow analysis, including the
Unicorn is a multi-architecture CPU emulation framework and library that utilizes just-in-time compilation to execute instructions across various processor architectures, including ARM, x86, and RISC-V. It functions as both a JIT compilation engine and an instrumentation tool, allowing for the execution of machine code without the need for physical hardware. The framework is distinguished by its hook-based execution instrumentation, which enables the interception of specific instructions and memory accesses to trigger custom callback functions. It provides a language-agnostic binding layer an
edk2 is a development project for creating system firmware that complies with the UEFI specification. It provides the necessary infrastructure to initialize hardware platforms and boot operating systems across multiple CPU architectures. The project utilizes a modular firmware architecture that decouples high-level management protocols from physical transport layers. It implements critical security features, including a measured boot chain, cryptographic primitives for image authentication, and support for Trusted Platform Module hardware and software implementations. Its capability surface
Dobby is a dynamic function hooking framework and binary instrumentation tool designed to intercept and redirect function calls in compiled binaries. It serves as a cross-platform and cross-architecture library that provides a unified interface for modifying program execution flow across different operating systems and CPU architectures. The library enables low-level binary instrumentation and runtime application instrumentation by injecting custom handlers into live processes. It is used for software reverse engineering to observe real-time data flow and logic by hooking internal functions.
Fishhook is a binary instrumentation library for iOS and iOS simulators. It functions as a Mach-O symbol rebinder and instrumenter, allowing for the replacement of system library implementations with custom logic at runtime. The project redirects function calls by updating lazy and non-lazy symbol pointers within Mach-O binary data segments. This approach enables the interception and modification of existing function behavior without altering the original binary on disk. The toolset covers binary instrumentation and dynamic hooking for iOS applications, facilitating the monitoring and altera
MusicBrainz Picard is a metadata tagger and audio tag editor that identifies and tags audio files using the MusicBrainz community music database. It functions as a plugin-extensible tagging framework and a scriptable file organizer capable of reading and writing tags across various audio formats including MP3, FLAC, and WAV. The project is distinguished by its acoustic fingerprint identifier, which matches unknown music files to known recordings via sonic fingerprints. It features a custom scripting language for automating metadata transformations and organizing files into structured folder h
CodeMirror 5 is a browser-based code editor and extensible UI component. It functions as a syntax highlighting engine and a programmable text surface, providing a professional coding experience embedded within web pages. The project is distinguished by its ability to act as a collaborative text editor, synchronizing document changes across multiple users in real time. It also includes a dedicated Vim emulation layer that implements modal keyboard interactions, motions, and operators. The system covers broad capability areas including language support for autocompletion and error analysis, co
AFL is a coverage-guided fuzzer and security vulnerability scanner used to identify software bugs and memory corruption by feeding programs mutated data. It functions as a binary instrumentation tool and a test case minimizer to locate crashes and isolate the smallest set of bytes causing a fault. The project distinguishes itself through its ability to operate as a parallel fuzzing orchestrator, distributing workloads across multiple CPU cores or networked machines. It utilizes dictionary-based mutation for complex file formats and performs input sensitivity analysis to identify critical sect
OctoBot is an open-source automated trading platform that connects to over 15 cryptocurrency exchanges, enabling users to deploy grid, dollar-cost averaging, market-making, and AI-driven trading strategies. It functions as a unified multi-exchange trading platform, a TradingView alert executor, and a crypto trading bot, all within a single system. The platform is built on an event-driven trading loop with a plugin-based strategy engine, an exchange-agnostic connector layer, and a cloud-synced profile store for multi-device consistency. What distinguishes OctoBot is its integration of large la
xHook is a low-level instrumenter and hooking library for Android ELF binaries. It functions as a framework for intercepting native symbols and redirecting function calls by modifying the procedure linkage table. The tool utilizes regular expressions to filter specific binary files and symbols for interception. It enables the redirection of native calls toward custom function implementations without altering the original binary files. The framework covers dynamic symbol resolution, ELF table modification, and security analysis of native libraries. It also includes stability mechanisms that u
WeChatOpenDevTools-Python is a set of software utilities designed to bypass environment restrictions to enable debugging and element inspection for web and mini program applications. It functions as a developer tool unlocker and web inspector activator to force the activation of integrated inspection tools. The project provides specialized capabilities for debugging and reverse engineering WeChat mini programs. This includes the ability to access hidden developer consoles to analyze the structure, network requests, and behavior of active mini programs and web content. These utilities utilize
This project is a metadata plugin for Emby that functions as a specialized media scraper. Its primary purpose is to automatically fetch movie details and images from external databases to populate adult media libraries. The tool identifies video content by extracting unique product identification codes from filenames, which it then uses to match media files to the correct database entries. This process automates the retrieval of detailed metadata and cover art, removing the need for manual data entry. The plugin integrates into the media server's metadata provider pipeline, using asynchronou
Android Classyshark is a binary analysis toolset designed to extract structural data from Android executable files. It functions as a bytecode viewer and binary XML parser to analyze compiled Java and Android binaries. The project converts binary XML files into readable formats for the inspection of application manifests, layouts, and resource files. It also provides the ability to analyze class interfaces, members, and dependency counts without requiring access to the original source code. The toolset supports static analysis and the export of binary information into plain text formats for
Qira is a binary analysis platform and execution tracer that records every instruction and data access during program execution for interactive playback and debugging. It functions as a runtime analysis environment that uses QEMU to trace execution and inspect memory and register states. The system provides a binary static analysis tool that maps program structure and annotates instructions based on captured runtime data. It includes a runtime memory analyzer to monitor reads and writes to specific addresses and an interactive debugger for navigating execution timelines. The platform covers
Atom is an extensible code IDE and hackable text editor designed for source code editing and the creation of custom development environments. It functions as a syntax highlighting editor and a version control integrated editor that tracks file changes and synchronizes code with remote repositories. The editor allows for the modification of its own core functionality and supports a package-based plugin system for creating custom themes and snippets. It also serves as a Markdown preview editor, providing side-by-side visual rendering for content authoring. The platform includes capabilities fo
webpack-dashboard is a terminal-based build monitor and asset viewer designed for the Webpack development process. It provides a command line interface to track compilation status, monitor development server activity, and organize build errors for debugging. The tool integrates as a Webpack plugin to intercept compilation events and extract asset metadata. It utilizes a terminal-UI layout engine and state-driven rendering to display build progress and logs in a structured grid of dynamic windows. The system includes capabilities for real-time build log visualization and asset filtering using
Compiler Explorer is an online tool and analysis platform used to translate source code into assembly in real time. It functions as a cross-compiler analysis tool, allowing users to examine how various compilers and versions translate the same source code into machine code to analyze optimizations and generation patterns. The platform supports low-level language debugging and the comparison of assembly output across different compiler toolchains. It also provides a self-hosted environment option for users who need to run private deployments with custom binaries or operate within secure offlin
CKAN is an open-source data management platform that provides the foundation for building data portals. It supports the full lifecycle of datasets—from creation and organization to publishing, cataloging with faceted search, and interactive data visualization—all through a web interface. The platform is built on a modular architecture that includes a plugin-based extensibility system, a harvesting framework for importing metadata from external sources, and a standardized RESTful JSON API for programmatic access to datasets and metadata. The web interface is rendered using the Jinja2 templatin
CodeEdit is an open-source integrated development environment and native macOS code editor. It provides a workspace for writing and modifying source code, combining a text editor with project management tools. The editor is built specifically for macOS using native frameworks to ensure performance. It features a plugin system that allows for the addition of specialized features and custom logic to extend the editing experience. The environment includes an integrated terminal emulator for executing development commands and debugging tools. It also provides project-wide file indexing for globa
CodeMirror is a browser-based code editor and extensible text editor framework. It functions as a programmable interface for rendering code and text with support for numerous programming languages, serving as a reusable component for web-based integrated development environments. The project provides a syntax highlighting engine that applies visual styles to text based on programming language rules. It includes a programming API and a CSS theming system to customize the editor's appearance and extend its functionality with custom behaviors. The framework covers capabilities for embedding tex
go-fuzz is a coverage-guided randomized testing tool for identifying crashes and logic bugs in Go code. It consists of a fuzzer that evolves random inputs based on code execution paths, an instrumentation tool that produces binaries for tracking coverage, and a seed corpus manager. The tool utilizes compile-time binary instrumentation to monitor branch coverage and employs a feedback-driven mutation loop to prioritize inputs that reach new sections of the codebase. It includes capabilities for comparative differential testing to identify logic errors by executing different implementations of
EmDash is an open-source content management system built on Astro that combines a visual admin panel with a plugin-driven architecture and server-side rendering. It provides a complete content management system with structured content modeling, a rich text editor using Portable Text format, and a TypeScript API for type-safe content queries. The system supports authentication through passkeys, OAuth 2.1, and external providers, with role-based access control and fine-grained permission scopes. What distinguishes EmDash is its plugin development framework, which supports both native plugins ru
This project is a suite of runtime diagnostic tools designed to detect memory leaks, concurrency races, and language-specification violations during software execution. It provides a collection of dynamic analysis tools that identify addressability issues, uninitialized memory usage, and memory safety bugs in applications. The toolset includes a thread safety analyzer to identify data races and deadlocks in concurrent code, as well as an undefined behavior sanitizer to detect operations that violate language specifications. The system covers broad capabilities in memory safety monitoring and
This project is a self-hosted community engine and forum software designed for hosting threaded discussions. It functions as a JSON API community platform, exposing all data and functionality through a standardized interface to support a single-page application architecture. The system is built to be a multi-language discussion board with integrated localization and language pack support. The platform is defined by a modular architecture that allows for extensive customization through an extension-based plugin system. This extensibility enables the modification of core behavior, the addition
Docsify is a client-side documentation framework and no-build static site generator. It functions as a browser-based engine that converts Markdown files into HTML on the fly, allowing for the generation of documentation websites without a static build or compilation process. The system employs a plugin interface and lifecycle hooks to modify the rendering process and extend site capabilities. It supports dynamic theme injection and visual style customization through external CSS and layout configurations. The framework includes capabilities for multi-language content management, full-text se
Craco is a configuration layer for Create React App that modifies Webpack and Jest settings without requiring the project to eject. It functions as a build tool plugin system and configuration manager, allowing for the injection of custom settings and third-party logic into the frontend build pipeline. The project utilizes a hook-based architecture and non-destructive configuration merging to override default settings. This allows for Webpack configuration overrides and Jest configuration tuning while maintaining the original source files. The system covers a broad range of build pipeline ex
Bloaty is a binary size profiler and executable format analyzer that attributes every byte of a binary to specific symbols or compile units. It functions as a compilation unit profiler and C++ symbol demangler, mapping binary size back to source files and translating mangled names into human-readable formats. The project distinguishes itself as a binary diffing tool capable of comparing two versions of a binary to isolate specific symbols or sections responsible for size regressions. It provides specialized support for recovering symbols in stripped binaries by associating them with external