awesome-repositories.com
Blog
awesome-repositories.com

Descoperă cele mai bune repository-uri open source cu căutare AI.

ExploreazăCăutări recomandateAlternative open-sourceSoftware self-hostedBlogHartă site
ProiectDespreCum realizăm clasamentulPresăServer MCP
LegalConfidențialitateTermeni
© 2026 Bringes Technology SRL·VAT RO45896025·hello@awesome-repositories.com
·

36 repository-uri

Awesome GitHub RepositoriesBinary Analysis Tools

Libraries and utilities for inspecting, disassembling, and extracting information from compiled binary files.

Distinguishing note: This category focuses on low-level binary inspection and code extraction, distinct from general-purpose system administration or security auditing.

Explore 36 awesome GitHub repositories matching operating systems & systems programming · Binary Analysis Tools. Refine with filters or upvote what's useful.

Awesome Binary Analysis Tools GitHub Repositories

Găsește cele mai bune repo-uri cu AI.Vom căuta cele mai potrivite repository-uri folosind AI.
  • skylot/jadxAvatar skylot

    skylot/jadx

    49,088Vezi pe GitHub↗

    Jadx is a comprehensive Java decompilation suite designed to transform compiled binary application files into readable source code. It functions as a static analysis workbench, providing a graphical interface for navigating, searching, and inspecting the internal logic of complex software packages. By utilizing a bytecode-to-Java pipeline, the project reconstructs high-level logical structures from low-level binary instructions, making it a primary tool for Android application reverse engineering. The project distinguishes itself through a sophisticated control flow reconstruction engine and

    Provides core components for embedding automated binary-to-source extraction into custom software.

    Javaandroiddecompilerdex
    Vezi pe GitHub↗49,088
  • x64dbg/x64dbgAvatar x64dbg

    x64dbg/x64dbg

    48,652Vezi pe GitHub↗

    This project is a graphical Windows debugger designed for the analysis and manipulation of compiled binary applications. It functions as a comprehensive binary analysis suite, providing a real-time environment for inspecting CPU registers, monitoring memory states, and tracing instruction execution to investigate system-level software behavior. The tool distinguishes itself through an event-driven debugging loop that allows for precise process control and state modification during runtime. It supports advanced analysis techniques, including hardware-breakpoint injection for monitoring memory

    Provides a comprehensive environment for reverse engineering by monitoring memory and registers.

    C++binary-analysisctfcybersecurity
    Vezi pe GitHub↗48,652
  • huihut/interviewAvatar huihut

    huihut/interview

    37,972Vezi pe GitHub↗

    This project is a comprehensive technical knowledge base designed to support developers in mastering systems programming and preparing for technical assessments. It provides a structured collection of fundamental computer science concepts, mapping high-level language constructs to low-level hardware memory layouts, runtime object lifecycles, and system-level operations. The repository distinguishes itself through a hierarchical approach that bridges the gap between theoretical principles and practical implementation. It offers detailed guidance on C++ language mechanisms, standard library usa

    Documents cross-language interoperability and library linking mechanisms to ensure consistent communication between compiled modules.

    C++algorithmccpp
    Vezi pe GitHub↗37,972
  • huiyadanli/revokemsgpatcherAvatar huiyadanli

    huiyadanli/RevokeMsgPatcher

    37,926Vezi pe GitHub↗

    RevokeMsgPatcher is a binary patching utility designed to modify the execution logic of desktop messaging applications. By applying low-level changes to compiled executable files and libraries, the tool enables functionality not natively supported by the original software, specifically focusing on message persistence and process management. The utility distinguishes itself through targeted binary instrumentation and control flow redirection. It identifies specific function patterns and memory offsets within proprietary software to inject custom assembly instructions. These modifications allow

    Identifies specific memory offsets and function patterns within software to locate target code blocks.

    C#hex-editorpatchpc
    Vezi pe GitHub↗37,926
  • 0xd4d/dnspyAvatar 0xd4d

    0xd4d/dnSpy

    29,539Vezi pe GitHub↗

    dnSpy is a specialized toolset for the reverse engineering, analysis, and modification of compiled .NET binaries. It functions as a decompiler that converts assemblies back into readable high-level source code, an assembly editor for modifying bytecode and metadata, and a debugger for inspecting compiled binaries. The project integrates a hex editor specifically for inspecting and modifying raw bytes and Common Intermediate Language structures. It allows for the direct modification of binary contents to change application behavior without requiring the original project source files. The tool

    Inspects compiled binaries to understand application logic and execution flow when original source code is missing.

    C#
    Vezi pe GitHub↗29,539
  • dnspy/dnspyAvatar dnSpy

    dnSpy/dnSpy

    28,993Vezi pe GitHub↗

    dnSpy is a desktop application designed for the analysis, debugging, and modification of compiled .NET assemblies. It functions as an assembly analysis suite and decompiler, translating binary instruction streams back into readable source code to facilitate reverse engineering when original source files are unavailable. The tool distinguishes itself through an integrated binary patching engine and metadata editor, which allow for the direct modification of executable logic and internal metadata tables. It supports in-process debugging instrumentation, enabling users to inject runtime hooks, s

    Provides a comprehensive toolkit for exploring internal organization of compiled software.

    C#
    Vezi pe GitHub↗28,993
  • radare/radare2Avatar radare

    radare/radare2

    24,129Vezi pe GitHub↗

    radare2 is a reverse engineering framework and binary analysis toolset. It functions as a multi-architecture disassembler, low-level binary debugger, and hexadecimal editor for inspecting executable structures and interpreting machine code when original source files are unavailable. The framework provides capabilities for decompiling machine instructions, performing symbolic analysis, and diffing binary files to identify structural changes across versions. It also includes a digital forensic analyzer and disk analyzer for browsing filesystem formats in userland. The toolset supports binary p

    Ships a comprehensive toolset for inspecting, disassembling, and extracting information from compiled binary files.

    C
    Vezi pe GitHub↗24,129
  • radareorg/radare2Avatar radareorg

    radareorg/radare2

    23,120Vezi pe GitHub↗

    Radare2 is a comprehensive framework for reverse engineering and analyzing compiled software. It provides a command-line environment designed for disassembling, debugging, and patching binary executables across a wide range of processor architectures and operating systems. The system distinguishes itself through a modular, plugin-based architecture that supports cross-platform analysis and automated workflows. It utilizes memory-mapped file access to enable efficient structural inspection and modification of binaries without requiring full file loads. By lifting machine instructions into a un

    Examines file formats to identify symbols, strings, and function entry points for mapping internal binary layouts.

    Cbinary-analysisccommandline
    Vezi pe GitHub↗23,120
  • iovisor/bccAvatar iovisor

    iovisor/bcc

    22,459Vezi pe GitHub↗

    BCC is an eBPF development toolkit and tracing framework used for monitoring and analyzing the Linux kernel. It functions as a performance analysis tool and debugging utility to capture system events, measure kernel latency, and provide network observability. The project distinguishes itself by providing a build system that integrates with LLVM to compile C-like code into BPF bytecode at runtime. It utilizes BPF Type Format data for relocations to maintain cross-kernel compatibility and extracts kernel headers to ensure the generated programs match the specific kernel version. The toolkit co

    Implements runtime relocation logic using BPF Type Format data to ensure cross-kernel compatibility.

    C
    Vezi pe GitHub↗22,459
  • frida/fridaAvatar frida

    frida/frida

    19,778Vezi pe GitHub↗

    Frida is a dynamic binary instrumentation toolkit that provides a framework for deep process introspection and live application state manipulation. It enables the injection of custom scripts into running processes to trace function calls, modify memory, and analyze application behavior in real-time across diverse operating systems and processor architectures. The project distinguishes itself by embedding a high-performance JavaScript engine directly within the target process, allowing for the execution of user-defined logic for real-time inspection. It utilizes instruction-level hooking to re

    Provides mechanisms for dynamically adjusting memory addresses and registers to ensure stability during cross-architecture binary injection.

    Mesonfridainstrumentationvala
    Vezi pe GitHub↗19,778
  • rizinorg/cutterAvatar rizinorg

    rizinorg/cutter

    18,957Vezi pe GitHub↗

    Cutter is a binary analysis platform and graphical user interface for the Rizin reverse engineering framework. It provides an environment for analyzing the internal logic and data structures of compiled binaries through integrated disassembly and visualization. The platform supports a containerized deployment model to provide isolated environments for binary analysis, which is used to examine suspicious binaries without risking the host system. It is an extensible security tool that allows for the addition of custom analysis capabilities and visualizers via native plugins and scripts. The to

    Runs analysis tools inside containers with mapped files to ensure consistent and secure execution.

    C++
    Vezi pe GitHub↗18,957
  • rui314/moldAvatar rui314

    rui314/mold

    16,190Vezi pe GitHub↗

    Mold is a high-performance linker designed to replace standard system tools for the creation of executable binaries and shared libraries. It functions as a drop-in replacement for existing linkers, focusing on accelerating the final build phase of large software projects to improve developer productivity. The tool achieves its performance by utilizing multi-threaded processing to distribute the linking of object files across multiple CPU cores. It supports cross-architecture binary linking, allowing it to process compiled files for diverse platforms efficiently. By intercepting standard linke

    Processes compiled object files into executable binaries efficiently across multiple CPU architectures to speed up development cycles.

    C++
    Vezi pe GitHub↗16,190
  • gallopsled/pwntoolsAvatar Gallopsled

    Gallopsled/pwntools

    13,271Vezi pe GitHub↗

    Pwntools is a Python-based framework designed for rapid prototyping and automation in binary exploitation, reverse engineering, and security research. It serves as a comprehensive toolkit for interacting with local and remote processes, providing the primitives necessary to manage complex exploit workflows and streamline security analysis tasks. The framework distinguishes itself through its specialized capabilities for binary manipulation and automated exploit construction. It includes dedicated utilities for parsing executable file formats, assembling and disassembling machine code, and gen

    Offers a suite of tools for parsing, inspecting, and extracting information from compiled binary files.

    Pythonassemblybsdcapture-the-flag
    Vezi pe GitHub↗13,271
  • horsicq/detect-it-easyAvatar horsicq

    horsicq/Detect-It-Easy

    10,266Vezi pe GitHub↗

    Detect-It-Easy is a binary file identifier and analysis toolkit designed to determine file formats, compilers, and packers. It functions as a binary file identifier that utilizes signature matching and heuristic analysis to identify executable and archive formats. The project includes a custom file signature engine and a scriptable rule system for defining and applying detection logic to identify specific binary patterns. It features specialized detectors for Android packages, such as APK and DEX files, and a malware packer detector to identify protections, obfuscators, and virus families. T

    Offers a comprehensive set of utilities for opcode calculation, debug symbol extraction, and system structure inspection.

    JavaScriptbinary-analysisdebuggerdetect
    Vezi pe GitHub↗10,266
  • virustotal/yaraAvatar VirusTotal

    VirusTotal/yara

    9,420Vezi pe GitHub↗

    YARA is a pattern matching engine and binary analysis tool used to identify and classify malware samples. It functions as a malware research framework that allows for the definition of file descriptions and detection rules to find indicators of compromise within binaries. The system enables the creation of custom detection rules using strings, wildcards, and regular expressions. These rules use boolean logic to match textual or binary patterns, allowing for the classification of files into specific malware families and the automation of threat intelligence. The engine utilizes Aho-Corasick s

    Provides a utility for inspecting the contents of binaries to find indicators of compromise.

    Cyara
    Vezi pe GitHub↗9,420
  • capstone-engine/capstoneAvatar capstone-engine

    capstone-engine/capstone

    8,858Vezi pe GitHub↗

    Capstone is a multi-architecture disassembly framework and binary analysis engine. It translates raw machine code from various CPU architectures, such as x86, ARM, and RISC-V, into human-readable assembly instructions. The engine distinguishes itself by providing instruction semantic decomposition, which lists implicit registers read and written, and the ability to customize instruction mnemonics to meet specific technical analysis standards. It also features resilient stream disassembly, allowing the process to resynchronize and continue after encountering invalid instructions or embedded da

    Decomposes machine instructions into granular semantics and extracts detailed operand and register access information.

    Carmarm64bpf
    Vezi pe GitHub↗8,858
  • aquynh/capstoneAvatar aquynh

    aquynh/capstone

    8,839Vezi pe GitHub↗

    Capstone is a multi-architecture disassembly framework and binary translation system. It converts binary machine code into human-readable assembly instructions for a wide variety of hardware instruction set architectures and virtual machines. The framework supports a diverse range of targets, including x86, ARM, RISC-V, and MIPS, as well as virtual machine environments like WebAssembly and the Ethereum Virtual Machine. It functions as an instruction analysis tool capable of extracting granular decomposition data and semantic information from disassembled code. The engine is designed for low-

    Provides a lightweight binary analysis engine designed for use in firmware or operating system kernels.

    C
    Vezi pe GitHub↗8,839
  • hugsy/gefAvatar hugsy

    hugsy/gef

    8,020Vezi pe GitHub↗

    GEF is a Python-based extension for GDB that serves as a framework for binary analysis, exploit development, and low-level debugging. It functions as a dynamic analysis extension designed to assist in reverse engineering workflows and malware analysis by enhancing the debugger's ability to inspect process state and memory. The project is distinguished by its specialized heap analysis tools, which allow for the inspection of glibc heap arenas, bins, and chunks to detect memory corruption. It also provides a dedicated toolkit for exploit development, including cyclic pattern generation for offs

    Executes analysis tasks across various CPU architectures using a unified and extensible interface.

    Pythonbinary-ninjactfdebugging
    Vezi pe GitHub↗8,020
  • n64recomp/n64recompAvatar N64Recomp

    N64Recomp/N64Recomp

    7,877Vezi pe GitHub↗

    N64Recomp is a static recompiler and binary-to-C translator designed to convert Nintendo 64 machine code and MIPS architecture binaries into C source code. This system functions as a game console decompiler that enables the native execution of legacy binaries on modern platforms by eliminating the need for runtime interpreters. The project distinguishes itself by translating specialized RSP microcode into executable source code to replace traditional microcode emulation. It employs a system of relocation macros and lookup tables to resolve relocatable memory overlays and dynamic program secti

    Uses relocation macros and lookup tables to resolve dynamic memory addresses for relocatable program overlays.

    C++
    Vezi pe GitHub↗7,877
  • google/android-classysharkAvatar google

    google/android-classyshark

    7,565Vezi pe GitHub↗

    Android Classyshark is a binary analysis toolset designed to extract structural data from Android executable files. It functions as a bytecode viewer and binary XML parser to analyze compiled Java and Android binaries. The project converts binary XML files into readable formats for the inspection of application manifests, layouts, and resource files. It also provides the ability to analyze class interfaces, members, and dependency counts without requiring access to the original source code. The toolset supports static analysis and the export of binary information into plain text formats for

    Provides a suite for extracting structural data from Android executable files for external tools and CI pipelines.

    Java
    Vezi pe GitHub↗7,565
Înapoi12Înainte
  1. Home
  2. Operating Systems & Systems Programming
  3. Binary Analysis Capabilities
  4. Binary Analysis Tools

Explorează sub-etichetele

  • Binary Difference Analysis1 sub-tagAnalyzing compiled binaries to identify specific content changes between different versions. **Distinct from Binary Analysis Tools:** Focuses on comparing two versions of a binary rather than general inspection or disassembly.
  • Cross-Architecture Analysis Tools5 sub-tag-uriTools for analyzing and disassembling binaries across multiple processor architectures. **Distinct from Binary Analysis Tools:** Distinct from general binary analysis tools: focuses on the cross-architecture capability within a unified environment.
  • Isolated Environments1 sub-tagContainerized runtimes for executing binary analysis tools securely and consistently. **Distinct from Binary Analysis Tools:** Focuses on the isolation and deployment environment of the tools rather than the analysis techniques themselves