9 个仓库
Tools for analyzing, disassembling, and profiling compiled binaries.
Explore 9 awesome GitHub repositories matching part of an awesome list · Binary and Reverse Engineering. Refine with filters or upvote what's useful.
radare2 is a reverse engineering framework and binary analysis toolset. It functions as a multi-architecture disassembler, low-level binary debugger, and hexadecimal editor for inspecting executable structures and interpreting machine code when original source files are unavailable. The framework provides capabilities for decompiling machine instructions, performing symbolic analysis, and diffing binary files to identify structural changes across versions. It also includes a digital forensic analyzer and disk analyzer for browsing filesystem formats in userland. The toolset supports binary p
Provides a comprehensive framework for analyzing, disassembling, and profiling compiled binaries.
Il2CppDumper is a reverse engineering tool that recovers original .NET assembly structure from Unity games compiled with il2cpp. It parses il2cpp binaries across multiple executable formats including ELF, Mach-O, PE, NSO, and WASM, and reconstructs the original DLL structure from embedded metadata tables, enabling decompilation and analysis of game code. The tool generates disassembler scripts for IDA, Ghidra, and Binary Ninja that apply recovered type definitions and structure layouts to the binary analysis. It also strips protection layers from memory-dumped libil2cpp.so files and simple PE
Recovers Unity game code from il2cpp binaries by reconstructing DLL structure and generating disassembler scripts.
Capstone is a multi-architecture disassembly framework and binary analysis engine. It translates raw machine code from various CPU architectures, such as x86, ARM, and RISC-V, into human-readable assembly instructions. The engine distinguishes itself by providing instruction semantic decomposition, which lists implicit registers read and written, and the ability to customize instruction mnemonics to meet specific technical analysis standards. It also features resilient stream disassembly, allowing the process to resynchronize and continue after encountering invalid instructions or embedded da
Facilitates reverse engineering by decomposing instructions into granular semantics and extracting operand details.
Android Classyshark is a binary analysis toolset designed to extract structural data from Android executable files. It functions as a bytecode viewer and binary XML parser to analyze compiled Java and Android binaries. The project converts binary XML files into readable formats for the inspection of application manifests, layouts, and resource files. It also provides the ability to analyze class interfaces, members, and dependency counts without requiring access to the original source code. The toolset supports static analysis and the export of binary information into plain text formats for
Analyzes compiled Java and Android binaries to understand internal structures and dependencies.
capa is a static analysis tool that scans executable files to identify what a program can do, detecting capabilities such as API calls, byte sequences, and structural patterns without executing the code. It supports multiple file formats including PE, ELF, .NET, and shellcode, and can also process runtime behavior traces from sandbox reports generated by CAPE, DRAKVUF, or VMRay. The tool integrates directly with reverse engineering environments through plugins for IDA Pro and Ghidra, allowing analysts to view capability matches and author detection rules within their disassembler of choice. C
Analyzes PE, ELF, .NET, and shellcode files to extract program capabilities and code features.
A True Instrumentable Binary Emulation Framework
Emulates and debugs binaries across architectures with reverse execution and state snapshots.
unidbg 是一个用于在宿主机上模拟和调试 ARM32 和 ARM64 原生二进制文件的框架。它充当 Android 和 iOS 二进制调试器和原生库模拟器,允许在无需物理硬件的情况下执行原生代码。 该项目通过原生函数 Hook 框架和模型上下文协议 (MCP) 调试工具脱颖而出,该工具将模拟器状态暴露给 AI 助手以进行自动化二进制分析。它还包括一个专门的内存分析器,用于跟踪访客端分配并识别原生二进制文件中的泄漏。 该工具集涵盖了多个功能领域,包括原生代码逆向工程、指令级执行跟踪和 JNI 桥接模拟。它通过内存读/写日志和控制台调试器提供可观测性,同时利用线程安全的模拟器池来减少初始化开销。
Provides tools for analyzing, disassembling, and profiling compiled native binaries.
Qira 是一个二进制分析平台和执行跟踪器,记录程序执行期间的每一条指令和数据访问,以进行交互式回放和调试。它作为一个运行时分析环境,使用 QEMU 来跟踪执行并检查内存和寄存器状态。 该系统提供了一个二进制静态分析工具,用于映射程序结构并根据捕获的运行时数据注释指令。它包括一个用于监视对特定地址的读取和写入的运行时内存分析器,以及一个用于导航执行时间线的交互式调试器。 该平台涵盖了二进制跟踪可视化和逆向工程工作流,结合了内存状态快照和指令级事件日志记录。它进一步支持数据访问分析和维护用于记录二进制代码的地址映射注释数据库。
Supports annotating binary code and mapping program structure through combined static and runtime analysis.
Lockdoor-Framework is a modular penetration testing suite designed to facilitate comprehensive security assessments through a centralized command-line interface. It functions as an integrated platform for reconnaissance, vulnerability scanning, and the exploitation of target systems, providing a unified environment for managing complex security workflows. The framework distinguishes itself through a modular plugin architecture that allows for the extension of core capabilities without modifying the underlying codebase. It incorporates an automated reconnaissance pipeline to map attack surface
Examines compiled software using reverse engineering and debugging techniques to identify hidden malicious behavior or vulnerabilities.