awesome-repositories.com
博客
awesome-repositories.com

通过 AI 驱动的搜索,发现最优秀的开源仓库。

探索精选搜索开源替代品自托管软件博客网站地图
项目关于排名机制媒体报道MCP 服务器
法律隐私政策服务条款
© 2026 Bringes Technology SRL·VAT RO45896025·hello@awesome-repositories.com
·

36 个仓库

Awesome GitHub RepositoriesBinary Analysis Tools

Libraries and utilities for inspecting, disassembling, and extracting information from compiled binary files.

Distinguishing note: This category focuses on low-level binary inspection and code extraction, distinct from general-purpose system administration or security auditing.

Explore 36 awesome GitHub repositories matching operating systems & systems programming · Binary Analysis Tools. Refine with filters or upvote what's useful.

Awesome Binary Analysis Tools GitHub Repositories

用 AI 发现最棒的仓库。我们将通过 AI 为您搜索最匹配的仓库。
  • skylot/jadxskylot 的头像

    skylot/jadx

    49,088在 GitHub 上查看↗

    Jadx is a comprehensive Java decompilation suite designed to transform compiled binary application files into readable source code. It functions as a static analysis workbench, providing a graphical interface for navigating, searching, and inspecting the internal logic of complex software packages. By utilizing a bytecode-to-Java pipeline, the project reconstructs high-level logical structures from low-level binary instructions, making it a primary tool for Android application reverse engineering. The project distinguishes itself through a sophisticated control flow reconstruction engine and

    Provides core components for embedding automated binary-to-source extraction into custom software.

    Javaandroiddecompilerdex
    在 GitHub 上查看↗49,088
  • x64dbg/x64dbgx64dbg 的头像

    x64dbg/x64dbg

    48,652在 GitHub 上查看↗

    This project is a graphical Windows debugger designed for the analysis and manipulation of compiled binary applications. It functions as a comprehensive binary analysis suite, providing a real-time environment for inspecting CPU registers, monitoring memory states, and tracing instruction execution to investigate system-level software behavior. The tool distinguishes itself through an event-driven debugging loop that allows for precise process control and state modification during runtime. It supports advanced analysis techniques, including hardware-breakpoint injection for monitoring memory

    Provides a comprehensive environment for reverse engineering by monitoring memory and registers.

    C++binary-analysisctfcybersecurity
    在 GitHub 上查看↗48,652
  • huihut/interviewhuihut 的头像

    huihut/interview

    37,972在 GitHub 上查看↗

    This project is a comprehensive technical knowledge base designed to support developers in mastering systems programming and preparing for technical assessments. It provides a structured collection of fundamental computer science concepts, mapping high-level language constructs to low-level hardware memory layouts, runtime object lifecycles, and system-level operations. The repository distinguishes itself through a hierarchical approach that bridges the gap between theoretical principles and practical implementation. It offers detailed guidance on C++ language mechanisms, standard library usa

    Documents cross-language interoperability and library linking mechanisms to ensure consistent communication between compiled modules.

    C++algorithmccpp
    在 GitHub 上查看↗37,972
  • huiyadanli/revokemsgpatcherhuiyadanli 的头像

    huiyadanli/RevokeMsgPatcher

    37,926在 GitHub 上查看↗

    RevokeMsgPatcher is a binary patching utility designed to modify the execution logic of desktop messaging applications. By applying low-level changes to compiled executable files and libraries, the tool enables functionality not natively supported by the original software, specifically focusing on message persistence and process management. The utility distinguishes itself through targeted binary instrumentation and control flow redirection. It identifies specific function patterns and memory offsets within proprietary software to inject custom assembly instructions. These modifications allow

    Identifies specific memory offsets and function patterns within software to locate target code blocks.

    C#hex-editorpatchpc
    在 GitHub 上查看↗37,926
  • 0xd4d/dnspy0xd4d 的头像

    0xd4d/dnSpy

    29,539在 GitHub 上查看↗

    dnSpy is a specialized toolset for the reverse engineering, analysis, and modification of compiled .NET binaries. It functions as a decompiler that converts assemblies back into readable high-level source code, an assembly editor for modifying bytecode and metadata, and a debugger for inspecting compiled binaries. The project integrates a hex editor specifically for inspecting and modifying raw bytes and Common Intermediate Language structures. It allows for the direct modification of binary contents to change application behavior without requiring the original project source files. The tool

    Inspects compiled binaries to understand application logic and execution flow when original source code is missing.

    C#
    在 GitHub 上查看↗29,539
  • dnspy/dnspydnSpy 的头像

    dnSpy/dnSpy

    28,993在 GitHub 上查看↗

    dnSpy is a desktop application designed for the analysis, debugging, and modification of compiled .NET assemblies. It functions as an assembly analysis suite and decompiler, translating binary instruction streams back into readable source code to facilitate reverse engineering when original source files are unavailable. The tool distinguishes itself through an integrated binary patching engine and metadata editor, which allow for the direct modification of executable logic and internal metadata tables. It supports in-process debugging instrumentation, enabling users to inject runtime hooks, s

    Provides a comprehensive toolkit for exploring internal organization of compiled software.

    C#
    在 GitHub 上查看↗28,993
  • radare/radare2radare 的头像

    radare/radare2

    24,129在 GitHub 上查看↗

    radare2 is a reverse engineering framework and binary analysis toolset. It functions as a multi-architecture disassembler, low-level binary debugger, and hexadecimal editor for inspecting executable structures and interpreting machine code when original source files are unavailable. The framework provides capabilities for decompiling machine instructions, performing symbolic analysis, and diffing binary files to identify structural changes across versions. It also includes a digital forensic analyzer and disk analyzer for browsing filesystem formats in userland. The toolset supports binary p

    Ships a comprehensive toolset for inspecting, disassembling, and extracting information from compiled binary files.

    C
    在 GitHub 上查看↗24,129
  • radareorg/radare2radareorg 的头像

    radareorg/radare2

    23,120在 GitHub 上查看↗

    Radare2 is a comprehensive framework for reverse engineering and analyzing compiled software. It provides a command-line environment designed for disassembling, debugging, and patching binary executables across a wide range of processor architectures and operating systems. The system distinguishes itself through a modular, plugin-based architecture that supports cross-platform analysis and automated workflows. It utilizes memory-mapped file access to enable efficient structural inspection and modification of binaries without requiring full file loads. By lifting machine instructions into a un

    Examines file formats to identify symbols, strings, and function entry points for mapping internal binary layouts.

    Cbinary-analysisccommandline
    在 GitHub 上查看↗23,120
  • iovisor/bcciovisor 的头像

    iovisor/bcc

    22,459在 GitHub 上查看↗

    BCC is an eBPF development toolkit and tracing framework used for monitoring and analyzing the Linux kernel. It functions as a performance analysis tool and debugging utility to capture system events, measure kernel latency, and provide network observability. The project distinguishes itself by providing a build system that integrates with LLVM to compile C-like code into BPF bytecode at runtime. It utilizes BPF Type Format data for relocations to maintain cross-kernel compatibility and extracts kernel headers to ensure the generated programs match the specific kernel version. The toolkit co

    Implements runtime relocation logic using BPF Type Format data to ensure cross-kernel compatibility.

    C
    在 GitHub 上查看↗22,459
  • frida/fridafrida 的头像

    frida/frida

    19,778在 GitHub 上查看↗

    Frida is a dynamic binary instrumentation toolkit that provides a framework for deep process introspection and live application state manipulation. It enables the injection of custom scripts into running processes to trace function calls, modify memory, and analyze application behavior in real-time across diverse operating systems and processor architectures. The project distinguishes itself by embedding a high-performance JavaScript engine directly within the target process, allowing for the execution of user-defined logic for real-time inspection. It utilizes instruction-level hooking to re

    Provides mechanisms for dynamically adjusting memory addresses and registers to ensure stability during cross-architecture binary injection.

    Mesonfridainstrumentationvala
    在 GitHub 上查看↗19,778
  • rizinorg/cutterrizinorg 的头像

    rizinorg/cutter

    18,957在 GitHub 上查看↗

    Cutter is a binary analysis platform and graphical user interface for the Rizin reverse engineering framework. It provides an environment for analyzing the internal logic and data structures of compiled binaries through integrated disassembly and visualization. The platform supports a containerized deployment model to provide isolated environments for binary analysis, which is used to examine suspicious binaries without risking the host system. It is an extensible security tool that allows for the addition of custom analysis capabilities and visualizers via native plugins and scripts. The to

    Runs analysis tools inside containers with mapped files to ensure consistent and secure execution.

    C++
    在 GitHub 上查看↗18,957
  • rui314/moldrui314 的头像

    rui314/mold

    16,190在 GitHub 上查看↗

    Mold is a high-performance linker designed to replace standard system tools for the creation of executable binaries and shared libraries. It functions as a drop-in replacement for existing linkers, focusing on accelerating the final build phase of large software projects to improve developer productivity. The tool achieves its performance by utilizing multi-threaded processing to distribute the linking of object files across multiple CPU cores. It supports cross-architecture binary linking, allowing it to process compiled files for diverse platforms efficiently. By intercepting standard linke

    Processes compiled object files into executable binaries efficiently across multiple CPU architectures to speed up development cycles.

    C++
    在 GitHub 上查看↗16,190
  • gallopsled/pwntoolsGallopsled 的头像

    Gallopsled/pwntools

    13,271在 GitHub 上查看↗

    Pwntools is a Python-based framework designed for rapid prototyping and automation in binary exploitation, reverse engineering, and security research. It serves as a comprehensive toolkit for interacting with local and remote processes, providing the primitives necessary to manage complex exploit workflows and streamline security analysis tasks. The framework distinguishes itself through its specialized capabilities for binary manipulation and automated exploit construction. It includes dedicated utilities for parsing executable file formats, assembling and disassembling machine code, and gen

    Offers a suite of tools for parsing, inspecting, and extracting information from compiled binary files.

    Pythonassemblybsdcapture-the-flag
    在 GitHub 上查看↗13,271
  • horsicq/detect-it-easyhorsicq 的头像

    horsicq/Detect-It-Easy

    10,266在 GitHub 上查看↗

    Detect-It-Easy is a binary file identifier and analysis toolkit designed to determine file formats, compilers, and packers. It functions as a binary file identifier that utilizes signature matching and heuristic analysis to identify executable and archive formats. The project includes a custom file signature engine and a scriptable rule system for defining and applying detection logic to identify specific binary patterns. It features specialized detectors for Android packages, such as APK and DEX files, and a malware packer detector to identify protections, obfuscators, and virus families. T

    Offers a comprehensive set of utilities for opcode calculation, debug symbol extraction, and system structure inspection.

    JavaScriptbinary-analysisdebuggerdetect
    在 GitHub 上查看↗10,266
  • virustotal/yaraVirusTotal 的头像

    VirusTotal/yara

    9,420在 GitHub 上查看↗

    YARA is a pattern matching engine and binary analysis tool used to identify and classify malware samples. It functions as a malware research framework that allows for the definition of file descriptions and detection rules to find indicators of compromise within binaries. The system enables the creation of custom detection rules using strings, wildcards, and regular expressions. These rules use boolean logic to match textual or binary patterns, allowing for the classification of files into specific malware families and the automation of threat intelligence. The engine utilizes Aho-Corasick s

    Provides a utility for inspecting the contents of binaries to find indicators of compromise.

    Cyara
    在 GitHub 上查看↗9,420
  • capstone-engine/capstonecapstone-engine 的头像

    capstone-engine/capstone

    8,858在 GitHub 上查看↗

    Capstone is a multi-architecture disassembly framework and binary analysis engine. It translates raw machine code from various CPU architectures, such as x86, ARM, and RISC-V, into human-readable assembly instructions. The engine distinguishes itself by providing instruction semantic decomposition, which lists implicit registers read and written, and the ability to customize instruction mnemonics to meet specific technical analysis standards. It also features resilient stream disassembly, allowing the process to resynchronize and continue after encountering invalid instructions or embedded da

    Decomposes machine instructions into granular semantics and extracts detailed operand and register access information.

    Carmarm64bpf
    在 GitHub 上查看↗8,858
  • aquynh/capstoneaquynh 的头像

    aquynh/capstone

    8,839在 GitHub 上查看↗

    Capstone is a multi-architecture disassembly framework and binary translation system. It converts binary machine code into human-readable assembly instructions for a wide variety of hardware instruction set architectures and virtual machines. The framework supports a diverse range of targets, including x86, ARM, RISC-V, and MIPS, as well as virtual machine environments like WebAssembly and the Ethereum Virtual Machine. It functions as an instruction analysis tool capable of extracting granular decomposition data and semantic information from disassembled code. The engine is designed for low-

    Provides a lightweight binary analysis engine designed for use in firmware or operating system kernels.

    C
    在 GitHub 上查看↗8,839
  • hugsy/gefhugsy 的头像

    hugsy/gef

    8,020在 GitHub 上查看↗

    GEF is a Python-based extension for GDB that serves as a framework for binary analysis, exploit development, and low-level debugging. It functions as a dynamic analysis extension designed to assist in reverse engineering workflows and malware analysis by enhancing the debugger's ability to inspect process state and memory. The project is distinguished by its specialized heap analysis tools, which allow for the inspection of glibc heap arenas, bins, and chunks to detect memory corruption. It also provides a dedicated toolkit for exploit development, including cyclic pattern generation for offs

    Executes analysis tasks across various CPU architectures using a unified and extensible interface.

    Pythonbinary-ninjactfdebugging
    在 GitHub 上查看↗8,020
  • n64recomp/n64recompN64Recomp 的头像

    N64Recomp/N64Recomp

    7,877在 GitHub 上查看↗

    N64Recomp is a static recompiler and binary-to-C translator designed to convert Nintendo 64 machine code and MIPS architecture binaries into C source code. This system functions as a game console decompiler that enables the native execution of legacy binaries on modern platforms by eliminating the need for runtime interpreters. The project distinguishes itself by translating specialized RSP microcode into executable source code to replace traditional microcode emulation. It employs a system of relocation macros and lookup tables to resolve relocatable memory overlays and dynamic program secti

    Uses relocation macros and lookup tables to resolve dynamic memory addresses for relocatable program overlays.

    C++
    在 GitHub 上查看↗7,877
  • google/android-classysharkgoogle 的头像

    google/android-classyshark

    7,565在 GitHub 上查看↗

    Android Classyshark is a binary analysis toolset designed to extract structural data from Android executable files. It functions as a bytecode viewer and binary XML parser to analyze compiled Java and Android binaries. The project converts binary XML files into readable formats for the inspection of application manifests, layouts, and resource files. It also provides the ability to analyze class interfaces, members, and dependency counts without requiring access to the original source code. The toolset supports static analysis and the export of binary information into plain text formats for

    Provides a suite for extracting structural data from Android executable files for external tools and CI pipelines.

    Java
    在 GitHub 上查看↗7,565
上一个12下一个
  1. Home
  2. Operating Systems & Systems Programming
  3. Binary Analysis Capabilities
  4. Binary Analysis Tools

探索子标签

  • Binary Difference Analysis1 个子标签Analyzing compiled binaries to identify specific content changes between different versions. **Distinct from Binary Analysis Tools:** Focuses on comparing two versions of a binary rather than general inspection or disassembly.
  • Cross-Architecture Analysis Tools5 个子标签Tools for analyzing and disassembling binaries across multiple processor architectures. **Distinct from Binary Analysis Tools:** Distinct from general binary analysis tools: focuses on the cross-architecture capability within a unified environment.
  • Isolated Environments1 个子标签Containerized runtimes for executing binary analysis tools securely and consistently. **Distinct from Binary Analysis Tools:** Focuses on the isolation and deployment environment of the tools rather than the analysis techniques themselves