Runtime Mobile Security Runtime Mobile Security (RMS), powered by FRIDA, is a powerful web interface that helps you to manipulate Android Java Classes and Methods at Runtime. You can easily dump all the loaded classes...
FISSURE – The RF Framework Frequency Independent SDR-based Signal Understanding and Reverse Engineering FISSURE is an open-source RF and reverses engineering framework designed for all skill levels with hooks for signal detection and classification,...
cwe_checker cwe_checker is a suite of tools to detect common bug classes such as use of dangerous functions and simple integer overflows. These bug classes are formally known as Common Weakness Enumerations (CWEs). Its main goal is...
capa capa detects capabilities in executable files. You run it against a PE file or shellcode and it tells you what it thinks the program can do. For example, it might suggest that the...
Dr. Memory: the memory debugger Dr. Memory is a memory monitoring tool capable of identifying memory-related programming errors such as accesses of uninitialized memory, accesses to unaddressable memory (including outside of allocated heap units...
pwndbg pwndbg (/poʊndbæg/) is a GDB plug-in that makes debugging with GDB suck less, with a focus on features needed by low-level software developers, hardware hackers, reverse-engineers and exploit developers. Pwndbg has a lot of...
Ntoseye Windows kernel debugger for Linux hosts running Windows under KVM/QEMU. Features Command line interface WinDbg style commands Kernel debugging PDB fetching Breakpointing Scripting API (Lua) Supported Windows ntoseye currently only supports Windows 10...
HexForge IDA plugin This IDA plugin extends the functionality of the assembly and hex view. With this plugin, you can conveniently decode/decrypt/alter data directly from the IDA Pro interface. The following actions include: Copying...
BPF Compiler Collection (BCC) BCC is a toolkit for creating efficient kernel tracing and manipulation programs and includes several useful tools and examples. It makes use of extended BPF (Berkeley Packet Filters), formally known...
python-oletools oletools is a package of python tools to analyze Microsoft OLE2 files (also called Structured Storage, Compound File Binary Format, or Compound Document File Format), such as Microsoft Office documents or Outlook messages, mainly for...
SEMA – ToolChain using Symbolic Execution for Malware Analysis SEMA is based on angr, a symbolic execution engine used to extract API calls. Especially, we extend ANGR with strategies to create representative signatures based...
HyperDbg Debugger HyperDbg debugger is an open-source, hypervisor-assisted user-mode, and kernel-mode Windows debugger with a focus on using modern hardware technologies. It is a debugger designed for analyzing, fuzzing, and reversing. HyperDbg is designed...
strace – the Linux syscall tracer strace is a diagnostic, debugging, and instructional userspace utility for Linux. It is used to monitor and tamper with interactions between processes and the Linux kernel, which include...
Amoco Amoco is a Python package dedicated to the (static) analysis of binaries. It features: a generic framework for decoding instructions developed to reduce the time needed to implement support for new architectures. For...
WinObjEx64 WinObjEx64 is an advanced utility that lets you explore the Windows Object Manager namespace. For certain object types, you can double-click on it or use the “Properties…” toolbar button to get more information,...
dnSpy dnSpy is a tool to reverse engineer .NET assemblies. It includes a decompiler, a debugger, and an assembly editor (and more) and can be easily extended by writing your extension. It uses dnlib to...
