unblob is an accurate, fast, and easy-to-use extraction suite. It parses unknown binary blobs for more than 30 different archive, compression, and file-system formats, extracts their content recursively, and carves out unknown chunks that have not been accounted for. How does it work? unblob...
vmlinux-to-elf This tool allows to obtain a fully analyzable .ELF file from a vmlinux/vmlinuz/bzImage/zImage kernel image (either a raw binary blob or a preexisting but stripped .ELF file), with recovered function and variable symbols....
CAPE is a malware sandbox. It is derived from Cuckoo and is designed to automate the process of malware analysis with the goal of extracting payloads and configuration from malware. This allows CAPE to...
Fuzzable Framework for Automating Fuzzable Target Discovery with Static Analysis Vulnerability researchers conducting security assessments on software will often harness the capabilities of coverage-guided fuzzing through powerful tools like AFL++ and libFuzzer. This is important as...
Driver Buddy Reloaded Driver Buddy Reloaded is an IDA Pro Python plugin that helps automate some tedious Windows Kernel Drivers reverse engineering tasks. It has a number of handy features, such as: Identifying the type...
Speakeasy Speakeasy is a portable, modular, binary emulator designed to emulate Windows kernel and user mode malware. Instead of attempting to perform dynamic analysis using an entire virtualized operating system, Speakeasy will emulate specific...
AlphaGolang AlphaGolang is a collection of IDAPython scripts to help malware reverse engineers master Go binaries. The idea is to break the scripts into concrete steps, thus avoiding brittle monolithic scripts, and mimicking the...
BREAD BREAD (BIOS Reverse Engineering & Advanced Debugging) is an ‘injectable’ real-mode x86 debugger that can debug arbitrary real-mode code (on real HW) from another PC via serial cable. BREAD emerged from many failed...
Process Dump Process Dump is a Windows reverse-engineering command-line tool to dump malware memory components back to disk for analysis. Often malware files are packed and obfuscated before they are executed in order to...
Fuzztruction Fuzztruction is an academic prototype of a fuzzer that does not directly mutate inputs (as most fuzzers do) but instead uses a so-called generator application to produce an input for our fuzzing target....
Frelatage Frelatage is a coverage-based Python fuzzing library which can be used to fuzz python code. The development of Frelatage was inspired by various other fuzzers, including AFL/AFL++, Atheris, and PythonFuzz. The main purpose of the project is...
Indetectables Toolkit This tool compilation is carefully crafted to be useful both for beginners and veterans of the malware analysis world. It has also proven useful for people trying their luck at the cracking...
FirmWire FirmWire is a full-system baseband firmware analysis platform that supports Samsung and MediaTek. It enables fuzzing, root-cause analysis, and debugging of baseband firmware images. FirmWire is the result of a multi-year, cross-university research...
Flopz – Firmware Liberation on Python Flopz is an assembler toolkit written in pure python. Use it to: Create shellcode for embedded systems Dynamically patch large collections of binaries Instrument firmware images, for debugging...
DotDumper An automatic unpacker and logger for DotNet Framework targeting files! This tool has been unveiled at Black Hat USA 2022. The automatic detection and classification of any given file in a reliable manner is...
BugChecker BugChecker is a SoftICE-like kernel and user debugger for Windows 11 (and Windows XP as well: it supports Windows versions from XP to 11, both x86 and x64). BugChecker doesn’t require a second machine...
