WinDiff WinDiff is an open-source web-based tool that allows browsing and comparing symbol and type information of Microsoft Windows binaries across different versions of the operating system. The binary database is automatically updated to...
Obfuscation Detection Obfuscation Detection is a Binary Ninja plugin to detect obfuscated code and interesting code constructs (e.g., state machines) in binaries. Given a binary, the plugin eases analysis by identifying code locations which might...
Hobbits Hobbits is a software platform for analyzing, processing and visualizing bits. The Hobbits GUI is the central tool of the platform and will be the primary focus of this document. The Hobbits Runner...
B(l)utter Flutter Mobile Application Reverse Engineering Tool by Compiling Dart AOT Runtime Currently, the application supports only Android libapp.so. Also, the application currently works only against recent Dart versions. Install This application uses the...
Obfu[DE]scate Obfu[DE]scate is a Python tool designed to simplify the process of de-obfuscating and comparing two versions of an Android APK – even if the functions have been renamed as part of obfuscation. With...
unblob is an accurate, fast, and easy-to-use extraction suite. It parses unknown binary blobs for more than 30 different archive, compression, and file-system formats, extracts their content recursively, and carves out unknown chunks that have not been accounted for. How does it work? unblob...
vmlinux-to-elf This tool allows to obtain a fully analyzable .ELF file from a vmlinux/vmlinuz/bzImage/zImage kernel image (either a raw binary blob or a preexisting but stripped .ELF file), with recovered function and variable symbols....
CAPE is a malware sandbox. It is derived from Cuckoo and is designed to automate the process of malware analysis with the goal of extracting payloads and configuration from malware. This allows CAPE to...
Fuzzable Framework for Automating Fuzzable Target Discovery with Static Analysis Vulnerability researchers conducting security assessments on software will often harness the capabilities of coverage-guided fuzzing through powerful tools like AFL++ and libFuzzer. This is important as...
Driver Buddy Reloaded Driver Buddy Reloaded is an IDA Pro Python plugin that helps automate some tedious Windows Kernel Drivers reverse engineering tasks. It has a number of handy features, such as: Identifying the type...
Speakeasy Speakeasy is a portable, modular, binary emulator designed to emulate Windows kernel and user mode malware. Instead of attempting to perform dynamic analysis using an entire virtualized operating system, Speakeasy will emulate specific...
AlphaGolang AlphaGolang is a collection of IDAPython scripts to help malware reverse engineers master Go binaries. The idea is to break the scripts into concrete steps, thus avoiding brittle monolithic scripts, and mimicking the...
BREAD BREAD (BIOS Reverse Engineering & Advanced Debugging) is an ‘injectable’ real-mode x86 debugger that can debug arbitrary real-mode code (on real HW) from another PC via serial cable. BREAD emerged from many failed...
Process Dump Process Dump is a Windows reverse-engineering command-line tool to dump malware memory components back to disk for analysis. Often malware files are packed and obfuscated before they are executed in order to...
Fuzztruction Fuzztruction is an academic prototype of a fuzzer that does not directly mutate inputs (as most fuzzers do) but instead uses a so-called generator application to produce an input for our fuzzing target....
Frelatage Frelatage is a coverage-based Python fuzzing library which can be used to fuzz python code. The development of Frelatage was inspired by various other fuzzers, including AFL/AFL++, Atheris, and PythonFuzz. The main purpose of the project is...
