capa: identify capabilities in executable files
capa capa detects capabilities in executable files. You run it against a PE file or shellcode and it tells you what it thinks the program can do. For example, it might suggest that the...
Category: Reverse Engineering
drmemory: Memory Debugger for Windows, Linux, Mac, and Android
Dr. Memory: the memory debugger Dr. Memory is a memory monitoring tool capable of identifying memory-related programming errors such as accesses of uninitialized memory, accesses to unaddressable memory (including outside of allocated heap units...
pwndbg: Exploit Development and Reverse Engineering with GDB
pwndbg pwndbg (/poʊndbæg/) is a GDB plug-in that makes debugging with GDB suck less, with a focus on features needed by low-level software developers, hardware hackers, reverse-engineers and exploit developers. Pwndbg has a lot of...
Ntoseye: Windows kernel debugger for Linux hosts running Windows under KVM/QEMU
Ntoseye Windows kernel debugger for Linux hosts running Windows under KVM/QEMU. Features Command line interface WinDbg style commands Kernel debugging PDB fetching Breakpointing Scripting API (Lua) Supported Windows ntoseye currently only supports Windows 10...
HexForge IDA plugin: extends the functionality of the assembly and hex view
HexForge IDA plugin This IDA plugin extends the functionality of the assembly and hex view. With this plugin, you can conveniently decode/decrypt/alter data directly from the IDA Pro interface. The following actions include: Copying...
BPF Compiler Collection: BPF-based Linux IO analysis, networking, monitoring, and more
BPF Compiler Collection (BCC) BCC is a toolkit for creating efficient kernel tracing and manipulation programs and includes several useful tools and examples. It makes use of extended BPF (Berkeley Packet Filters), formally known...
oletools: analyze MS OLE2 files & MS Office documents, for malware analysis, forensics & debugging
python-oletools oletools is a package of python tools to analyze Microsoft OLE2 files (also called Structured Storage, Compound File Binary Format, or Compound Document File Format), such as Microsoft Office documents or Outlook messages, mainly for...
SEMA: ToolChain using Symbolic Execution for Malware Analysis
SEMA – ToolChain using Symbolic Execution for Malware Analysis SEMA is based on angr, a symbolic execution engine used to extract API calls. Especially, we extend ANGR with strategies to create representative signatures based...
HyperDbg: open-source, hypervisor-assisted user-mode, and kernel-mode Windows debugger
HyperDbg Debugger HyperDbg debugger is an open-source, hypervisor-assisted user-mode, and kernel-mode Windows debugger with a focus on using modern hardware technologies. It is a debugger designed for analyzing, fuzzing, and reversing. HyperDbg is designed...
strace: a diagnostic, debugging, and instructional userspace utility for Linux
strace – the Linux syscall tracer strace is a diagnostic, debugging, and instructional userspace utility for Linux. It is used to monitor and tamper with interactions between processes and the Linux kernel, which include...
Amoco: tool for analysing binaries
Amoco Amoco is a Python package dedicated to the (static) analysis of binaries. It features: a generic framework for decoding instructions developed to reduce the time needed to implement support for new architectures. For...
WinObjEx64: Windows Object Explorer 64-bit
WinObjEx64 WinObjEx64 is an advanced utility that lets you explore the Windows Object Manager namespace. For certain object types, you can double-click on it or use the “Properties…” toolbar button to get more information,...
dnSpy: .NET assembly editor, decompiler, and debugger
dnSpy dnSpy is a tool to reverse engineer .NET assemblies. It includes a decompiler, a debugger, and an assembly editor (and more) and can be easily extended by writing your extension. It uses dnlib to...
HAL: The Hardware Analyzer
HAL- Hardware Analyzer Virtually all available research on netlist analysis operates on a graph-based representation of the netlist under inspection. At its core, HAL provides exactly that: A framework to parse netlists of arbitrary...
python-uncompyle6: A cross-version Python bytecode decompiler
uncompyle6 A native Python cross-version decompiler and fragment decompiler. The successor to decompyle, uncompyle, and uncompyle2. Introduction uncompyle6 translates Python bytecode back into the equivalent Python source code. It accepts bytecodes from Python version...
ImHex: Hex Editor for Reverse Engineers, Programmers
ImHex A Hex Editor for Reverse Engineers, Programmers, and people who value their eyesight when working at 3 AM. Features Featureful hex view Byte patching Patch management Copy bytes as a feature Bytes...
