pwndbg pwndbg (/poʊndbæg/) is a GDB plug-in that makes debugging with GDB suck less, with a focus on features needed by low-level software developers, hardware hackers, reverse-engineers and exploit developers. Pwndbg has a lot of...
Ntoseye Windows kernel debugger for Linux hosts running Windows under KVM/QEMU. Features Command line interface WinDbg style commands Kernel debugging PDB fetching Breakpointing Scripting API (Lua) Supported Windows ntoseye currently only supports Windows 10...
HexForge IDA plugin This IDA plugin extends the functionality of the assembly and hex view. With this plugin, you can conveniently decode/decrypt/alter data directly from the IDA Pro interface. The following actions include: Copying...
BPF Compiler Collection (BCC) BCC is a toolkit for creating efficient kernel tracing and manipulation programs and includes several useful tools and examples. It makes use of extended BPF (Berkeley Packet Filters), formally known...
python-oletools oletools is a package of python tools to analyze Microsoft OLE2 files (also called Structured Storage, Compound File Binary Format, or Compound Document File Format), such as Microsoft Office documents or Outlook messages, mainly for...
SEMA – ToolChain using Symbolic Execution for Malware Analysis SEMA is based on angr, a symbolic execution engine used to extract API calls. Especially, we extend ANGR with strategies to create representative signatures based...
HyperDbg Debugger HyperDbg debugger is an open-source, hypervisor-assisted user-mode, and kernel-mode Windows debugger with a focus on using modern hardware technologies. It is a debugger designed for analyzing, fuzzing, and reversing. HyperDbg is designed...
strace – the Linux syscall tracer strace is a diagnostic, debugging, and instructional userspace utility for Linux. It is used to monitor and tamper with interactions between processes and the Linux kernel, which include...
Amoco Amoco is a Python package dedicated to the (static) analysis of binaries. It features: a generic framework for decoding instructions developed to reduce the time needed to implement support for new architectures. For...
WinObjEx64 WinObjEx64 is an advanced utility that lets you explore the Windows Object Manager namespace. For certain object types, you can double-click on it or use the “Properties…” toolbar button to get more information,...
dnSpy dnSpy is a tool to reverse engineer .NET assemblies. It includes a decompiler, a debugger, and an assembly editor (and more) and can be easily extended by writing your extension. It uses dnlib to...
HAL- Hardware Analyzer Virtually all available research on netlist analysis operates on a graph-based representation of the netlist under inspection. At its core, HAL provides exactly that: A framework to parse netlists of arbitrary...
uncompyle6 A native Python cross-version decompiler and fragment decompiler. The successor to decompyle, uncompyle, and uncompyle2. Introduction uncompyle6 translates Python bytecode back into the equivalent Python source code. It accepts bytecodes from Python version...
ImHex A Hex Editor for Reverse Engineers, Programmers, and people who value their eyesight when working at 3 AM. Features Featureful hex view Byte patching Patch management Copy bytes as a feature Bytes...
Reverse Engineers’ Hex Editor A cross-platform (Windows, Linux, Mac) hex editor for reverse engineering, and everything else. Features Large (1TB+) file support Decoding of integer/floating point value types Inline disassembly of machine code Highlighting...
IAT-Tracer IAT-Tracer V2 is a plugin for Tiny-Tracer framework (by @hasherezade) for automatically detecting and resolving functions’ parameters out of the IAT or trace logs (.tag files) of PE files. The plugin has a GUI that...
