Binary Analysis
Explore 68 curated tools and resources
Search tools and resources by name, description, or purpose... (⌘+K)
PINNED
ImmuniWeb Discovery is an attack surface management platform that continuously monitors an organization's external digital assets for security vulnerabilities, misconfigurations, and threats across domains, applications, cloud resources, and the dark web.
ImmuniWeb Discovery is an attack surface management platform that continuously monitors an organization's external digital assets for security vulnerabilities, misconfigurations, and threats across domains, applications, cloud resources, and the dark web.
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
A cloud-native web application and API security solution that uses contextual AI to protect against known and zero-day threats without signature-based detection.
A cloud-native web application and API security solution that uses contextual AI to protect against known and zero-day threats without signature-based detection.
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
LATEST ADDITIONS
A software supply chain security platform that analyzes binaries and software components to detect malware, vulnerabilities, exposed secrets, and tampering throughout the development lifecycle.
A software supply chain security platform that analyzes binaries and software components to detect malware, vulnerabilities, exposed secrets, and tampering throughout the development lifecycle.
DerScanner is a comprehensive application security testing platform that combines SAST, DAST, MAST, SCA, and Binary Analysis capabilities with support for on-premises deployment and CI/CD integration.
DerScanner is a comprehensive application security testing platform that combines SAST, DAST, MAST, SCA, and Binary Analysis capabilities with support for on-premises deployment and CI/CD integration.
A binary analysis platform for analyzing binary programs
A binary analysis platform for analyzing binary programs
A powerful reverse engineering framework
A reverse engineering framework with a focus on usability and code cleanliness
A reverse engineering framework with a focus on usability and code cleanliness
An open-source binary debugger for Windows with a comprehensive plugin system for malware analysis and reverse engineering.
An open-source binary debugger for Windows with a comprehensive plugin system for malware analysis and reverse engineering.
A comprehensive malware-analysis tool that utilizes external AV scanners to identify malicious elements in binary files.
A comprehensive malware-analysis tool that utilizes external AV scanners to identify malicious elements in binary files.
A malware/botnet analysis framework with a focus on network analysis and process comparison.
A malware/botnet analysis framework with a focus on network analysis and process comparison.
Embeddable Yara library for Java with support for loading rules and scanning data.
Embeddable Yara library for Java with support for loading rules and scanning data.
Dynamic binary analysis library with various analysis and emulation capabilities.
Dynamic binary analysis library with various analysis and emulation capabilities.
Pwndbg is a GDB plug-in that enhances the debugging experience for low-level software developers, hardware hackers, reverse-engineers, and exploit developers.
Pwndbg is a GDB plug-in that enhances the debugging experience for low-level software developers, hardware hackers, reverse-engineers, and exploit developers.
A non-commercial wargame site offering pwn challenges related to system exploitation with different difficulty levels.
A non-commercial wargame site offering pwn challenges related to system exploitation with different difficulty levels.
Generates a YARA rule to match basic blocks of the current function in IDA Pro
Generates a YARA rule to match basic blocks of the current function in IDA Pro
A malware processing and analytics tool that utilizes Pig, Django, and Elasticsearch to analyze and visualize malware data.
A malware processing and analytics tool that utilizes Pig, Django, and Elasticsearch to analyze and visualize malware data.
Boston Key Party CTF 2013 - cybersecurity competition with challenges in various domains.
Boston Key Party CTF 2013 - cybersecurity competition with challenges in various domains.
angr is a Python 3 library for binary analysis with various capabilities like symbolic execution and decompilation.
angr is a Python 3 library for binary analysis with various capabilities like symbolic execution and decompilation.
Generate Yara rules from function basic blocks in x64dbg.
Generate Yara rules from function basic blocks in x64dbg.
BARF is an open source binary analysis framework for supporting various binary code analysis tasks in information security.
BARF is an open source binary analysis framework for supporting various binary code analysis tasks in information security.
RTA provides a framework of scripts for blue teams to test detection capabilities against malicious tradecraft, modeled after MITRE ATT&CK.
RTA provides a framework of scripts for blue teams to test detection capabilities against malicious tradecraft, modeled after MITRE ATT&CK.
A minimal library to generate YARA rules from JAVA with maven support.
A minimal library to generate YARA rules from JAVA with maven support.
PLASMA is an interactive disassembler with support for various architectures and formats, offering a Python API for scripting.
PLASMA is an interactive disassembler with support for various architectures and formats, offering a Python API for scripting.
A binary analysis and management framework for organizing and analyzing malware and exploit samples, and creating plugins.
A binary analysis and management framework for organizing and analyzing malware and exploit samples, and creating plugins.
Visually inspect regex matches in binary data/text with YARA and regular expressions, displaying matched bytes and surrounding context.
Visually inspect regex matches in binary data/text with YARA and regular expressions, displaying matched bytes and surrounding context.
Andromeda makes reverse engineering of Android applications faster and easier.
Andromeda makes reverse engineering of Android applications faster and easier.
Tool for visualizing correspondences between YARA ruleset and samples
Tool for visualizing correspondences between YARA ruleset and samples
Docker file for building Androguard dependencies with an optional interactive shell environment.
Docker file for building Androguard dependencies with an optional interactive shell environment.
Automate the process of writing YARA rules based on executable code within malware.
Automate the process of writing YARA rules based on executable code within malware.
A .Net wrapper library for the native Yara library with interoperability and portability features.
A .Net wrapper library for the native Yara library with interoperability and portability features.
A collection of reverse engineering challenges covering a wide range of topics and difficulty levels.
A collection of reverse engineering challenges covering a wide range of topics and difficulty levels.
Binary Ninja is an interactive decompiler, disassembler, debugger, and binary analysis platform with a focus on automation and a clean GUI.
Binary Ninja is an interactive decompiler, disassembler, debugger, and binary analysis platform with a focus on automation and a clean GUI.
Yabin creates Yara signatures from malware to find similar samples.
cwe_checker is a suite of checks to detect common bug classes in ELF binaries using Ghidra for firmware analysis.
cwe_checker is a suite of checks to detect common bug classes in ELF binaries using Ghidra for firmware analysis.
A 32-bit assembler level analyzing debugger for Microsoft Windows.
A 32-bit assembler level analyzing debugger for Microsoft Windows.
A disassembly framework with support for multiple hardware architectures and clean API.
A disassembly framework with support for multiple hardware architectures and clean API.
Automatic YARA rule generation for malware repositories.
A YARA interactive debugger for the YARA language written in Rust, providing features like function calls, constant evaluation, and string matching.
YARA module for supporting DCSO format bloom filters with hashlookup capabilities.
YARA module for supporting DCSO format bloom filters with hashlookup capabilities.
Bindings for the Yara library from VirusTotal with support for Yara v4.2 and various features like rule compilation and scanning.
Bindings for the Yara library from VirusTotal with support for Yara v4.2 and various features like rule compilation and scanning.
YARA is a tool for identifying and classifying malware samples based on textual or binary patterns.
YARA is a tool for identifying and classifying malware samples based on textual or binary patterns.
Frontpage of the IO wargame with various versions and connection details.
Search gadgets on binaries to facilitate ROP exploitation.
dynStruct is a tool for monitoring memory accesses of an ELF binary and recovering structures of the original code.
dynStruct is a tool for monitoring memory accesses of an ELF binary and recovering structures of the original code.
Web-based tool for browsing mobile applications sandbox and previewing SQLite databases.
Web-based tool for browsing mobile applications sandbox and previewing SQLite databases.
A tool for building and installing PhoneyC with optional Python version configuration and root privileges.
A tool for building and installing PhoneyC with optional Python version configuration and root privileges.
A full python tool for analyzing Android files with various functionalities.
A full python tool for analyzing Android files with various functionalities.
A new age tool for binary analysis that uses statistical visualizations to help find patterns in large amounts of binary data.
A new age tool for binary analysis that uses statistical visualizations to help find patterns in large amounts of binary data.
Go bindings for YARA with installation and build instructions.
Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers.
Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers.
A collection of setup scripts for various security research tools with installers for tools like afl, angr, barf, and more.
A collection of setup scripts for various security research tools with installers for tools like afl, angr, barf, and more.
Official repository of YARA rules for threat detection and hunting
Official repository of YARA rules for threat detection and hunting
iOS Reverse Engineering Toolkit for automating common tasks in iOS penetration testing.
iOS Reverse Engineering Toolkit for automating common tasks in iOS penetration testing.
FARA is a repository of purposefully erroneous Yara rules for training security analysts.
A collection of Yara signatures for identifying malware and other threats
A collection of Yara signatures for identifying malware and other threats
Standalone graphical utility for viewing Java source codes from ".class" files.
Standalone graphical utility for viewing Java source codes from ".class" files.
Inspeckage is a dynamic analysis tool for Android applications offering insights into app behavior and real-time monitoring capabilities.
Inspeckage is a dynamic analysis tool for Android applications offering insights into app behavior and real-time monitoring capabilities.
A backend agnostic debugger frontend for debugging binaries without source code access.
A backend agnostic debugger frontend for debugging binaries without source code access.
A Python script for scanning data within an IDB using Yara
Python 3 tool for parsing Yara rules with ongoing development.
A library for running basic functions from stripped binaries cross platform.
A library for running basic functions from stripped binaries cross platform.
A security oriented, feedback-driven, evolutionary, easy-to-use fuzzer with interesting analysis options.
A security oriented, feedback-driven, evolutionary, easy-to-use fuzzer with interesting analysis options.
Leading open source automated malware analysis system.
A collaborative malware analysis framework with various features for automated analysis tasks.
A collaborative malware analysis framework with various features for automated analysis tasks.
Fernflower is an analytical decompiler for Java with command-line options and support for external classes.
Fernflower is an analytical decompiler for Java with command-line options and support for external classes.
Binary analysis and management framework for organizing malware and exploit samples.
Binary analysis and management framework for organizing malware and exploit samples.
Repository of TRISIS/TRITON/HatMan malware samples and decompiled sources targeting ICS Triconex SIS controllers.
Repository of TRISIS/TRITON/HatMan malware samples and decompiled sources targeting ICS Triconex SIS controllers.
A tool for processing compiled YARA rules in IDA.
Use FindYara, an IDA python plugin, to scan your binary with yara rules and quickly jump to matches.
Use FindYara, an IDA python plugin, to scan your binary with yara rules and quickly jump to matches.