Binary Analysis

angr is a Python-based binary analysis framework that provides disassembly, symbolic execution, and program analysis capabilities for cross-platform binary examination.

Ropper is a multi-architecture binary analysis tool that searches for ROP gadgets and displays information about executable files for exploit development.

Ghidra is an NSA-developed software reverse engineering framework that provides disassembly, decompilation, and analysis tools for examining compiled code across multiple platforms and processor architectures.

Generate Yara rules from function basic blocks in x64dbg.

Binwalk is a firmware analysis tool that enables reverse engineering and extraction of embedded file systems and archives from firmware images.

BARF is an open source binary analysis framework for supporting various binary code analysis tasks in information security.

A minimal library to generate YARA rules from JAVA with maven support.

PLASMA is an interactive disassembler that generates readable assembly code with colored syntax for reverse engineering binary files across multiple architectures and formats.

A binary analysis and management framework for organizing and analyzing malware and exploit samples, and creating plugins.

A command-line tool that visually displays YARA rule matches, regex matches, and hex patterns in binary data with colored output and configurable context bytes.

Andromeda makes reverse engineering of Android applications faster and easier.

VxSig is a Google-developed tool that automatically generates antivirus byte signatures from similar binaries for Yara and ClamAV detection engines.

Tool for visualizing correspondences between YARA ruleset and samples

Dependencies is an open-source modern replacement for Dependency Walker that helps Windows developers analyze and troubleshoot DLL load dependency issues.

A .NET assembly debugger and editor that enables reverse engineering and dynamic analysis of compiled .NET applications without source code access.

Docker file for building Androguard dependencies with an optional interactive shell environment.

Santa is a macOS binary and file access authorization system that monitors executions and makes allow/block decisions based on local database rules.

steg86 is a steganographic tool that hides information within x86 and AMD64 binary executables without affecting their performance or file size.

Automate the process of writing YARA rules based on executable code within malware.

PINT is a PIN tool that enables Lua scripting for Intel's PIN dynamic instrumentation framework, allowing researchers to inject custom code during binary analysis processes.

ELFcrypt encrypts ELF binaries with obfuscation and anti-debugging features to protect against reverse engineering.

A .Net wrapper library for the native Yara library with interoperability and portability features.

Fnord is a pattern extraction tool that analyzes obfuscated code using sliding window techniques to identify frequent byte sequences and generate experimental YARA rules for malware analysis.

A collection of reverse engineering challenges covering a wide range of topics and difficulty levels.