Binary Analysis

A static analysis tool for PE files that identifies potential malicious indicators through compiler detection, packing analysis, signature matching, and suspicious string identification.

A Windows context menu integration tool that scans files and folders for malware patterns, crypto signatures, and malicious documents using Yara rules and PEID signatures.

A collection of YARA rules specifically designed for forensic investigations and malware analysis, providing pattern matching capabilities for files and memory dumps.

A collection of Python scripts that automate tasks and extend IDA Pro disassembler functionality for reverse engineering workflows.

VolatilityBot automates memory dump analysis by extracting executables, detecting code injections, and performing automated malware scanning using YARA and ClamAV.

A bash script that analyzes executable files to check security properties like PIE, RELRO, canaries, ASLR, and Fortify Source protections.

Redexer is a reengineering tool that parses, analyzes, and modifies Android DEX files for binary manipulation and permission analysis.

iOS Reverse Engineering Toolkit for automating common tasks in iOS penetration testing.

FARA is a repository of purposefully erroneous Yara rules for training security analysts.

StringSifter is a machine learning tool that automatically ranks strings extracted from malware samples based on their relevance for analysis.

A collection of Yara signatures for identifying malware and other threats

A Java bytecode assembler and disassembler toolkit that converts classfiles to human-readable format and provides decompilation capabilities for reverse engineering Java applications.

JD-GUI is a graphical Java decompiler that reconstructs and displays source code from compiled ".class" files for reverse engineering and code analysis purposes.

A backend agnostic debugger frontend for debugging binaries without source code access.

A Python script for scanning data within an IDB using Yara

Python 3 tool for parsing Yara rules with ongoing development.

RetDec is an LLVM-based decompiler that converts machine code from various architectures and file formats back into readable C-like source code for reverse engineering and malware analysis.

A C library that enables cross-platform execution of functions from stripped binaries using file names, offsets, and function signatures.

CAPA is a static analysis tool that detects and reports capabilities in executable files across multiple formats, mapping findings to MITRE ATT&CK tactics and techniques.

A declarative language for describing binary data structures that compiles into parsers for multiple programming languages.

ICSREF is a modular framework that automates reverse engineering of CODESYS industrial control system binaries to identify functions, library calls, and program structures.

Leading open source automated malware analysis system.

A collaborative malware analysis framework with various features for automated analysis tasks.

FLOSS is a static analysis tool that automatically extracts and deobfuscates hidden strings from malware binaries using advanced analysis techniques.