35 tools and resources
Copy executables with execute, but no read permission on Unix systems.
HxD is a freeware hex editor and disk editor with advanced features for editing files, memory, and disks.
A tool that scans a corpus of malware and builds a YARA rule to detect similar code sections.
A Python library for loading and executing Beacon Object Files (BOFs) in-memory.
Verify scripts and executables to mitigate chain of supply attacks.
Ropper is a tool for analyzing binary files and searching for gadgets to build rop chains for different architectures.
A command-line tool for creating hex dumps, converting between binary and human-readable representations, and patching binary files.
Online Java decompiler tool with support for modern Java features.
PLASMA is an interactive disassembler with support for various architectures and formats, offering a Python API for scripting.
Visually inspect regex matches in binary data/text with YARA and regular expressions, displaying matched bytes and surrounding context.
SWFTools is a collection of utilities for working with Adobe Flash files, including tools for converting PDFs, images, audio, and video files to SWF format.
A collection of binary tools for various purposes including linking, assembling, profiling, and more.
Enhances the reading experience of smali code in Emacs.
Cybersecurity tool merging DarunGrim's analysis algorithms, currently in internal testing for official release.
Python forensic tool for extracting and analyzing information from Firefox, Iceweasel, and Seamonkey browsers.
PLCinject is a tool for injecting and patching blocks on PLCs with a call instruction.
Collection of Windows oneliners for executing arbitrary code and downloading remote payloads.
A library to access and parse the Microsoft Internet Explorer Cache File format.
A tool for translating Dalvik bytecode to equivalent Java bytecode, allowing Java analysis tools to analyze Android applications.
iOS Mobile Backup Xtractor tool for extracting iOS backups.
A tool for parsing Google Protobuf encoded blobs without the accompanying definition, providing a colored representation of the contents.
A tool for creating compact Linux memory dumps compatible with popular debugging tools.
A Python script that converts shellcode into a PE32 or PE32+ file.
Bmaptool is a project no longer maintained by Intel, users are advised to create their own fork for ongoing use.
Krakatau provides an assembler and disassembler for Java bytecode, supporting conversion, creation, examination, comparison, and decompilation of Java binaries.
A command-line utility for examining Objective-C runtime information in Mach-O files and generating class declarations.
A library to access and read QEMU Copy-On-Write (QCOW) image file formats with support for zlib compression and AES-CBC encryption.
A command-line utility for extracting human-readable text from binary files.
A tool for malware analysts to search through base64-encoded samples and generate yara rules.
Inceptor is a template-driven framework for evading Anti-Virus and Endpoint Detection and Response solutions, allowing users to create custom evasion techniques and test their security controls.
Kaitai Struct is a declarative language for describing binary data structures.
FLARE Obfuscated String Solver (FLOSS) automatically extracts and deobfuscates strings from malware binaries using advanced static analysis techniques.
wxHexEditor is a free hex editor / disk editor with various data manipulation operations and visualization functionalities.
Universal hexadecimal editor for computer forensics, data recovery, and IT security.
DMG2IMG is a tool for converting Apple compressed dmg archives to standard image disk files with support for zlib, bzip2, and LZFSE compression.
