Binary Security
Explore 173 curated tools and resources
LATEST ADDITIONS
A command-line program for finding secrets and sensitive information in textual data and Git history.
A deserialization payload generator for .NET formatters
A collection of tools for extracting and analyzing information from .git repositories
A tool for generating .NET serialized gadgets for triggering .NET assembly load/execution.
A company that helps organizations create security-aware teams and produce bug-free software.
An article in Phrack Magazine discussing the creation of shellcode for StrongARM/Linux architecture.
A collection of Yara rules for identifying malicious PEs with unique or suspicious PDB paths.
Copy executables with execute, but no read permission on Unix systems.
YaraHunter scans container images, running Docker containers, and filesystems to find indicators of malware.
A non-commercial wargame site offering pwn challenges related to system exploitation with different difficulty levels.
Generates a YARA rule to match basic blocks of the current function in IDA Pro
HxD is a freeware hex editor and disk editor with advanced features for editing files, memory, and disks.
A tool that scans a corpus of malware and builds a YARA rule to detect similar code sections.
A Python library for loading and executing Beacon Object Files (BOFs) in-memory.
Tool to disable vulnerable features in Windows and popular applications for enhanced security.
AMDH is an Android tool for automating scanning, hardening system settings, detecting malware, and protecting privacy.
A tool for triaging crash files with various output formats and debugging engine options.
Repository of YARA rules for identifying and classifying malware.
Collection of Return-Oriented Programming challenges for practicing exploitation skills.
Stealing Signatures and Making One Invalid Signature at a Time.
A collection of resources for beginners to learn assembly language.
Verify scripts and executables to mitigate chain of supply attacks.
A collection of Android Fakebank and Tizi samples for analyzing spyware on Android devices.
A comprehensive open dictionary of fault injection patterns and predictable resource locations for dynamic application security testing
angr is a Python 3 library for binary analysis with various capabilities like symbolic execution and decompilation.
Generates shellcode that loads Windows payloads from memory and runs them with parameters.
A Yara ruleset for detecting PHP shells and other webserver malware.
Fridump is an open source memory dumping tool using the Frida framework for dumping memory addresses from various platforms.
A credit card/magstripe spoofer that can emulate any magnetic stripe or credit card wirelessly.
Online platform for image steganography analysis
A Windows Kernel driver intentionally vulnerable to help improve skills in kernel-level exploitation.
Ropper is a tool for analyzing binary files and searching for gadgets to build rop chains for different architectures.
A command-line tool for creating hex dumps, converting between binary and human-readable representations, and patching binary files.
Small script to simplify format string exploitation.
Online Java decompiler tool with support for modern Java features.
A Docker image with tools for solving Steganography challenges and screening scripts for analyzing files.
Tool to bypass endpoint solutions blocking known 'malicious' signed applications by obtaining valid signed files with different hashes.
A software reverse engineering framework with full-featured analysis tools and support for multiple platforms, instruction sets, and executable formats.
Binwalk is a tool for analyzing, reverse engineering, and extracting firmware images with security and Python 2.7 deprecation notices.
A library to access and parse Windows NT Registry File (REGF) format.
Yara mode for GNU Emacs to edit Yara related files
PLASMA is an interactive disassembler with support for various architectures and formats, offering a Python API for scripting.
A honeypot for Intel's AMT Firmware Vulnerability CVE-2017-5689
Visually inspect regex matches in binary data/text with YARA and regular expressions, displaying matched bytes and surrounding context.
UDcide provides an alternative approach to dealing with Android malware by targeting specific behaviors for removal.
SWFTools is a collection of utilities for working with Adobe Flash files, including tools for converting PDFs, images, audio, and video files to SWF format.
Exiv2 is a C++ library and command-line utility for image metadata manipulation.
A portable volatile memory acquisition tool for Linux.
A CTF platform inspired by motherfuckingwebsite.com, emphasizing simplicity and lightweight features.
A tool for xor analysis to guess key length and key based on most frequent characters.
VxSig is a tool to automatically generate AV byte signatures from similar binaries.
Original SmaliHook Java source for Android cracking and reversing.
A honeypot for malware that spreads via USB storage devices, detecting infections without further information.
AMExtractor is an Android Memory Extractor tool.
Java code implementing the AutoYara algorithm for automatic Yara rule generation from input samples.
Debugger and .NET assembly editor with advanced debugging features.
Microservice for scanning files with Yara
Instrumentation-based approach for resolving reflective calls in Android apps.
A tool that executes programs in memory from various sources
Santa is a binary and file access authorization system for macOS.
steg86 is a format-agnostic steganographic tool for x86 and AMD64 binaries.
Pint is a PIN tool that exposes the PIN API to lua scripts, allowing dynamic instrumentation of binaries.
ELFcrypt encrypts ELF binaries to prevent reverse engineering.
A Windows Registry hive extraction library that reads and writes Windows Registry 'hive' binary files.
A collection of binary tools for various purposes including linking, assembling, profiling, and more.
GuardDog is a CLI tool for identifying malicious PyPI and npm packages through heuristics and Semgrep rules.
Fnord is a pattern extractor for obfuscated code that extracts byte sequences and creates statistics, as well as generates experimental YARA rules.
Collection of vulnerable ARM binaries for beginner vulnerability researchers & exploit developers.
CTF toolkit for rapid exploit development and prototyping.
A collection of reverse engineering challenges covering a wide range of topics and difficulty levels.
Enhances the reading experience of smali code in Emacs.
Cybersecurity tool merging DarunGrim's analysis algorithms, currently in internal testing for official release.
Python forensic tool for extracting and analyzing information from Firefox, Iceweasel, and Seamonkey browsers.
Binary Ninja is an interactive decompiler, disassembler, debugger, and binary analysis platform with a focus on automation and a clean GUI.
A library to access and parse OLE 2 Compound File (OLECF) format files.
Holistic malware analysis platform with interactive sandbox, static analyzer, and emulation capabilities.
A command-line utility and Python package for mounting and unmounting various disk image formats with support for different volume systems and filesystems.
A tool that extracts and deobfuscates strings from malware binaries using advanced static analysis techniques.
A tool designed to extract additional value from enterprise-wide AppCompat / AmCache data
cwe_checker is a suite of checks to detect common bug classes in ELF binaries using Ghidra for firmware analysis.
PLCinject is a tool for injecting and patching blocks on PLCs with a call instruction.
A university course focused on vulnerability research, reverse engineering, and binary exploitation to teach practical offensive security skills.
Collection of Windows oneliners for executing arbitrary code and downloading remote payloads.
A library to access and parse the Microsoft Internet Explorer Cache File format.
Python Exploit Development Assistance for GDB with enhanced debugging features and commands for exploit development.
A Linux process injection tool that injects shellcode into a running process
A tool for breaking crypto and identifying weak cryptosystems, with a humorous name and a separate library called Cryptanalib.
Charlotte is an undetected C++ shellcode launcher for executing shellcode with stealth.
Tool for decompressing malware samples to run Yara rules against them.
FSquaDRA is a tool for detection of repackaged Android applications based on Jaccard similarity computation over digests of files.
A set of YARA rules for identifying files containing sensitive information
A framework for creating and executing pynids-based decoders and detectors of APT tradecraft
A blog post discussing INF-SCT fetch and execute techniques for bypass, evasion, and persistence
Recover event log entries from an image by heuristically looking for record structures.
A network-based panic button to overwrite LUKS header and shutdown the computer in emergencies, making data recovery impossible.
iOS Mobile Backup Xtractor tool for extracting iOS backups.
Vim syntax-highlighting plugin for YARA rules with support up to v4.3.
A de-obfuscator for M/o/Vfuscator, a notorious obfuscator, designed to reverse the effects of M/o/Vfuscator's obfuscation.
A freeware suite of tools for PE editing and process viewing, including CFF Explorer and Resource Editor.
Comprehensive cheat sheet for SQLite SQL injection techniques and payloads.
A tool for extracting files from packet capture files with ease of use and extensibility for Python developers.
Search gadgets on binaries to facilitate ROP exploitation.
dynStruct is a tool for monitoring memory accesses of an ELF binary and recovering structures of the original code.
A command-line utility to show and change EXIF information in JPEG files
edb is a powerful debugger for Linux binaries, enhancing reverse engineering efforts with a user-friendly interface and extensible plugins.
A command-line tool for searching and extracting strings from files with various options like ASCII and Unicode string search.
IDA Pro plugin for finding crypto constants
Object scanning system with scalable and flexible architecture for intrusion detection.
A pure Python parser for Windows Event Log files with access to File and Chunk headers, record templates, and event entries.
A tool for building and installing PhoneyC with optional Python version configuration and root privileges.
A VMware image for penetration testing purposes
A static analysis framework for extracting key characteristics from various file formats
A tool for reading Portable Executable (PE) files with detailed information about the file structure.
A tool for parsing Google Protobuf encoded blobs without the accompanying definition, providing a colored representation of the contents.
A tool for creating compact Linux memory dumps compatible with popular debugging tools.
A collection of setup scripts for various security research tools with installers for tools like afl, angr, barf, and more.
Python wrapper for the Libemu library for analyzing shellcode.
A tool for reverse engineering Android apk files.
Bmaptool is a project no longer maintained by Intel, users are advised to create their own fork for ongoing use.
A static analysis tool for PE files that detects malicious behavior and provides information for manual analysis.
Yara pattern matching tool for forensic investigations with predefined rules for magic headers in files and raw images.
A PE/COFF file viewer that displays header, section, directory, import table, export table, and resource information within various file types.
Utility for comparing control flow graph signatures to Android methods with scanning capabilities for malicious applications.
TikiTorch offers advanced process injection capabilities to execute code stealthily in another process's space.
UPX is a high-performance executable packer for various executable formats.
CHIPSEC is a framework for analyzing the security of PC platforms and components, with tools for low-level interfaces and forensic capabilities.
VolatilityBot automates binary extraction and memory analysis, including detecting code injections and strings.
Checksec is a bash script to check the properties of executables like PIE, RELRO, Canaries, ASLR, Fortify Source.
A collection of Yara rules for the Burp Yara-Scanner extension to identify malicious software on websites.
Redexer is a reengineering tool for Android app binaries with features like RefineDroid and Dr. Android.
DueDLLigence is an open-source tool for identifying and analyzing DLL hijacking vulnerabilities in Windows applications, providing automated analysis and remediation guidance.
StringSifter is a machine learning tool for automatically ranking strings for malware analysis.
A PoC tool for generating Excel files with embedded macros without using Excel.
Enables code injection into Mac OS X processes with detailed version history and contributing guidelines.
A live archive of DEF CON CTF challenges, vulnerable by design, for hackers to play safely.
A Rust-based command-line tool for analyzing .apk files to detect vulnerabilities.
Krakatau provides an assembler and disassembler for Java bytecode, supporting conversion, creation, examination, comparison, and decompilation of Java binaries.
A tool to locally check for signs of a rootkit with various checks and tests.
A command-line utility for examining Objective-C runtime information in Mach-O files and generating class declarations.
Standalone graphical utility for viewing Java source codes from ".class" files.
A static analysis tool for Android apps that detects malware and other malicious code
Scans running processes for potentially malicious implants and dumps them.
A library to access and read QEMU Copy-On-Write (QCOW) image file formats with support for zlib compression and AES-CBC encryption.
RetDec is a versatile machine-code decompiler with support for various file formats and architectures.
A library for running basic functions from stripped binaries cross platform.
A command-line utility for extracting human-readable text from binary files.
A tool for malware analysts to search through base64-encoded samples and generate yara rules.
Firejail is a SUID sandbox program for restricting the running environment of untrusted applications on Linux.
A tool for detecting capabilities in executable files, providing insights into a program's behavior and potential malicious activities.
Inceptor is a template-driven framework for evading Anti-Virus and Endpoint Detection and Response solutions, allowing users to create custom evasion techniques and test their security controls.
Kaitai Struct is a declarative language for describing binary data structures.
A security oriented, feedback-driven, evolutionary, easy-to-use fuzzer with interesting analysis options.
A program to log login attempts on Telnet (port 23) and track the Mirai botnet
Tools and documentation for validating hardware security requirements on x86 platforms, including bootable USB key creation and platform configuration verification.
A medium interaction printer honeypot that simulates a standard networked printer
Truehunter is a tool designed to detect encrypted containers with a focus on Truecrypt and Veracrypt, utilizing a fast and memory efficient approach.
Calculates RSA parameters and generates RSA private keys in DER or PEM format.
Generate a variety of suspect actions detected by Falco rulesets.
Open source tool for generating YARA rules about installed software from a running OS.
Detect and warn about potential malicious behaviors in Android applications through static analysis.
Automatically create yara rules based on images embedded in office documents.
FLARE Obfuscated String Solver (FLOSS) automatically extracts and deobfuscates strings from malware binaries using advanced static analysis techniques.
wxHexEditor is a free hex editor / disk editor with various data manipulation operations and visualization functionalities.
de4dot is a .NET deobfuscator and unpacker with the ability to restore packed and obfuscated assemblies to their original form.
Detect signed malware and track stolen code-signing certificates using osquery.
Universal hexadecimal editor for computer forensics, data recovery, and IT security.
A tool designed to handle archive file data and augment Yara's capabilities.
PinCTF is a tool for using Intel's Pin Tool to instrument reverse engineering binaries and count instructions.
DumpsterDiver is a tool for analyzing big volumes of data to find hardcoded secrets like keys and passwords.
Detect capabilities in executable files and identify potential behaviors.
PINNED
Fabric Platform by BlackStork
Fabric Platform is a cybersecurity reporting solution that automates and standardizes report generation, offering a private-cloud platform, open-source tools, and community-supported templates.
Free
Security Operations
Mandos Brief Newsletter
Stay ahead in cybersecurity. Get the week's top cybersecurity news and insights in 8 minutes or less.
Free
Blogs and News
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Commercial
Cloud Security
Adversa AI
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.
Commercial
AI Security