Reverse Engineering
Explore 88 curated tools and resources
Search by name, description, or purpose... (⌘+K)
PINNED
Promoted • 6 toolsCommercial
Data Protection
Commercial
Network Security
Commercial
Consulting
Commercial
Application Security
Commercial
Cloud Security
Commercial
Application Security
Want your tool featured here?
Get maximum visibility with pinned placement
LATEST ADDITIONS
A powerful reverse engineering framework
A reverse engineering framework with a focus on usability and code cleanliness
A reverse engineering framework with a focus on usability and code cleanliness
An open-source binary debugger for Windows with a comprehensive plugin system for malware analysis and reverse engineering.
An open-source binary debugger for Windows with a comprehensive plugin system for malware analysis and reverse engineering.
InternalBlue is a Bluetooth experimentation framework that enables low-level firmware interaction with Broadcom chips for security research and attack prototype development.
InternalBlue is a Bluetooth experimentation framework that enables low-level firmware interaction with Broadcom chips for security research and attack prototype development.
Dynamic binary analysis library with various analysis and emulation capabilities.
Dynamic binary analysis library with various analysis and emulation capabilities.
Pwndbg is a GDB plug-in that enhances the debugging experience for low-level software developers, hardware hackers, reverse-engineers, and exploit developers.
Pwndbg is a GDB plug-in that enhances the debugging experience for low-level software developers, hardware hackers, reverse-engineers, and exploit developers.
A Scriptable Android Debugger for reverse engineers and developers.
An IDAPython script that generates YARA rules for basic blocks of the current function in IDA Pro, with automatic masking of relocation bytes and optional validation against file segments.
An IDAPython script that generates YARA rules for basic blocks of the current function in IDA Pro, with automatic masking of relocation bytes and optional validation against file segments.
A comprehensive Android application analysis tool that provides device management, logcat analysis, file examination, and integration with security frameworks like MobSF and JD-GUI.
A comprehensive Android application analysis tool that provides device management, logcat analysis, file examination, and integration with security frameworks like MobSF and JD-GUI.
Java decompiler for modern Java features up to Java 14.
Archive of information, tools, and references regarding CTF competitions.
Archive of information, tools, and references regarding CTF competitions.
Collection of slides, materials, demos, crackmes, and writeups from r2con-2017 conference.
Collection of slides, materials, demos, crackmes, and writeups from r2con-2017 conference.
Educational resource collection providing learning materials and online tools for understanding AT&T assembly language and x86 assembly programming.
Educational resource collection providing learning materials and online tools for understanding AT&T assembly language and x86 assembly programming.
angr is a Python-based binary analysis framework that provides disassembly, symbolic execution, and program analysis capabilities for cross-platform binary examination.
angr is a Python-based binary analysis framework that provides disassembly, symbolic execution, and program analysis capabilities for cross-platform binary examination.
Fridump is an open source memory dumping tool that uses the Frida framework to extract accessible memory addresses from iOS, Android, and Windows applications for security testing and analysis.
Fridump is an open source memory dumping tool that uses the Frida framework to extract accessible memory addresses from iOS, Android, and Windows applications for security testing and analysis.
Ropper is a multi-architecture binary analysis tool that searches for ROP gadgets and displays information about executable files for exploit development.
Ropper is a multi-architecture binary analysis tool that searches for ROP gadgets and displays information about executable files for exploit development.
Ghidra is an NSA-developed software reverse engineering framework that provides disassembly, decompilation, and analysis tools for examining compiled code across multiple platforms and processor architectures.
Ghidra is an NSA-developed software reverse engineering framework that provides disassembly, decompilation, and analysis tools for examining compiled code across multiple platforms and processor architectures.
Binwalk is a firmware analysis tool that enables reverse engineering and extraction of embedded file systems and archives from firmware images.
Binwalk is a firmware analysis tool that enables reverse engineering and extraction of embedded file systems and archives from firmware images.
BARF is an open source binary analysis framework for supporting various binary code analysis tasks in information security.
BARF is an open source binary analysis framework for supporting various binary code analysis tasks in information security.
RiskInDroid is a machine learning-based tool that performs quantitative risk analysis of Android applications by reverse engineering bytecode and analyzing permission usage to generate numeric risk scores.
RiskInDroid is a machine learning-based tool that performs quantitative risk analysis of Android applications by reverse engineering bytecode and analyzing permission usage to generate numeric risk scores.
PLASMA is an interactive disassembler that generates readable assembly code with colored syntax for reverse engineering binary files across multiple architectures and formats.
PLASMA is an interactive disassembler that generates readable assembly code with colored syntax for reverse engineering binary files across multiple architectures and formats.
A reverse engineering tool that extracts and organizes Samsung ODIN3 protocol messages from USB packet captures into human-readable files.
A reverse engineering tool that extracts and organizes Samsung ODIN3 protocol messages from USB packet captures into human-readable files.
UDcide is an Android malware analysis tool that detects and removes specific malicious behaviors from malware samples while preserving the binary for investigation purposes.
UDcide is an Android malware analysis tool that detects and removes specific malicious behaviors from malware samples while preserving the binary for investigation purposes.
An annual jeopardy-style capture-the-flag contest with challenges related to cybersecurity.
An annual jeopardy-style capture-the-flag contest with challenges related to cybersecurity.
A Python 3 tool for analyzing XOR-encrypted data that can guess key lengths and decrypt XOR ciphers based on character frequency analysis.
A Python 3 tool for analyzing XOR-encrypted data that can guess key lengths and decrypt XOR ciphers based on character frequency analysis.
Andromeda makes reverse engineering of Android applications faster and easier.
Andromeda makes reverse engineering of Android applications faster and easier.
Original SmaliHook Java source for Android cracking and reversing.
A .NET assembly debugger and editor that enables reverse engineering and dynamic analysis of compiled .NET applications without source code access.
A .NET assembly debugger and editor that enables reverse engineering and dynamic analysis of compiled .NET applications without source code access.
Docker file for building Androguard dependencies with an optional interactive shell environment.
Docker file for building Androguard dependencies with an optional interactive shell environment.
Free training sessions on Reverse Engineering, Malware Analysis, and Exploit Development.
Free training sessions on Reverse Engineering, Malware Analysis, and Exploit Development.
Android security virtual machine with updated tools and frameworks for reverse engineering and malware analysis.
Android security virtual machine with updated tools and frameworks for reverse engineering and malware analysis.
steg86 is a steganographic tool that hides information within x86 and AMD64 binary executables without affecting their performance or file size.
steg86 is a steganographic tool that hides information within x86 and AMD64 binary executables without affecting their performance or file size.
PINT is a PIN tool that enables Lua scripting for Intel's PIN dynamic instrumentation framework, allowing researchers to inject custom code during binary analysis processes.
PINT is a PIN tool that enables Lua scripting for Intel's PIN dynamic instrumentation framework, allowing researchers to inject custom code during binary analysis processes.
ELFcrypt encrypts ELF binaries with obfuscation and anti-debugging features to protect against reverse engineering.
ELFcrypt encrypts ELF binaries with obfuscation and anti-debugging features to protect against reverse engineering.
A modular Python tool that obfuscates Android applications by manipulating decompiled smali code, resources, and manifest files without requiring source code access.
A modular Python tool that obfuscates Android applications by manipulating decompiled smali code, resources, and manifest files without requiring source code access.
Fnord is a pattern extraction tool that analyzes obfuscated code using sliding window techniques to identify frequent byte sequences and generate experimental YARA rules for malware analysis.
Fnord is a pattern extraction tool that analyzes obfuscated code using sliding window techniques to identify frequent byte sequences and generate experimental YARA rules for malware analysis.
A collection of reverse engineering challenges covering a wide range of topics and difficulty levels.
A collection of reverse engineering challenges covering a wide range of topics and difficulty levels.
An Emacs major mode that provides syntax highlighting and enhanced readability for smali code files used in Android malware analysis.
An Emacs major mode that provides syntax highlighting and enhanced readability for smali code files used in Android malware analysis.
Binkit is a binary analysis tool that merged with DarunGrim and incorporates its analysis algorithms, currently in internal testing before official release.
Binkit is a binary analysis tool that merged with DarunGrim and incorporates its analysis algorithms, currently in internal testing before official release.
A set of commands for exploit developers and reverse-engineers to enhance GDB functionality.
A set of commands for exploit developers and reverse-engineers to enhance GDB functionality.
A write-up of the reverse engineering challenge from the 2019 BambooFox CTF competition
A write-up of the reverse engineering challenge from the 2019 BambooFox CTF competition
Introspy-Android is a dynamic analysis framework that hooks Android APIs at runtime to monitor application behavior and identify security vulnerabilities on rooted devices.
Introspy-Android is a dynamic analysis framework that hooks Android APIs at runtime to monitor application behavior and identify security vulnerabilities on rooted devices.
APKiD is a tool that identifies compilers, packers, obfuscators, and other weird stuff in APK files.
APKiD is a tool that identifies compilers, packers, obfuscators, and other weird stuff in APK files.
A 32-bit assembler level analyzing debugger for Microsoft Windows.
A 32-bit assembler level analyzing debugger for Microsoft Windows.
A disassembly framework with support for multiple hardware architectures and clean API.
A disassembly framework with support for multiple hardware architectures and clean API.
Educational repository containing RPISEC's course materials for teaching modern binary exploitation, vulnerability research, and reverse engineering at Rensselaer Polytechnic Institute.
Educational repository containing RPISEC's course materials for teaching modern binary exploitation, vulnerability research, and reverse engineering at Rensselaer Polytechnic Institute.
PEDA is a Python extension for GDB that enhances debugging with colorized displays and specialized commands for exploit development and binary security analysis.
PEDA is a Python extension for GDB that enhances debugging with colorized displays and specialized commands for exploit development and binary security analysis.
An open source machine code decompiler that converts binary executables into readable C source code across multiple architectures and file formats.
An open source machine code decompiler that converts binary executables into readable C source code across multiple architectures and file formats.
A comprehensive guide to reverse engineering by Dennis Yurichev, available for free download in multiple languages and formats, with praise from cybersecurity experts.
A comprehensive guide to reverse engineering by Dennis Yurichev, available for free download in multiple languages and formats, with praise from cybersecurity experts.
FLARE-VM is a Windows virtual machine setup tool that automates the installation and configuration of reverse engineering and malware analysis software using Chocolatey and Boxstarter technologies.
FLARE-VM is a Windows virtual machine setup tool that automates the installation and configuration of reverse engineering and malware analysis software using Chocolatey and Boxstarter technologies.
PINCE is a front-end/reverse engineering tool for the GNU Project Debugger (GDB), focused on games, with CheatEngine-like value type support and memory searching capabilities.
PINCE is a front-end/reverse engineering tool for the GNU Project Debugger (GDB), focused on games, with CheatEngine-like value type support and memory searching capabilities.
OneGadget is a CTF-focused tool that uses symbolic execution to find RCE gadgets in binaries that can execute shell commands through execve('/bin/sh', NULL, NULL).
OneGadget is a CTF-focused tool that uses symbolic execution to find RCE gadgets in binaries that can execute shell commands through execve('/bin/sh', NULL, NULL).
A YARA interactive debugger for the YARA language written in Rust, providing features like function calls, constant evaluation, and string matching.
A web-based Android application dynamic analysis tool that provides real-time Frida instrumentation capabilities through a Flask interface with modular JavaScript hooking support.
A web-based Android application dynamic analysis tool that provides real-time Frida instrumentation capabilities through a Flask interface with modular JavaScript hooking support.
A Capture The Flag (CTF) platform for testing computer security skills
A Capture The Flag (CTF) platform for testing computer security skills
A tutorial on setting up a virtual ARM environment, reversing ARM binaries, and writing basic exploits for ARM using the trafman challenge of rwthCTF as an example.
A tutorial on setting up a virtual ARM environment, reversing ARM binaries, and writing basic exploits for ARM using the trafman challenge of rwthCTF as an example.
Recorded talks from the Hardwear.io Conference 2018 covering various hardware security topics.
Recorded talks from the Hardwear.io Conference 2018 covering various hardware security topics.
A de-obfuscator for M/o/Vfuscator, a notorious obfuscator, designed to reverse the effects of M/o/Vfuscator's obfuscation.
A de-obfuscator for M/o/Vfuscator, a notorious obfuscator, designed to reverse the effects of M/o/Vfuscator's obfuscation.
ROPgadget is a cross-platform command-line tool that searches for ROP gadgets in binary files across multiple architectures to facilitate exploit development and ROP chain construction.
ROPgadget is a cross-platform command-line tool that searches for ROP gadgets in binary files across multiple architectures to facilitate exploit development and ROP chain construction.
A debugger tool for reverse engineers, crackers, and security analysts, with a user-friendly debugging UI and custom agent support.
A debugger tool for reverse engineers, crackers, and security analysts, with a user-friendly debugging UI and custom agent support.
edb is a powerful debugger for Linux binaries, enhancing reverse engineering efforts with a user-friendly interface and extensible plugins.
edb is a powerful debugger for Linux binaries, enhancing reverse engineering efforts with a user-friendly interface and extensible plugins.
An IDA Pro plugin that uses YARA rules to automatically detect cryptographic constants and patterns in binary files during reverse engineering analysis.
An IDA Pro plugin that uses YARA rules to automatically detect cryptographic constants and patterns in binary files during reverse engineering analysis.
FSF is a modular, recursive file scanning solution that enables analysts to extend the utility of Yara signatures and define actionable intelligence within a file.
FSF is a modular, recursive file scanning solution that enables analysts to extend the utility of Yara signatures and define actionable intelligence within a file.
A command-line tool for analyzing and extracting detailed information from Windows Portable Executable (PE) files.
A command-line tool for analyzing and extracting detailed information from Windows Portable Executable (PE) files.
A command-line tool that parses Google Protobuf encoded data without schema definitions and displays the content in a readable, colored format.
A command-line tool that parses Google Protobuf encoded data without schema definitions and displays the content in a readable, colored format.
Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers.
Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers.
A Python wrapper for the Libemu library that enables shellcode analysis and malicious code examination through programmatic interfaces.
A Python wrapper for the Libemu library that enables shellcode analysis and malicious code examination through programmatic interfaces.
A tool for reverse engineering Android apk files.
A static analysis tool for PE files that identifies potential malicious indicators through compiler detection, packing analysis, signature matching, and suspicious string identification.
A static analysis tool for PE files that identifies potential malicious indicators through compiler detection, packing analysis, signature matching, and suspicious string identification.
A collection of Python scripts that automate tasks and extend IDA Pro disassembler functionality for reverse engineering workflows.
A collection of Python scripts that automate tasks and extend IDA Pro disassembler functionality for reverse engineering workflows.
Redexer is a reengineering tool that parses, analyzes, and modifies Android DEX files for binary manipulation and permission analysis.
Redexer is a reengineering tool that parses, analyzes, and modifies Android DEX files for binary manipulation and permission analysis.
iOS Reverse Engineering Toolkit for automating common tasks in iOS penetration testing.
iOS Reverse Engineering Toolkit for automating common tasks in iOS penetration testing.
ReFlutter is a reverse engineering framework that uses patched Flutter libraries to enable dynamic analysis and traffic monitoring of Flutter mobile applications on Android and iOS platforms.
ReFlutter is a reverse engineering framework that uses patched Flutter libraries to enable dynamic analysis and traffic monitoring of Flutter mobile applications on Android and iOS platforms.
Interactive incremental disassembler with data/control flow analysis capabilities.
Interactive incremental disassembler with data/control flow analysis capabilities.
A Java bytecode assembler and disassembler toolkit that converts classfiles to human-readable format and provides decompilation capabilities for reverse engineering Java applications.
A Java bytecode assembler and disassembler toolkit that converts classfiles to human-readable format and provides decompilation capabilities for reverse engineering Java applications.
JD-GUI is a graphical Java decompiler that reconstructs and displays source code from compiled ".class" files for reverse engineering and code analysis purposes.
JD-GUI is a graphical Java decompiler that reconstructs and displays source code from compiled ".class" files for reverse engineering and code analysis purposes.
Inspeckage is a dynamic analysis tool for Android applications that provides runtime behavior monitoring through API hooking and real-time system interaction tracking.
Inspeckage is a dynamic analysis tool for Android applications that provides runtime behavior monitoring through API hooking and real-time system interaction tracking.
RetDec is an LLVM-based decompiler that converts machine code from various architectures and file formats back into readable C-like source code for reverse engineering and malware analysis.
RetDec is an LLVM-based decompiler that converts machine code from various architectures and file formats back into readable C-like source code for reverse engineering and malware analysis.
A C library that enables cross-platform execution of functions from stripped binaries using file names, offsets, and function signatures.
A C library that enables cross-platform execution of functions from stripped binaries using file names, offsets, and function signatures.
A declarative language for describing binary data structures that compiles into parsers for multiple programming languages.
A declarative language for describing binary data structures that compiles into parsers for multiple programming languages.
MARA is a Mobile Application Reverse engineering and Analysis Framework with various features for testing mobile applications against OWASP mobile security threats.
MARA is a Mobile Application Reverse engineering and Analysis Framework with various features for testing mobile applications against OWASP mobile security threats.
ICSREF is a modular framework that automates reverse engineering of CODESYS industrial control system binaries to identify functions, library calls, and program structures.
ICSREF is a modular framework that automates reverse engineering of CODESYS industrial control system binaries to identify functions, library calls, and program structures.
Educational resources for reverse engineering tutorials by lena151.
Educational resources for reverse engineering tutorials by lena151.
FLOSS is a static analysis tool that automatically extracts and deobfuscates hidden strings from malware binaries using advanced analysis techniques.
FLOSS is a static analysis tool that automatically extracts and deobfuscates hidden strings from malware binaries using advanced analysis techniques.
An open source .NET deobfuscator and unpacker that restores packed and obfuscated assemblies by reversing various obfuscation techniques.
An open source .NET deobfuscator and unpacker that restores packed and obfuscated assemblies by reversing various obfuscation techniques.
A comprehensive guide to mobile application penetration testing, covering various topics and techniques
A comprehensive guide to mobile application penetration testing, covering various topics and techniques
PinCTF is a Python wrapper tool that uses Intel's Pin framework to instrument binaries and count instructions for reverse engineering analysis.
PinCTF is a Python wrapper tool that uses Intel's Pin framework to instrument binaries and count instructions for reverse engineering analysis.
A comprehensive guide to malware analysis and reverse engineering, covering topics such as lab setup, debugging, and anti-debugging.
A comprehensive guide to malware analysis and reverse engineering, covering topics such as lab setup, debugging, and anti-debugging.