324
edits
Changes
Jump to navigation
Jump to search
m
A necessary fix
----
====Dynamic & Static Analysis (mostly '''unmanged ''' binaries)====
=====Interactive Disassemblers ('''static analysis''')=====
*[https://binary.ninja/ Binary Ninja] - reverse-engineering platform that can disassemble a binary and display the disassembly in linear or graph views.
*[https://github.com/capstone-engine/capstone Capstone] - is a disassembly/disassembler framework for ARM, ARM64 (ARMv8), BPF, Ethereum VM, M68K, M680X, Mips, MOS65XX, PPC, RISC-V(rv32G/rv64G), SH, Sparc, SystemZ, TMS320C64X, TriCore, Webassembly, XCore and X86.
=====Active Disassemblers or Debuggers ('''dynamic analysis''')=====
*[https://github.com/vivisect/vivisect Vivisect] - Vivisect binary analysis framework. Includes Disassembler, Debugger, Emulation and Symbolik analysis engines. Includes built-in Server and Shared-Workspace functionality. Runs interactive or headless, programmable, extensible, multi-processor disassembler hosted on Windows, Linux, or Mac OS X (Pure-Python, using ctypes to access underlying OS debug mechanism). Supports RevSync via plugin, allowing basic collaboration with Binja, Ghidra, and IDA. Criticisms (from a core dev): "Graph View could use some work, slower than Binja and IDA (due to Python), documentation like an OpenSource Project... but we keep working to make it better. PR's and suggestions welcome." Best installed via Pip: <code>python3 -m pip install vivisect</code>
*[https://github.com/lornix/fenris fenris] - is a program execution path analysis tool suitable for black-box code audits and algorithm analysis. It's useful for tracking down bugs and evaluating security subsystems.
====Debugger Debuggers / disassembler Disassemblers for '''managed ''' binaries====
=====.NET (CLR)=====
:*[https://github.com/GraxCode/threadtear Threadtear] - is a multifunctional deobfuscation tool for java, ZKM and Stringer support, Android support is in development.
:*[https://github.com/narumii/Deobfuscator Another Deobfuscator] - Some deobfuscator for java. Supports superblaubeere27 / JObf / sb27, Paramorphism 2.1.2_9, Caesium, Monsey, Skid/qProtect, Scuti, CheatBreaker, Bozar, ...
====Debuggers / Disassemblers for '''unmanaged''' binaries====
=====AutoIt=====
AutoIt decompilers extract or anything else related to reverse engineering AutoIt binaries.
:*[https://github.com/JacobPimental/exe2aut exe2aut] - is a tool that converts executable (.exe) files into AutoIt script (.aut) source code, attempting to reverse-engineer compiled AutoIt programs.
:*[https://github.com/nazywam/AutoIt-Ripper AutoIt-Ripper] - is a short python script that allows for extraction of "compiled" AutoIt scripts from PE executables.
=====VB6=====
Early .NET applications compile native and p-code meaning there is not a easy way to decompile these like with newer .NET framework exectables.
:*[https://www.vb-decompiler.org/ VB Decompiler Pro] - is a commercial software tool that decompiles and analyzes programs written in Visual Basic 5.0/6.0 and also .NET for reverse engineering and code recovery purposes.
====Bytecode Decompilers====
=====React Native Hermes bytecode=====
:*[https://github.com/snare/voltron Voltron] - is an extensible debugger UI toolkit written in Python. It aims to improve the user experience of various debuggers (LLDB, GDB, VDB and WinDbg) by enabling the attachment of utility views that can retrieve and display data from the debugger host.
=====AutoItLua=====AutoIt decompilers extract or anything else related to reverse engineering AutoIt binaries.:*[https://github.com/JacobPimentalscratchminer/exe2aut exe2autunluac unlua] - is a tool decompiler that converts executable (compiled Lua 5.exe) 1 bytecode files into AutoIt script (.autluac) back into readable Lua source code, attempting to reverse-engineer compiled AutoIt programs.:*[https://github.com/nazywam/AutoIt-Ripper AutoIt-Ripper] - is a short python script that allows for extraction of "compiled" AutoIt scripts from PE executables. =====VB6=====Early .NET applications compile native and p-code meaning there is not a easy way to decompile these like with newer .NET framework exectables. :*[https://www.vb-decompiler.org/ VB Decompiler Pro] - is a commercial software tool that decompiles and analyzes programs written in Visual Basic 5.0/6.0 and also .NET for reverse engineering and code recovery purposes.
----
