Open main menu

Changes

2,215 bytes added ,  00:34, 28 November 2023
reorganized and added some nice tools.
*[https://web.archive.org/web/20210331144912/https://protectionid.net/ ProtectionID] - Great little tool to scan a Windows binary payload for overlays and packers. [[File:ProtectionId.690.December.2017.zip|thumb|PiD.690.zip]] [https://www.virustotal.com/gui/file/26c54eb376183d508ee129531728f9e01d30f0df29d7621f390e8f0ea6a1c79c/community VT link], pw: recessim.com
 
*[https://github.com/horsicq/Detect-It-Easy Detect-It-Easy] - abbreviated "DIE" is a program for determining types of files. "DIE" is a cross-platform application, apart from Windows version there are also available versions for Linux and Mac OS.
 
*[https://www.mitec.cz/exe.html MiTeC Portable Executable Reader/Explorer] - is a tool that reads and displays executable file properties and structures. It is compatible with PE32 (Portable Executable), PE32+ (64bit), NE (Windows 3.x New Executable) and VxD (Windows 9x Virtual Device Driver) file types. .NET executables are supported too.
 
*[https://github.com/ExeinfoASL/ASL ExeInfoPe] - is a tool that can detect packers, compilers, protectors, .NET obfuscators, PUA applications.
*[https://github.com/hasherezade/pe-bear PE-bear] - is a Portable Executable reversing tool with a friendly GUI using the Capstone Engine and is Open Source!
=====.NET=====
*[https://github.com/dnSpyEx/dnSpy dnSpyEx (newly maintained repo& '''added features''')] - is a debugger and .NET assembly editor. You can use it to edit and debug assemblies even if you don't have any source code available. 
*[https://github.com/dnSpy/dnSpy dnSpy (archived repo)] - is a debugger and .NET assembly editor. You can use it to edit and debug assemblies even if you don't have any source code available.
 
*[https://github.com/icedland/iced Iced] - Blazing fast and correct x86/x64 disassembler, assembler, decoder, encoder for Rust, .NET, Java, Python, Lua.
 
*[https://github.com/icsharpcode/ILSpy ILSpy] - NET Decompiler with support for PDB generation, ReadyToRun, Metadata (&more) - cross-platform!
*[https://www.telerik.com/products/decompiler.aspx Telerik JustDecompile] - is a free .NET decompiler and assembly browser that makes high-quality .NET decompilation easy With an open source decompilation engine.
*[https://www.telerik.com/products/decompiler.aspx Telerik JustDecompile] - is a free .NET decompiler and assembly browser that makes high-quality ======.NET decompilation easy With an open source decompilation engine.deobfuscators======
::*[httphttps://wwwgithub.reteam.orgcom/boardViRb3/showthread.php?t=939 dotNET Tracer 2.0 by Kurapikade4dot-cex de4dot CEx] - is a simple tool that has a similar functionality to RegMon or FileMon but it's designed to trace events in deobfuscator based on de4dot with full support for vanilla ConfuserEx.NET assemblies in runtime. [[File::KDT2.0.zip|thumb]] *[https://www.virustotalgithub.com/gui/filede4dot/d29afcc5115c28f9892f7a6d249423374ad77ac86f69b316665c347982975d02 VT1de4dot de4dot] - is a .NET deobfuscator and unpacker.::*[https://www.virustotalgithub.com/guiNotPrab/file/04cd51dbbc3d2b4fe4a721e4ad0c2f3012fe0f409dc902b430207ea25561ff8c VT2] .NET-Deobfuscator Lists of .NET Deobfuscator and Unpacker (thermida packedOpen Source), pw: recessim] - A curated list of open source deobfuscators and more.com
:======.NET deobfuscatorsmemory dumpers======
::*[https://github.com/ViRb3wwh1004/de4dotExtremeDumper ExtremeDumper] - is a .NET Assembly Dumper (source code available).::*[https://github.com/fremag/MemoScope.Net MemoScope.Net] -cex de4dot CExis a tool to analyze .Net process memory: it can dump an application's memory in a file and read it later. The dump file contains all data (objects) and threads (state, stack, call stack).::*[https://github.com/0x410c/ClrDumper ClrDumper] - is a deobfuscator based on de4dot with full support for vanilla ConfuserExtool that can dump .NET assemblies and scripts from native clr loaders, managed assembly and vbs, jscript or powershell scripts.
::*[https://github.com/de4dot/de4dot de4dot] - is a ======.NET deobfuscator and unpacker.tracers======
::*[http://www.reteam.org/board/showthread.php?t=====JAVA=====939 dotNET Tracer 2.0 by Kurapika] - is a simple tool that has a similar functionality to RegMon or FileMon but it's designed to trace events in .NET assemblies in runtime. [[File:KDT2.0.zip|thumb]] [https://www.virustotal.com/gui/file/d29afcc5115c28f9892f7a6d249423374ad77ac86f69b316665c347982975d02 VT1] [https://www.virustotal.com/gui/file/04cd51dbbc3d2b4fe4a721e4ad0c2f3012fe0f409dc902b430207ea25561ff8c VT2] (thermida packed), pw: recessim.com
*[https://github.com/skylot/jadx Jadx] - Dex to Java decompiler. Command-line and GUI tools for producing Java source code from Android Dex and apk files.=====JAVA (JVM)=====
*[https://github.com/Col-E/Recaf Recaf] - Recaf is an open-source Java bytecode editor that simplifies the process of editing compiled Java applications.
 
*[https://www.pnfsoftware.com/ JEB decompiler] - Decompile and debug Android dalvik, Intel x86, ARM, MIPS, RISC-V, S7 PLC, Java, WebAssembly & Ethereum Decompilers.
*[https:======JAVA (ART//github.com/honeynet/apkinspector/ APKinspector] - is a powerful GUI tool for analysts to analyze the Android applications. *[https://apktool.org/ Apktool] - A tool for reverse engineering Android apk files.APK)======
::*[https://github.com/skylot/jadx Jadx] - Dex to Java decompiler. Command-line and GUI tools for producing Java source code from Android Dex and apk files.::*[https://github.com/honeynet/apkinspector/ APKinspector] - is a powerful GUI tool for analysts to analyze the Android applications.::*[https://apktool.org/ Apktool] - A tool for reverse engineering Android apk files.::*[https://github.com/Konloch/bytecode-viewer Bytecode viewer] - A is a Java 8+ Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More)::*[https://github.com/niranjan94/show-java ShowJava] - is an APK (android application), JAR & Dex decompiler for android.::*[https://github.com/tp7309/TTDeDroid TTDeDroid] - is a tool for quickly decompiling apk/aar/dex/jar.::*[https://github.com/JesusFreke/smali smali/baksmali] - is an assembler/disassembler for the dex format used by dalvik, Android's Java VM implementation. The syntax is loosely based on Jasmin's/dedexer's syntax.
:Java ======JAVA deobfuscators(mixed platforms)======
::*[https://github.com/java-deobfuscator/deobfuscator deobfuscator] - is a project that aims to deobfuscate most commercially-available obfuscators for Java. [https://github.com/java-deobfuscator/deobfuscator-gui GUI version github]
::*[https://github.com/GraxCode/threadtear Threadtear] - is a multifunctional deobfuscation tool for java, ZKM and Stringer support, Android support is in development.
::*[https://github.com/narumii/Deobfuscator Another Deobfuscator] - Some deobfuscator for java. Supports superblaubeere27 / JObf / sb27, Paramorphism 2.1.2_9, Caesium, Monsey, Skid/qProtect, Scuti, CheatBreaker, Bozar, ...