Category: Reverse Engineering
Karta “Karta” (Russian for “Map”) is an IDA Python plugin that identifies and matches open-sourced libraries in a given binary. The plugin uses a unique technique that enables it to support huge binaries (>200,000...
AutoHarness AutoHarness is a tool that automatically generates fuzzing harnesses for you. This idea stems from a concurrent problem in fuzzing codebases today: large codebases have thousands of functions and pieces of code that...
fpicker fpicker is a Frida-based fuzzing suite that offers a variety of fuzzing modes for in-process fuzzing, such as an AFL++ mode or a passive tracing mode. It should run on all platforms that...
Process Dump Process Dump is a Windows reverse-engineering command-line tool to dump malware memory components back to disk for analysis. Often malware files are packed and obfuscated before they are executed in order to...
Packet Sender Packet Sender is an open-source utility to allow sending and receiving TCP, UDP, and SSL (encrypted TCP) packets. The mainline branch officially supports Windows, Mac, and Desktop Linux (with Qt). Other places...
Reverse Engineers’ Hex Editor A cross-platform (Windows, Linux, Mac) hex editor for reverse engineering, and everything else. Features Large (1TB+) file support Decoding of integer/floating-point value types Inline disassembly of machine code Highlighting and...
FRIDA-DEXDump Fast search and dump dex on memory Features support fuzzy search broken header dex. fix struct data of dex-header. compatible with all android versions (Frida supported). support loading as objection plugin ~ pypi...
Offensive Software Exploitation (OSE) Course This repository is for the Offensive Software Exploitation Course I am teaching at Champlain College and currently doing it for free online (check the YouTube channel for the recordings)....
Heappy: a happy heap editor Heappy is an editor based on gdb/gef that helps you to handle the heap during your exploitation development. The project should be considered a didactic tool useful to understand...
Tenet – A Trace Explorer for Reverse Engineers Tenet is an IDA Pro plugin for exploring execution traces. The goal of this plugin is to provide more natural, human controls for navigating execution traces against a...
afl_ghidra_emu afl_ghidra_emu allows to fuzz exotic architecture using AFL++ and Ghidra emulation with code coverage functionality. For more information, read this article. How does it work? First, AFL++ listens on TCP socket (Ex: 22222/tcp) to...
bn-uefi-helper Helper plugin for analyzing UEFI firmware. This plugin contains the following features: Apply the correct prototype to the entry point function Fix segments so all segments are RWX and have the correct semantics...
Hexrays Toolbox Hexrays Toolbox is a script for the Hexrays Decompiler which can be used to find code patterns within decompiled code: scan binary files for known and unknown vulnerabilities locate code patterns from...
PageBuster There are plenty of scenarios in which the ability to dump executable pages is highly desirable. Of course, there are many methods, some of which standard de facto, but it is not always as...
gopep gopep (Go Lang Portable Executable Parser) is a Python script for extracting attributes from PE executables compiled in Go. This repo is part of a personal project for learning about executables compiled Go....