Category: Reverse Engineering
grap: define and match graph patterns within binaries grap takes patterns and binary files, uses a Capstone-based disassembler to obtain the control flow graphs from the binaries, then matches the patterns against them. Patterns...
VMPDump A dynamic VMP dumper and import fixer, powered by VTIL. Works for VMProtect 3.X x64. How It Works VMProtect injects stubs for every import call or jmp. These stubs resolve the ‘obfuscated’ thunk...
FLUFFI FLUFFI (Fully Localized Utility For Fuzzing Instantaneously) is a distributed feedback-based evolutionary fuzzer developed by Siemens STT (formerly CSA) designed specifically for the SIEMENS environment. “Designed specifically for the SIEMENS environment” means that the...
Polypyus Firmware Historian Polypyus learns to locate functions in raw binaries by extracting known functions from similar binaries. Thus, it is a firmware historian. Polypyus works without disassembling these binaries, which is an advantage for binaries that...
Telemetry Sourcerer Telemetry Sourcerer can enumerate and disable common sources of telemetry used by AV/EDR on Windows. Red teamers and security enthusiasts can use this tool in a lab environment to: Identify collection-based blind...
ret-sync ret-sync stands for Reverse-Engineering Tools SYNChronization. It is a set of plugins that help to synchronize a debugging session (WinDbg/GDB/LLDB/OllyDbg/OllyDbg2/x64dbg) with a disassembler (IDA/Ghidra). The underlying idea is simple: take the best from both...
PE Tree Python module for viewing Portable Executable (PE) files in a tree-view using pefile and PyQt5. Can also be used with IDA Pro to dump in-memory PE files and reconstruct imports. Features Standalone application and IDAPython plugin Supports Windows/Linux/Mac Rainbow...
Nautilus 2.0 Nautilus is a coverage guided, grammar-based fuzzer. You can use it to improve your test coverage and find more bugs. By specifying the grammar of semi-valid inputs, Nautilus is able to perform...
iblessing iblessing is iOS security exploiting toolkit, it mainly includes application information collection, static analysis, and dynamic analysis. iblessing is based on a unicorn engine and capstone engine. Features 🔥 Cross-platform: Tested on macOS and Ubuntu. iOS App static info extract,...
capa capa detects capabilities in executable files. You run it against a PE file or shellcode and it tells you what it thinks the program can do. For example, it might suggest that the...
UEFI_RETool A tool for UEFI firmware reverse engineering. The tool consists of a plugin for IDA and a set of scripts for UEFI firmware analyzing. Download git clone https://github.com/yeggor/UEFI_RETool.git Use IDA plugin IDA plugin...
efiXplorer – IDA plugin for UEFI firmware analysis and reverse engineering automation Supported versions of Hex-Rays products: every time we focus on the last versions of IDA and Decompiler because trying to use the most...
Canadian Furious Beaver Idea Furious Beaver is a distributed tool for capturing IRPs sent to any Windows driver. It operates in 2 parts: the “Broker” combines both a user-land agent and a self-extractable driver...
Fhex – A Full-Featured HexEditor This project is born with the aim to develop a lightweight, but useful tool. The reason is that the existing hex editors have some different limitations (e.g. too many...
IDACode IDACode makes it easy to execute and debug Python 3 scripts in your IDA environment without leaving the Visual Studio Code. The VS Code extension can be found in the marketplace. IDACode is...