A set of tools for software reverse engineering.
In the following tables, you can find the tools you need according to the heading.
Debugging Tools
| Name | Descriptions | Download |
|---|---|---|
WinDbg |
The WDK is used to develop, test, and deploy Windows drivers. | Download |
OllyDbg v1.10 |
OllyDbg is a 32-bit assembler level analysing debugger for Microsoftยฎ Windowsยฎ. Emphasis on binary code analysis makes it particularly useful in cases where source is unavailable. | Download |
OllyDbg v2.01 |
OllyDbg (named after its author, Oleh Yuschuk) is an x86 debugger that emphasizes binary code analysis, which is useful when source code is not available. | Download |
x64dbg |
An open-source x64/x32 debugger for windows. | Download |
gdb |
GDB, the GNU Project debugger, allows you to see what is going on inside another program while it executes -- or what another program was doing at the moment it crashed. |
Download |
vdb |
A combined disassembler/static analysis/symbolic execution/debugger framework. More documentation is in the works. | github |
lldb |
LLDB is a next generation, high-performance debugger. It is built as a set of reusable components which highly leverage existing libraries in the larger LLVM Project, such as the Clang expression parser and LLVM disassembler. | Download |
qira |
All state is tracked while a program is running, so you can debug in the past. | Download |
unicorn |
Unicorn CPU emulator framework (ARM, AArch64, M68K, Mips, Sparc, X86). | github |
Immunity Debugger |
Immunity Debugger's interfaces include the GUI and a command line. The command line is always available at the bottom of the GUI. It allows the user to type shortcuts as if they were in a typical text-based debugger, such as WinDBG or GDB. Immunity has implemented aliases to ensure that your WinDBG users do not have to be retrained and will get the full productivity boost that comes from the best debugger interface on the market. | Download |
Radare2 |
Radare is a portable reversing framework | Download |
Disassemblers
| Name | Descriptions | Download |
|---|---|---|
IDA Pro |
IDA Pro as a disassembler is capable of creating maps of their execution to show the binary instructions that are actually executed by the processor in a symbolic representation (assembly language). | Download |
GHIDRA |
A software reverse engineering (SRE) suite of tools developed by NSA's Research Directorate in support of the Cybersecurity mission. | Download |
Binary Ninja |
Our built-in decompiler works with all our architectures at one price and builds on a powerful family of ILs called BNIL. | Download |
Radare |
Disassemble (and assemble for) many different architectures. | Download |
Hopper |
Hopper Disassembler, the reverse engineering tool that lets you disassemble, decompile and debug your applications. | Download |
objdump |
objdump displays information about one or more object files. The options control what particular information to display. | Download |
fREedom |
capstone based disassembler for extracting to binnavi. | Download |
Capstone Engine |
Capstone disassembly/disassembler framework: Core (Arm, Arm64, BPF, EVM, M68K, M680X, MOS65xx, Mips, PPC, RISCV, Sparc, SystemZ, TMS320C64x, Web Assembly, X86, X86_64, XCore) + bindings. | github |
Android tools
| Name | Descriptions | Download |
|---|---|---|
Android Studio |
Android Studio provides the fastest tools for building apps on every type of Android device. | Download |
APKtool |
A tool for reverse engineering 3rd party, closed, binary Android apps. It can decode resources to nearly original form and rebuild them after making some modifications. | Download |
dex2jar |
Tools to work with android .dex and java .class files. | github |
IDA Pro |
IDA Pro as a disassembler is capable of creating maps of their execution to show the binary instructions that are actually executed by the processor in a symbolic representation (assembly language). | Download |
JaDx |
Dex to Java decompiler. | github |
Hex Editors
| Name | Descriptions | Download |
|---|---|---|
HxD |
HxD is a carefully designed and fast hex editor which, additionally to raw disk editing and modifying of main memory (RAM), handles files of any size. | Download |
010 Editor |
Why is 010 Editor so powerful? Unlike traditional hex editors which only display the raw hex bytes of a file. | Download |
Hex Workshop |
The Hex Workshop Hex Editor is a set of hexadecimal development tools for Microsoft Windows, combining advanced binary editing with the ease and flexibility of a word processor. | Download |
HexFiend |
A fast and clever open source hex editor for macOS. | Download |
Hiew |
view and edit files of any length in text, hex, and decode modes. | Download |
hecate |
The Hex Editor From Hell!. | github |
Bless Hex Editor |
Bless is a binary (hex) editor, a program that enables you to edit files as a sequence of bytes. It is written in C# and uses the Gtk# bindings for the GTK+ toolkit. | github |
Okteta |
Okteta is a simple editor for the raw data of files. This type of program is also called hex editor or binary editor. | Download |
wxHexEditor |
wxHexEditor is another Hex Editor, build because of there is no good hex editor for Linux system, specially for big files. It supports files up to 2^64 bytes. Written with C++/wxWidgets GUI libs and can be used with other OS'es such Windows, Mac OS | Sourceforg |
Hexcurse |
Hexcurse is a curses-based hex editing utility that can open, edit, and save files, editing both the hexadecimal and decimal values. | github |
Hexyl |
hexyl is a simple hex viewer for the terminal. It uses a colored output to distinguish different categories of bytes (NULL bytes, printable ASCII characters, ASCII whitespace characters, other ASCII characters and non-ASCII). | github |
Binary Format Tools
| Name | Descriptions | Download |
|---|---|---|
Cerbero Profiler |
Inspecting a file is a primary task for every low-level professional, be it for reversing, malware triage, forensics or software development. | Download |
Detect It Easy |
Detect It Easy, or abbreviated โDIEโ is a program for determining types of files. | Download |
MachoView |
MachOView is a visual Mach-O file browser. It provides a complete solution for exploring and in-place editing Intel and ARM binaries. | Download |
codesign |
Code signing information usage: codesign -dvvv filename. | Download |
Binary Analysis Resources
| Name | Descriptions | Download |
|---|---|---|
Mobius Resources |
Unpacking Virtualization Obfuscators. | Download |
bap |
The Carnegie Mellon University Binary Analysis Platform (CMU BAP) is a suite of utilities and libraries that enables analysis of programs in the machine code representation. | github |
angr |
angr is a platform-agnostic binary analysis framework. | github |
Bytecode Analysis Tools
| Name | Descriptions | Download |
|---|---|---|
dnSpy |
dnSpy is a debugger and .NET assembly editor. | github |
Bytecode Viewer |
SIX DIFFERENT JAVA DECOMPILERS, TWO BYTECODE EDITORS, A JAVA COMPILER,PLUGINS, SEARCHING, SUPPORTS LOADING FROM CLASSES, JARS, ANDROID APKS AND MORE. | Download |
JPEXS Free Flash Decompiler |
Opensource flash SWF decompiler and editor. | github |
uncompyle6 |
uncompyle6 translates Python bytecode back into equivalent Python source code. It accepts bytecodes from Python version 1.0 to version 3.8, spanning over 24 years of Python releases. We include Dropbox's Python 2.5 bytecode and some PyPy bytecodes. | github |
Easy Python Decompiler |
Easy Python Decompiler is python bytecode decompiler, decompiles pyc & pyo files. | Sourceforge |
Dynamic Analysis Tools
| Name | Descriptions | Download |
|---|---|---|
Process Explorer v16.42 |
Process Explorer shows you information about which handles and DLLs processes have opened or loaded. | Download |
Process Monitor v3.82 |
Process Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity. | Download |
Autoruns for Windows v13.100 |
This utility, which has the most comprehensive knowledge of auto-starting locations of any startup monitor. | Download |
Noriben |
Noriben is a Python-based script that works in conjunction with Sysinternals Procmon to automatically collect, analyze, and report on runtime indicators of malware. | github |
API Monitor |
API Monitor is a free software that lets you monitor and control API calls made by applications and services. | Download |
INetSim |
INetSim is a software suite for simulating common internet services in a lab environment, e.g. for analyzing the network behaviour of unknown malware samples. | Download |
SmartSniff |
SmartSniff is a network monitoring utility that allows you to capture TCP/IP packets that pass through your network adapter. | Download |
TCPView |
TCPView is a Windows program that will show you detailed listings of all TCP and UDP endpoints on your system, including the local and remote addresses and state of TCP connections. | Download |
Wireshark |
Wireshark is the worldโs foremost and widely-used network protocol analyzer. | Download |
Fakenet |
FakeNet is a tool that aids in the dynamic analysis of malicious software. | Download |
Volatility |
An advanced memory forensics framework. | github |
LiME |
A Loadable Kernel Module (LKM) which allows for volatile memory acquisition from Linux and Linux-based devices. | github |
Cuckoo |
Cuckoo Sandbox is the leading open source automated malware analysis system. | Download |
Objective-See Utilities |
Free Mac Security Tools | Download |
XCode Instruments |
XCode Instruments for Monitoring Files and Processes User Guide. | Download |
fs_usage |
report system calls and page faults related to filesystem activity in real-time. File I/O: fs_usage -w -f filesystem. | Download |
dmesg |
display the system message buffer. | Download |
Document Analysis Tools
| Name | Descriptions | Download |
|---|---|---|
Ole Tools |
python-oletools is a package of python tools to analyze Microsoft OLE2 files. | Download |
Didier's PDF Tools |
This tool will parse a PDF document to identify the fundamental elements used in the analyzed file. | Download |
Origami |
Origami is a Ruby framework designed to parse, analyze, and forge PDF documents. | github |
Scripting
| Name | Descriptions | Download |
|---|---|---|
IDA Python Src |
IDAPython project for Hex-Ray's IDA Pro. | github |
IDC Functions Doc |
The following conventions are used in the function descriptions. | Download |
IDA Plugin Contest |
Hex-Rays Plugin Contest 2021 is now officially started. | Download |
onehawt IDA Plugin List |
A list of IDA Plugins. | github |
pefile |
pefile is a multi-platform Python module to parse and work with Portable Executable (PE) files. Most of the information contained in the PE file headers is accessible, as well as all the sections' details and data. | github |
| Name | Descriptions | Download |
|---|---|---|
Cerbero Profiler |
While this PoC is about static analysis, itโs very different than applying a packer to a malware. | Download |
AppEncryptor |
A command-line tool to apply or remove Apple Binary Protection from an application. | github |
Class-dump |
This is a command-line utility for examining the Objective-C runtime information stored in Mach-O files. | Download |
readmem |
A small OS X/iOS userland util to dump processes memory. | github |
| Name | Descriptions | Download |
|---|---|---|
mona.py |
Mona.py is a python script that can be used to automate and speed up specific searches while developing exploits (typically for the Windows platform). It runs on Immunity Debugger and WinDBG, and requires python 2.7. Although it runs in WinDBG x64, the majority of its features were written specifically for 32bit processes. | github |
pwntools |
Pwntools is a CTF framework and exploit development library. Written in Python, it is designed for rapid prototyping and development, and intended to make exploit writing as simple as possible. | github |
rp++ |
rp++ is a full-cpp written tool that aims to find ROP sequences in PE/Elf/Mach-O x86/x64 binaries. It is open-source and has been tested on several OS: Debian / Windows 8.1 / Mac OSX Lion (10.7.3). Moreover, it is x64 compatible and supports Intel syntax. Standalone executables can also be directly downloaded. | github |
EMET |
The Enhanced Mitigation Experience Toolkit (EMET) is an anti-vulnerability exploitation toolkit that can be layered onto the Windows OS in addition to other security technologies to raise the bar for exploits to work properly. It has been increasingly recommended by various IT Security frameworks and governing bodies. EMET provides additional memory corruption protection for commonly used Internet facing applications. | Download |
PEDA |
PEDA - Python Exploit Development Assistance for GDB | github |
| Name | Type | Descriptions | Download |
|---|---|---|---|
American fuzzy lop |
Binary | A security-oriented fuzzer that employs a novel type of compile-time instrumentation and genetic algorithms to automatically discover clean, interesting test cases that trigger new internal states in the targeted binary. | Download |
WinAFL |
Binary | A fork of AFL for fuzzing Windows binaries. | github |
libFuzzer |
Binary | A library for coverage-guided fuzz testing. | Download |
Peach Fuzzer |
Network Protocol | Framework which helps to create custom dumb and smart fuzzers. | Download |
boofuzz |
Network Protocol | Boofuzz is a fork of and the successor to the venerable Sulley fuzzing framework. Besides numerous bug fixes, boofuzz aims for extensibility. The goal: fuzz everything. | github |
AFL (w/ networking patch) |
Network Protocol | american fuzzy lop for network fuzzing (unofficial) -- official afl site is | github |
| Name | Descriptions |
|---|---|
The IDA Pro Book |
Description |
Radare2 Book |
github page |
Reverse Engineering for Beginners |
Description |
The Art of Memory Forensics |
Description |
Art of Software Security Assessment |
Description |
iOS Reverse Engineering |
Description |
| Name | Descriptions |
|---|---|
OSX Crackmes |
Description |
ESET Challenges |
Description |
Flare-on Challenges |
Description |
Github CTF Archives |
github page |
Reverse Engineering Challenges |
Description |
Malware Blacklist |
Description |
malwr.com |
Description |