Triton - Triton is a Dynamic Binary Analysis (DBA) framework

  •        6

Triton is a dynamic binary analysis (DBA) framework. It provides internal components like a Dynamic Symbolic Execution (DSE) engine, a Taint engine, AST representations of the x86 and the x86-64 instructions set semantics, SMT simplification passes, an SMT Solver Interface and, the last but not least, Python bindings. Based on these components, you are able to build program analysis tools, automate reverse engineering and perform software verification. As Triton is still a young project, please, don't blame us if it is not yet reliable. Open issues or pull requests are always better than troll =).



Related Projects

manticore - Symbolic execution tool

Manticore is a symbolic execution tool for analysis of binaries and smart contracts. Manticore is supported on Linux and requires Python 2.7. Ubuntu 16.04 is strongly recommended. Ethereum smart contract analysis requires the solc program in your $PATH.

mcsema - Framework for lifting x86, amd64, and aarch64 program binaries to LLVM bitcode

McSema is an executable lifter. It translates ("lifts") executable binaries from native machine code to LLVM bitcode. LLVM bitcode is an intermediate representation form of a program that was originally created for the retargetable LLVM compiler, but which is also very useful for performing program analysis methods that would not be possible to perform on an executable binary directly. McSema enables analysts to find and retroactively harden binary programs against security bugs, independently validate vendor source code, and generate application tests with high code coverage. McSema isn’t just for static analysis. The lifted LLVM bitcode can also be fuzzed with libFuzzer, an LLVM-based instrumented fuzzer that would otherwise require the target source code. The lifted bitcode can even be compiled back into a runnable program! This is a procedure known as static binary rewriting, binary translation, or binary recompilation.

binnavi - BinNavi is a binary analysis IDE that allows to inspect, navigate, edit and annotate control flow graphs and call graphs of disassembled code

Copyright 2011-2016 Google Inc.BinNavi is a binary analysis IDE - an environment that allows users to inspect, navigate, edit, and annotate control-flow-graphs of disassembled code, do the same for the callgraph of the executable, collect and combine execution traces, and generally keep track of analysis results among a group of analysts.

pev - The PE file analysis toolkit

pev is a full-featured, open source, multiplatform command line toolkit to work with PE (Portable Executables) binaries. Please check the online documentation for more details.

SWFREtools - SWF file reverse engineering tools

The SWFRETools are a collection of tools built for vulnerability analysis of the Adobe Flash player and for malware analysis of malicious SWF files. The tools are partly written in Java and partly in Python and are licensed under the GPL 2.0 license. Flash Dissector is a GUI tool that allows you to inspect SWF files on a binary level. When you open a SWF file in Flash Dissector you have the ability to look through the structures defined in the SWF file in a hex editor and in a structure viewer. This makes it easy to understand what bytes of a SWF file hold what functionality.

PinTools - Pintool example and PoC for dynamic binary analysis

I just decided to centralize my old and next Pin tools about program analysis in this repo. Be careful, these pintool are not reliable. They are here just as PoC and to provide some ideas.

gef - GEF - GDB Enhanced Features for exploit devs & reversers

GEF is a kick-ass set of commands for X86, ARM, MIPS, PowerPC and SPARC to make GDB cool again for exploit dev. It is aimed to be used mostly by exploiters and reverse-engineers, to provide additional features to GDB using the Python API to assist during the process of dynamic analysis and exploit development. It has full support for both Python2 and Python3 indifferently (as more and more distros start pushing gdb compiled with Python3 support).

Androl4b - A Virtual Machine For Assessing Android applications, Reverse Engineering and Malware Analysis

AndroL4b is an android security virtual machine based on ubuntu-mate includes the collection of latest framework, tutorials and labs from different security geeks and researchers for reverse engineering and malware analysis.

openreil - Open source library that implements translator and tools for REIL (Reverse Engineering Intermediate Language)

OpenREIL is open source library that implements translator and tools for REIL (Reverse Engineering Intermediate Language). However, after Zynamics was acquired by Google they abandoned BinNavi, so, I decided to develop my own implementation of REIL. I made it relatively small and portable in comparison with original, the translator itself is just a single library written in C++, it can be statically linked with any program for static or dynamic code analysis. The higher level API of OpenREIL is written in Python, so, it can be easily utilized in plugins and scripts for your favourite reverse engineering tool (almost all modern debuggers and disassemblers has Python bindings).

ASM - Java bytecode manipulation and analysis framework

ASM is an all purpose Java bytecode manipulation and analysis framework. It can be used to modify existing classes or dynamically generate classes, directly in binary form. Provided common transformations and analysis algorithms allow to easily assemble custom complex transformations and code analysis tools.

Apache Pig - Platform for analyzing large data sets on Hadoop.

Apache Pig is a platform for analyzing large data sets on Hadoop. It provides a high-level language for expressing data analysis programs, coupled with infrastructure for evaluating these programs.


A suite of source and binary programs to test the capabilities of code analysis tools. A reference implementation of x86 binary analysis in C# is also included.

angr - The next-generation binary analysis platform from UC Santa Barbara's Seclab!

angr is a platform-agnostic binary analysis framework developed by the Computer Security Lab at UC Santa Barbara and their associated CTF team, Shellphish.

ngrev - Tool for reverse engineering of Angular applications

Graphical tool for reverse engineering of Angular projects. It allows you to navigate in the structure of your application and observe the relationship between the different modules, providers and directives. The tool performs static code analysis which means that you don't have to run your application in order to use it.Your application needs to be compatible with the Angular's AoT compiler (i.e. you should be able to compile it with ngc).

ScratchABit - Easily retargetable and hackable interactive disassembler with IDAPython-compatible plugin API

ScratchABit is an interactive incremental disassembler with data/control flow analysis capabilities. ScratchABit is dedicated to the efforts of the OpenSource reverse engineering community (reverse engineering to produce OpenSource drivers/firmware for hardware not properly supported by vendors, for hardware and software interoperability, for security research). ScratchABit supports well-known in the community IDAPython API to write disassembly/extension modules.

ANTLR - ANother Tool for Language Recognition

ANTLR (ANother Tool for Language Recognition) is a powerful parser generator for reading, processing, executing, or translating structured text or binary files. It's widely used to build languages, tools, and frameworks. From a grammar, ANTLR generates a parser that can build and walk parse trees. Twitter search uses ANTLR for query parsing, with over 2 billion queries a day.

Udis86 Disassembler for x86 and x86-64

Udis86 is an easy-to-use minimalistic disassembler library for the x86 and x86-64 instruction set architectures. The primary intent of the design and development of udis86 is to aid software development projects that entail binary code analysis.

Boomerang - Decompiler of Machine Code Programs

After a program has been thrown into the world in binary form, it can boomerang back as source code. The Boomerang reverse engineering framework is the first general native executable decompiler available to the public.


(Diver is in the process of being moved to GitHub. Please find us at Support requests amp; messages sent here may never be seen.) Dynamic Interactive Views For Reverse Engineering. Div/er is a set of Eclipse Plugins that aid developers in understanding software. It uses dynamic analysis and reverse engineering to offer views and filters that aid comprehension and discovery.

feather - Feather: fast, interoperable binary data frame storage for Python, R, and more powered by Apache Arrow

Feather provides binary columnar serialization for data frames. It is designed to make reading and writing data frames efficient, and to make sharing data across data analysis languages easy. This initial version comes with bindings for python (written by Wes McKinney) and R (written by Hadley Wickham). Feather uses the Apache Arrow columnar memory specification to represent binary data on disk. This makes read and write operations very fast. This is particularly important for encoding null/NA values and variable-length types like UTF8 strings.