Displaying 1 to 17 from 17 results

Triton - Triton is a Dynamic Binary Analysis (DBA) framework

  •    C++

Triton is a dynamic binary analysis (DBA) framework. It provides internal components like a Dynamic Symbolic Execution (DSE) engine, a Taint engine, AST representations of the x86 and the x86-64 instructions set semantics, SMT simplification passes, an SMT Solver Interface and, the last but not least, Python bindings. Based on these components, you are able to build program analysis tools, automate reverse engineering and perform software verification. As Triton is still a young project, please, don't blame us if it is not yet reliable. Open issues or pull requests are always better than troll =).

manticore - Symbolic execution tool

  •    Python

Manticore is a symbolic execution tool for analysis of binaries and smart contracts. Manticore is supported on Linux and requires Python 2.7. Ubuntu 16.04 is strongly recommended. Ethereum smart contract analysis requires the solc program in your $PATH.

mcsema - Framework for lifting x86, amd64, and aarch64 program binaries to LLVM bitcode

  •    C++

McSema is an executable lifter. It translates ("lifts") executable binaries from native machine code to LLVM bitcode. LLVM bitcode is an intermediate representation form of a program that was originally created for the retargetable LLVM compiler, but which is also very useful for performing program analysis methods that would not be possible to perform on an executable binary directly. McSema enables analysts to find and retroactively harden binary programs against security bugs, independently validate vendor source code, and generate application tests with high code coverage. McSema isn’t just for static analysis. The lifted LLVM bitcode can also be fuzzed with libFuzzer, an LLVM-based instrumented fuzzer that would otherwise require the target source code. The lifted bitcode can even be compiled back into a runnable program! This is a procedure known as static binary rewriting, binary translation, or binary recompilation.

bap - Binary Analysis Platform

  •    OCaml

The Carnegie Mellon University Binary Analysis Platform (CMU BAP) is a reverse engineering and program analysis platform that works with binary code and doesn't require the source code. BAP supports multiple architectures: ARM, x86, x86-64, PowerPC, and MIPS. BAP disassembles and lifts binary code into the RISC-like BAP Instruction Language (BIL). Program analysis is performed using the BIL representation and is architecture independent in a sense that it will work equally well for all supported architectures. The platform comes with a set of tools, libraries, and plugins. The documentation and tutorial are also available. The main purpose of BAP is to provide a toolkit for implementing automated program analysis. BAP is written in OCaml and it is the preferred language to write analysis, we have bindings to C, Python and Rust. The Primus Framework also provide a Lisp-like DSL for writing program analysis tools. BAP is developed in CMU, Cylab and is sponsored by various grants from the United States Department of Defense, Siemens AG, and the Korea government, see sponsors for more information.




PinTools - Pintool example and PoC for dynamic binary analysis

  •    C++

I just decided to centralize my old and next Pin tools about program analysis in this repo. Be careful, these pintool are not reliable. They are here just as PoC and to provide some ideas.

pev - The PE file analysis toolkit

  •    C

pev is a full-featured, open source, multiplatform command line toolkit to work with PE (Portable Executables) binaries. Please check the online documentation for more details.

security-notes - :notebook: Some security related notes

  •    

I have started to write down notes on the security related videos I watch (as a way of quick recall). These might be more useful to beginners.


hex - Hex viewer

  •    C

hex is yet another hex viewer. It automatically interprets fields within files using a set of Lua scripts, colorizing them and showing descriptions on the side. At the moment there aren’t that many features and we only have a few decoders.

bap-bindings - C Bindings to BAP

  •    OCaml

This project provides a C interface to BAP library and other components of the infrastructure. The interface is rather complete, although some functions may be omitted for a reason or accidentaly. By desing, everything that is possible to do in OCaml with the Bap.Std interface should be possible to implement in C, using bap.h. If you find any violations of this rule, please don't hesitate to file an issue. The following simple program is a good test that your installation works fine.

node-elm-repl - 👌 JavaScript tool, which provides fast access to the types (as structures, not just strings) and values of Elm expressions

  •    Javascript

Actually the name may confuse you, so I would make it clear from the start, that technically what you see here is TOTALLY NOT the REPL. At least, by itself. It is the replacement for the REPL for those who need to know the evaluated values together with their types in their entirety (not just string-encoded boring types, but a structures defining the type, like... JSON Elm Type AST) for Elm expressions in JavaScript environment. Also, this tool may help you make some REPL... in JavaScript. If these points are applicable to you, but you are still uncertain if you need this, please read The "Modern Binary Reverse Engineering with Node.js for Elm" Article (written by me) which describes in the very details, what is done here and how it works. Another way for you, in this case, is just to use this binary tool which was developed later than this one, and which is driven by Haskell (which is an advantage), so has a compiled binary (which is an advantage) and uses the "core" code to get the type information (which is an advantage), but has no ability to get values (which is whatever) and only has types in their stringified form (which is a disadvantage, but may be implementing it for an author is just a matter of time).

goblin - An impish, cross-platform binary parsing crate, written in Rust

  •    Rust

Goblin requires rustc 1.19. libgoblin aims to be your one-stop shop for binary parsing, loading, and analysis.

dispar - Dispar - Cross-platform Disassemling binary Parser

  •    C++

Dispar is short for "[Dis]assemling binary [Par]ser" written in C++14. The whole concept of the project is to load binaries, like executables, libraries, core dumps etc., and do analysis of their structure and data; most notably their strings, symbols, and functions. Currently, it supports only 32+64 bit Mach-O binaries (including universal binaries) but there are plans for supporting ELF and PE/PE+ later on. There are both external and internal libraries and tools required to build and run this program.

interrupt_analysis

  •    Batchfile

The goal of our project is to build a tool that can automatically analyze Peripheral Interupts for ARM embedded system. The Econotag is an open source and exceptionally simple example of an embedded system which makes it easier for us to testing our approach.

EnVisen - ROP gadget finder and analysis in pure Javascript

  •    Javascript

⚠️ This tool may only be used for educational, teaching, learning, understanding and research purposes only. Completely self-contained binary ROP/JOP gadget analyzer for comparing two binaries side-by-side and understanding their structures, in 100% pure Javascript, and a self-contained client-side browser application. Focussed on extreme simplicity of usage and portability across platforms.





We have large collection of open source products. Follow the tags from Tag Cloud >>


Open source products are scattered around the web. Please provide information about the open source projects you own / you use. Add Projects.