gef - GEF - GDB Enhanced Features for exploit devs & reversers

•    Python

GEF is a kick-ass set of commands for X86, ARM, MIPS, PowerPC and SPARC to make GDB cool again for exploit dev. It is aimed to be used mostly by exploiters and reverse-engineers, to provide additional features to GDB using the Python API to assist during the process of dynamic analysis and exploit development. It has full support for both Python2 and Python3 indifferently (as more and more distros start pushing gdb compiled with Python3 support).

pwndbg - Exploit Development and Reverse Engineering with GDB Made Easy

•    Python

Exploit Development and Reverse Engineering with GDB Made Easy

FLIRTDB - A community driven collection of IDA FLIRT signature files

•    Max

Fast Library Identification and Recognition Technology, also known as FLIRT, is IDA's internal symbols identifier that searches through disassembled binaries in order to locate, rename, and highlight known library subroutines. FLIRT elimates the need to analyze functions that could be understood simply by reading documentation or source code from the library it came from and reduces the amount of work required in order to reverse and understand symbol-stripped binaries by a considerable amount. The input to the system is a library file (.lib on Windows) from a library of choice while the output is a signature file (.sig) stored under /sig (and only there or else IDA won't find it). Using one of the tools (plb/pcf/pelf) (provided here for paying customers) you convert all the functions in the library to signatures stored in a PAT file (.pat). The final stage in creating a signature file involves converting the generated PAT file into a .sig file usable by IDA with the use of sigmake. The problem with this is that sometimes collisions will exist for signatures since the method Hex-Rays uses is not fool proof. When an error occurs an EXC (.exc) file is created. In order to ignore collisions, simply edit this file by removing the first few comments (lines that start with ';') and re-run sigmake.

ipyida - IPython console integration for IDA Pro

•    Python

IPyIDA is a python-only solution to add an IPython console to IDA Pro. Use <Shift-.> to open a window with an embedded Qt console. You can then benefit from IPython’s autocompletion, online help, monospaced font input field, graphs, and so on. You can also connect to the kernel outside of IDA using ipython console --existing.

Sark - IDAPython Made Easy

•    Python

IDA Plugins & IDAPython Scripting Library. For documentation, see sark.rtfd.io.

binexport - An IDA Pro plugin for exporting disassemblies into BinNavi databases and to Protocol Buffers

•    C++

Copyright 2011-2017 Google Inc.Disclaimer: This is not an official Google product (experimental or otherwise), it is just code that happens to be owned by Google.

idaidle - A plugin for the commercial IDA Pro disassembler that warns users if they leave their instance idling for too long

•    CMake

Copyright 2016-2017 Google Inc.Disclaimer: This is not an official Google product (experimental or otherwise), it is just code that happens to be owned by Google.

GraphGrabber

•    Python

Used to grab full-resolution images of IDA graphs. Released under MIT license.

ida-evm - IDA Processor Module for the Ethereum Virtual Machine (EVM)

•    Python

IDA Processor Module for the Ethereum Virtual Machine (EVM). This plugin is under active development. New issues and contributions are welcome, and are covered by bounties from Trail of Bits. Join us in #ethereum on the Empire Hacking Slack to discuss Ethereum security tool development.

exports-plus - IDA Pro plugin to view Exports

•    Python

IDA Pro plugin to view Exports. The problem is that IDA for some reason sometimes does not show certain names in Exports or does not demangle them. This plugin fixes this problem.

functions-plus - IDA Pro plugin to make functions tree view

•    Python

IDA Pro plugin to make functions tree view. Plugin parses function names and groups them by namespaces. Currently does not support search, is not possible to sort, no context menu.

hrdev - Hex-Rays Decompiler Enhanced View

•    Python

This is an IDA Pro Python plugin to make Hex-Rays Decompiler output bit more attractive. HRDEV plugin retrieves standard decompiler output, parses it with Python Clang bindings and puts back. The only requirement is Clang Python binding. See https://pypi.python.org/pypi/clang. Clang binding is required to parse decompiler output and produce plugin output.

ida_pdb_loader - IDA PDB Loader

•    Python

This is a simple IDA plugin to load PDB symbols. The problem is that sometimes IDA crashes for me when trying to load symbols, so I came up with this quick and dirty alternative. This plugin relies on Python pdbparse module (https://github.com/moyix/pdbparse), and I have it included in plugin, because I had to do minor modifications to code.

idajava - Java integration for Hex-Rays IDA Pro

•    Java

IdaJava is a plugin for IDA Pro that allows to write IDA plugins in Java. In other words: IdaJava is to Java like IDAPython is to Python... The plugin creates an in-process Java VM and looks for JAR files in IDA's plugins directory. Each Java based plugin gets their own menu item in Edit|Plugins. NOTE (2017): This is old code that will likely no longer work. It's mainly here for reference. I don't plan on making further changes.

Stingray - IDAPython plugin for finding function strings recursively

•    Python

Stingray is an IDAPython plugin for finding function strings. The search is from the current position onwards in the current function. It can do it recursively also with configurable search depth. The results order is the natural order of strings in the BFS search graph. For each found string it displays the xref address, the string address, the string type and the of course the string itself.

SimplifyGraph - IDA Pro plugin to assist with complex graphs

•    C++

My personal preference is to use IDA’s Graph mode when doing the majority of my reverse engineering. It provides a graphical representation of the control flow graph and gives visual cues about the structure of the current function that helps me better understand the disassembly. Graph mode is great until the function becomes complex. IDA is often forced to place adjacent nodes relatively far apart, or have edges in the graph cross and have complex paths. Using the overview graph becomes extremely difficult due to the density of nodes and edges, like in Figure 1.

IDA7-FunctionStringAssociate - FunctionStringAssociate plugin by sirmabus, ported to IDA 7

•    C++

The IDA 7.0 SDK should also be located at $(IDADIR)\idasdk.

DBGHider - An IDA plugin aims to hide debugger from processes

•    Python

DBGHider is an IDA Pro 7.x plugin written in Python. It aims to hide IDA Winddows debugger from processes. DBGHider uses two ways to hook functions: conditional breakpoint and inline hook.

belf - Balika011's PlayStation 4 ELF loader for IDA Pro 7.0/7.1

•    C++

His plugin provided a good reference.

binary-auditing-solutions - Solutions for Binary Auditing Package: http://www.binary-auditing.com/

Solutions for Binary Auditing Package: http://www.binary-auditing.com/