Triton is a dynamic binary analysis (DBA) framework. It provides internal components like a Dynamic Symbolic Execution (DSE) engine, a Taint engine, AST representations of the x86 and the x86-64 instructions set semantics, SMT simplification passes, an SMT Solver Interface and, the last but not least, Python bindings. Based on these components, you are able to build program analysis tools, automate reverse engineering and perform software verification. As Triton is still a young project, please, don't blame us if it is not yet reliable. Open issues or pull requests are always better than troll =).
reverse-engineering symbolic-execution binary-analysis instruction-semantics program-analysis taint-analysis smt binary-translationManticore is a symbolic execution tool for analysis of binaries and smart contracts. Manticore is supported on Linux and requires Python 2.7. Ubuntu 16.04 is strongly recommended. Ethereum smart contract analysis requires the solc program in your $PATH.
symbolic-execution z3 taint-analysis binary-analysis emulation smt program-analysis security ethereum blockchain testingThe Carnegie Mellon University Binary Analysis Platform (CMU BAP) is a reverse engineering and program analysis platform that works with binary code and doesn't require the source code. BAP supports multiple architectures: ARM, x86, x86-64, PowerPC, and MIPS. BAP disassembles and lifts binary code into the RISC-like BAP Instruction Language (BIL). Program analysis is performed using the BIL representation and is architecture independent in a sense that it will work equally well for all supported architectures. The platform comes with a set of tools, libraries, and plugins. The documentation and tutorial are also available. The main purpose of BAP is to provide a toolkit for implementing automated program analysis. BAP is written in OCaml and it is the preferred language to write analysis, we have bindings to C, Python and Rust. The Primus Framework also provide a Lisp-like DSL for writing program analysis tools. BAP is developed in CMU, Cylab and is sponsored by various grants from the United States Department of Defense, Siemens AG, and the Korea government, see sponsors for more information.
binary-analysis reverse-engineering program-analysis static-analysis dynamic-analysis program-verification instruction-semantics taint-analysis disassembler lifter ocaml arm x86 security forensics emulator bap control-flow-analysis powerpc mipsFor a look at recent changes, please see the changelog. Soon you will find a README.rst in every directory in the pyt/ folder, start here.
pyt control-flow-graph static-analysis python3 security static-code-analysis program-analysis fixed-point fixed-point-analysis dataflow dataflow-analysis taint taint-analysis abstract-syntax-tree abstract-syntax flaskPolyTracker is a tool originally created for the Automated Lexical Annotation and Navigation of Parsers, a backronym devised solely for the purpose of referring to it as The ALAN Parsers Project. However, it has evolved into a general purpose tool for efficiently performing data-flow and control-flow analysis of programs. PolyTracker is an LLVM pass that instruments programs to track which bytes of an input file are operated on by which functions. It outputs a database containing the data-flow information, as well as a runtime trace. PolyTracker also provides a Python library for interacting with and analyzing its output, as well as an interactive Python REPL. PolyTracker can be used in conjunction with PolyFile to automatically determine the semantic purpose of the functions in a parser. It also has an experimental feature capable of generating a context free grammar representing the language accepted by a parser.
llvm instrumentation taint-analysis dataflow-analysis taint-trackingA toy implementation of 'Stack Guard' on top of the LLVM compiler toolchain.Instrumentation code is added during compilation process to insert and verify stack canaries. Local variables (on the stack) are reordered to prevent buffers overflowing into other local variables. Vulnerable buffers are identified by performing a simple version of static taint analysis. Dependencies are maintained between function calls and pointer manipulations.
stack llvm taint-analysis clangTigress is a diversifying virtualizer/obfuscator for the C language that supports many novel defenses against both static and dynamic reverse engineering and de-virtualization attacks. In particular, Tigress protects against static de-virtualization by generating virtual instruction sets of arbitrary complexity and diversity, by producing interpreters with multiple types of instruction dispatch, and by inserting code for anti alias analysis. Tigress protects against dynamic de-virtualization by merging the real code with bogus functions, by inserting implicit flow, and by creating slowly-executing reenetrant interpreters. Tigress implements its own version of code packing through the use of runtime code generation. Finally, Tigress' dynamic transformation provides a generalized form of continous runtime code modification. If you want more information, you can checkout our solve-vm.py script.
deobfuscation tigress tigress-protections triton symbolic-execution llvm reverse-engineering taint-analysisA taint-tracking plugin for the Valgrind memory checking tool
valgrind taint-analysisSome theoretical background about this repository is available in our paper: Information Flow Analysis for Go. For more information about the project, also check the Acknowledgments. Another variant is to install gotcha in a docker image. This can be done in a similar way: start a golang container and within this container execute the go get command (step 2).
static-code-analysis static-analysis dataflow taint-analysis gotchaTaintFlow, a framework for JavaScript dynamic information flow analysis. There are many more options available, see taintflow --help for more information.
typescript babel-plugin data-flow instrumentation dynamic-analysis taint-analysis
We have large collection of open source products. Follow the tags from
Tag Cloud >>
Open source products are scattered around the web. Please provide information
about the open source projects you own / you use.
Add Projects.