A set of tools for software reverse engineering.
In the following tables, you can find the tools you need according to the heading.
Debugging Tools
| Name | Descriptions | Download |
|---|---|---|
WinDbg |
The WDK is used to develop, test, and deploy Windows drivers. | Download |
OllyDbg v1.10 |
OllyDbg is a 32-bit assembler level analysing debugger for Microsoft® Windows®. Emphasis on binary code analysis makes it particularly useful in cases where source is unavailable. | Download |
OllyDbg v2.01 |
OllyDbg (named after its author, Oleh Yuschuk) is an x86 debugger that emphasizes binary code analysis, which is useful when source code is not available. | Download |
x64dbg |
An open-source x64/x32 debugger for windows. | Download |
gdb |
GDB, the GNU Project debugger, allows you to see what is going on inside another program while it executes -- or what another program was doing at the moment it crashed. |
Download |
vdb |
A combined disassembler/static analysis/symbolic execution/debugger framework. More documentation is in the works. | github |
lldb |
LLDB is a next generation, high-performance debugger. It is built as a set of reusable components which highly leverage existing libraries in the larger LLVM Project, such as the Clang expression parser and LLVM disassembler. | Download |
qira |
All state is tracked while a program is running, so you can debug in the past. | Download |
unicorn |
Unicorn CPU emulator framework (ARM, AArch64, M68K, Mips, Sparc, X86). | github |
Immunity Debugger |
Immunity Debugger's interfaces include the GUI and a command line. The command line is always available at the bottom of the GUI. It allows the user to type shortcuts as if they were in a typical text-based debugger, such as WinDBG or GDB. Immunity has implemented aliases to ensure that your WinDBG users do not have to be retrained and will get the full productivity boost that comes from the best debugger interface on the market. | Download |
Disassemblers
| Name | Descriptions | Download |
|---|---|---|
IDA Pro |
IDA Pro as a disassembler is capable of creating maps of their execution to show the binary instructions that are actually executed by the processor in a symbolic representation (assembly language). | Download |
GHIDRA |
A software reverse engineering (SRE) suite of tools developed by NSA's Research Directorate in support of the Cybersecurity mission. | Download |
Binary Ninja |
Our built-in decompiler works with all our architectures at one price and builds on a powerful family of ILs called BNIL. | Download |
Radare |
Disassemble (and assemble for) many different architectures. | Download |
Hopper |
Hopper Disassembler, the reverse engineering tool that lets you disassemble, decompile and debug your applications. | Download |
objdump |
objdump displays information about one or more object files. The options control what particular information to display. | Download |
fREedom |
capstone based disassembler for extracting to binnavi. | Download |
Android tools
| Name | Descriptions | Download |
|---|---|---|
Android Studio |
Android Studio provides the fastest tools for building apps on every type of Android device. | Download |
APKtool |
A tool for reverse engineering 3rd party, closed, binary Android apps. It can decode resources to nearly original form and rebuild them after making some modifications. | Download |
dex2jar |
Tools to work with android .dex and java .class files. | github |
IDA Pro |
IDA Pro as a disassembler is capable of creating maps of their execution to show the binary instructions that are actually executed by the processor in a symbolic representation (assembly language). | Download |
JaDx |
Dex to Java decompiler. | github |
APKinspector |
APKinspector is a powerful GUI tool for analysts to analyze the Android applications. | github |
objection |
📱 objection - runtime mobile exploration | github |
Sign.jar |
Sign.jar automatically signs an apk with the Android test certificate. | github |
FindSecurityBugs |
FindSecurityBugs is a extension for FindBugs which include security rules for Java applications. | Download |
Quick Android Review Kit (Qark) |
Tool to look for several security related Android application vulnerabilities | github |
AndroBugs Framework |
AndroBugs Framework is an efficient Android vulnerability scanner that helps developers or hackers find potential security vulnerabilities in Android applications. No need to install on Windows. | github |
Simplify |
Tool for de-obfuscating android package into Classes.dex which can be use Dex2jar and JD-GUI to extract contents of dex file. | github |
Android backup extractor |
Utility to extract and repack Android backups created with adb backup (ICS+). More info about adb backup here. | github |
Xposed framework |
Use this forum to chat about xposed framework and modules to modify your device without flashing a custom ROM | Download |
AndBug |
AndBug is a debugger targeting the Android platform’s Dalvik virtual machine intended for reverse engineers and developers. | github |
Introspy-Android |
Blackbox tool to help understand what an Android application is doing at runtime and assist in the identification of potential security issues. | github |
android-ssl-bypass |
This is an Android debugging tool that can be used for bypassing SSL, even when certificate pinning is implemented, as well as other debugging tasks. The tool runs as an interactive console. | github |
Hex Editors
| Name | Descriptions | Download |
|---|---|---|
HxD |
HxD is a carefully designed and fast hex editor which, additionally to raw disk editing and modifying of main memory (RAM), handles files of any size. | Download |
010 Editor |
Why is 010 Editor so powerful? Unlike traditional hex editors which only display the raw hex bytes of a file. | Download |
Hex Workshop |
The Hex Workshop Hex Editor is a set of hexadecimal development tools for Microsoft Windows, combining advanced binary editing with the ease and flexibility of a word processor. | Download |
HexFiend |
A fast and clever open source hex editor for macOS. | Download |
Hiew |
view and edit files of any length in text, hex, and decode modes. | Download |
hecate |
The Hex Editor From Hell!. | github |
Binary Format Tools
| Name | Descriptions | Download |
|---|---|---|
Cerbero Profiler |
Inspecting a file is a primary task for every low-level professional, be it for reversing, malware triage, forensics or software development. | Download |
Detect It Easy |
Detect It Easy, or abbreviated “DIE” is a program for determining types of files. | Download |
MachoView |
MachOView is a visual Mach-O file browser. It provides a complete solution for exploring and in-place editing Intel and ARM binaries. | Download |
codesign |
Code signing information usage: codesign -dvvv filename. | Download |
Binary Analysis Resources
| Name | Descriptions | Download |
|---|---|---|
Mobius Resources |
Unpacking Virtualization Obfuscators. | Download |
bap |
The Carnegie Mellon University Binary Analysis Platform (CMU BAP) is a suite of utilities and libraries that enables analysis of programs in the machine code representation. | github |
angr |
angr is a platform-agnostic binary analysis framework. | github |
Bytecode Analysis Tools
| Name | Descriptions | Download |
|---|---|---|
dnSpy |
dnSpy is a debugger and .NET assembly editor. | github |
Bytecode Viewer |
SIX DIFFERENT JAVA DECOMPILERS, TWO BYTECODE EDITORS, A JAVA COMPILER,PLUGINS, SEARCHING, SUPPORTS LOADING FROM CLASSES, JARS, ANDROID APKS AND MORE. | Download |
JPEXS Free Flash Decompiler |
Opensource flash SWF decompiler and editor. | github |
JD Project |
The “Java Decompiler project” aims to develop tools in order to decompile and analyze Java 5 “byte code” and the later versions. JD-GUI is a standalone graphical utility that displays Java source codes of “.class” files. You can browse the reconstructed source code with the JD-GUI for instant access to methods and fields. JD-Eclipse is a plug-in for the Eclipse platform. It allows you to display all the Java sources during your debugging process, even if you do not have them all. JD-Core is a library that reconstructs Java source code from one or more “.class” files. JD-Core may be used to recover lost source code and explore the source of Java runtime libraries. New features of Java 5, such as annotations, generics or type “enum”, are supported. JD-GUI and JD-Eclipse include JD-Core library. JD-Core, JD-GUI & JD-Eclipse are open source projects released under the GPLv3 License. | Download |
Dynamic Analysis Tools
| Name | Descriptions | Download |
|---|---|---|
Process Explorer v16.42 |
Process Explorer shows you information about which handles and DLLs processes have opened or loaded. | Download |
Process Monitor v3.82 |
Process Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity. | Download |
Autoruns for Windows v13.100 |
This utility, which has the most comprehensive knowledge of auto-starting locations of any startup monitor. | Download |
Noriben |
Noriben is a Python-based script that works in conjunction with Sysinternals Procmon to automatically collect, analyze, and report on runtime indicators of malware. | github |
API Monitor |
API Monitor is a free software that lets you monitor and control API calls made by applications and services. | Download |
INetSim |
INetSim is a software suite for simulating common internet services in a lab environment, e.g. for analyzing the network behaviour of unknown malware samples. | Download |
SmartSniff |
SmartSniff is a network monitoring utility that allows you to capture TCP/IP packets that pass through your network adapter. | Download |
TCPView |
TCPView is a Windows program that will show you detailed listings of all TCP and UDP endpoints on your system, including the local and remote addresses and state of TCP connections. | Download |
Wireshark |
Wireshark is the world’s foremost and widely-used network protocol analyzer. | Download |
Fakenet |
FakeNet is a tool that aids in the dynamic analysis of malicious software. | Download |
Volatility |
An advanced memory forensics framework. | github |
LiME |
A Loadable Kernel Module (LKM) which allows for volatile memory acquisition from Linux and Linux-based devices. | github |
Cuckoo |
Cuckoo Sandbox is the leading open source automated malware analysis system. | Download |
Objective-See Utilities |
Free Mac Security Tools | Download |
XCode Instruments |
XCode Instruments for Monitoring Files and Processes User Guide. | Download |
fs_usage |
report system calls and page faults related to filesystem activity in real-time. File I/O: fs_usage -w -f filesystem. | Download |
dmesg |
display the system message buffer. | Download |
Document Analysis Tools
| Name | Descriptions | Download |
|---|---|---|
Ole Tools |
python-oletools is a package of python tools to analyze Microsoft OLE2 files. | Download |
Didier's PDF Tools |
This tool will parse a PDF document to identify the fundamental elements used in the analyzed file. | Download |
Origami |
Origami is a Ruby framework designed to parse, analyze, and forge PDF documents. | github |
Scripting
| Name | Descriptions | Download |
|---|---|---|
IDA Python Src |
IDAPython project for Hex-Ray's IDA Pro. | github |
IDC Functions Doc |
The following conventions are used in the function descriptions. | Download |
IDA Plugin Contest |
Hex-Rays Plugin Contest 2021 is now officially started. | Download |
onehawt IDA Plugin List |
A list of IDA Plugins. | github |
pefile |
pefile is a multi-platform Python module to parse and work with Portable Executable (PE) files. Most of the information contained in the PE file headers is accessible, as well as all the sections' details and data. | github |
| Name | Descriptions | Download |
|---|---|---|
Cerbero Profiler |
While this PoC is about static analysis, it’s very different than applying a packer to a malware. | Download |
AppEncryptor |
A command-line tool to apply or remove Apple Binary Protection from an application. | github |
Class-dump |
This is a command-line utility for examining the Objective-C runtime information stored in Mach-O files. | Download |
readmem |
A small OS X/iOS userland util to dump processes memory. | github |
| Name | Descriptions |
|---|---|
The IDA Pro Book |
Description |
Radare2 Book |
github page |
Reverse Engineering for Beginners |
Description |
The Art of Memory Forensics |
Description |
Art of Software Security Assessment |
Description |
iOS Reverse Engineering |
Description |
| Name | Descriptions |
|---|---|
OSX Crackmes |
Description |
ESET Challenges |
Description |
Flare-on Challenges |
Description |
Github CTF Archives |
github page |
Reverse Engineering Challenges |
Description |
Malware Blacklist |
Description |
malwr.com |
Description |