Reverse Engineering
28 tools indexed
Binary analysis, disassembly, decompilation, and debugging tools for reverse engineering executables, malware, and firmware. These tools help security researchers understand how compiled software works, identify vulnerabilities, and analyze malicious code without access to source.
dnSpy
.NET debugger, decompiler, and assembly editor. Inspect and modify .NET and Unity assemblies without source code.
ILSpy
Open-source .NET decompiler and assembly browser. Produces clean C# from compiled binaries with cross-platform support.
x64dbg
Open-source x64/x32 debugger for Windows. Full-featured binary debugger with plugin ecosystem for malware analysis and reverse engineering.
Detect It Easy
Binary packer and compiler detection. Identifies compilers, linkers, packers, and protectors used to build PE, ELF, and Mach-O files.
angr
Binary analysis framework. Symbolic execution, CFG recovery, and vulnerability discovery for compiled binaries in Python.
RetDec
Retargetable decompiler by Avast. Converts machine code back to C from x86, ARM, MIPS, and PowerPC binaries.
Rizin
Reverse engineering framework forked from radare2. Modernized API, improved UX, with Cutter as its official GUI.
Unicorn Engine
Lightweight CPU emulator framework. Emulate x86, ARM, MIPS, and more for binary analysis, fuzzing, and instrumentation.
Capstone
Multi-architecture disassembly framework. The engine behind Ghidra, radare2, and dozens of security tools.
ImHex
Feature-rich hex editor with pattern language, data analysis, disassembly, and entropy visualization.
pwndbg
GDB plugin for exploit developers and reverse engineers with context display, heap analysis, and PEDA-like commands.
EMBA
Firmware security analyzer for IoT and embedded devices performing static and dynamic analysis via emulation.
GEF
GDB Enhanced Features plugin for exploit developers and reverse engineers.
Triton
Dynamic binary analysis framework with symbolic execution and taint analysis.
Z3
High-performance SMT solver from Microsoft Research used in RE and verification.
xortool
Analyze and break multi-byte XOR cipher encrypted data with key guessing.
cwe_checker
Detect common bug classes (CWEs) in compiled binaries using Ghidra backend.
Bytecode Viewer
Java/Android reverse engineering suite with multiple decompilers, disassemblers, and an integrated hex editor.
JD-GUI
Standalone graphical Java decompiler. Displays Java source code from CLASS files and JAR archives.
dex2jar
Converts Android DEX bytecode to Java CLASS files, enabling analysis with standard Java decompilers.
pyinstxtractor
Extracts the contents of PyInstaller-generated executables, recovering the original Python scripts and resources.
Kaitai Struct
Declarative binary format parser generator. Define a format once in YAML, generate parsers for 12+ programming languages.
al-khaser
Malware evasion technique reference implementation. Demonstrates VM detection, sandbox evasion, and anti-debugging tricks.
FLARE FLOSS
Mandiant's obfuscated string extraction tool for malware analysis. Recovers strings hidden by encoding, encryption, and stacking.
FakeNet-NG
Mandiant's dynamic network analysis tool. Simulates internet services to capture malware C2 communications locally.
PCILeech
Direct Memory Access attack toolkit. Reads and writes target system memory via PCIe/Thunderbolt/USB hardware interfaces.
PEDA
Python Exploit Development Assistance for GDB. Enhanced debugging display with exploit development features.
Voltron
Debugger UI toolkit providing split-pane views for LLDB, GDB, VDB, and WinDbg with customizable layouts.