Top 23 Python Reverse Engineering Projects
-
owasp-mstg
The Mobile Security Testing Guide (MSTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).
Project mention: Moving from Web application pentesting to mobile. | reddit.com/r/AskNetsec | 2022-04-04- OWASP is as usual a good resource: https://owasp.org/www-project-mobile-security-testing-guide/
-
There are a lot of these types of tools already in the reverse engineering community (in order of lowest chance of breaking when you throw really weird stuff at it):
GEF: https://gef.readthedocs.io/en/master/
PWNDBG: https://github.com/pwndbg/pwndbg
PEDA: https://github.com/longld/peda
They also come with a slew of different features to aid in RE/exploit dev, but many of them are also useful for debugging really weird issues.
-
SonarQube
Static code analysis for 29 languages.. Your projects are multi-language. So is SonarQube analysis. Find Bugs, Vulnerabilities, Security Hotspots, and Code Smells so you can release quality code every time. Get started analyzing your projects today for free.
-
gef
GEF (GDB Enhanced Features) - a modern experience for GDB with advanced debugging features for exploit developers & reverse engineers
I still struggle with GDB but my excuse is that I seldom use it.
When I was studying reverse engineering though, I came across a really cool kit (which I've yet to find an alternative for lldb, which would be nice given: rust)
I'd recommend checking it out, if for no other reason than it makes a lot of things really obvious (like watching what value lives in which register).
LLDB's closest alternative to this is called Venom, but it's not the same at all. https://github.com/ovh/venom
-
androguard
Reverse engineering, Malware and goodware analysis of Android applications ... and more (ninja !)
Androguard - Reverse engineer Android applications.
-
-
ROPgadget
This tool lets you search your gadgets on your binaries to facilitate your ROP exploitation. ROPgadget supports ELF, PE and Mach-O format on x86, x64, ARM, ARM64, PowerPC, SPARC and MIPS architectures.
ROP Gadget - Framework for ROP exploitation.
-
Project mention: Scan the apk file to check its different layers | reddit.com/r/NETSECSOFT | 2022-01-09
git clone https://github.com/dwisiswant0/apkleaks
-
Scout APM
Less time debugging, more time building. Scout APM allows you to find and fix performance issues with no hassle. Now with error monitoring and external services monitoring, Scout is a developer's best friend when it comes to application development.
-
plasma
Plasma is an interactive disassembler for x86/ARM/MIPS. It can generates indented pseudo-code with colored syntax.
Plasma - An interactive disassembler for x86/ARM/MIPS which can generate indented pseudo-code with colored syntax.
-
-
-
-
-
It's a Pyinstaller binary.(I have used it once before, so I just knew it by checking the file.) Use https://github.com/extremecoders-re/pyinstxtractor to extract its source code archive in binary (by just running python pyinstxtractor.py ./backdoor or something), now many .pyc files are extracted. Find src.pyc and it's malformed as Python3.9, so https://github.com/rocky/python-uncompyle6/ denies to decompile. But challenge information says it's Python3.8, so I write helloworld python script and execute it with Python3.8. It yields Python3.8 .pyc file. Analyze it and find signature is \x55. Change src.pyc's signature from \x61 to \x55 and decompile by running uncompyle6 backdoor-src.38.pyc > backdoor-src.py
-
Project mention: I'm looking for a program-flow highlighting tool. Any ideas? | reddit.com/r/AskReverseEngineering | 2022-02-08
Tenet: use a specific trace output (see tracers) and import the trace into IDA, which then gets a colorized view. You can also play the trace forward and backward à la Windbg TTD.
-
-
Project mention: Want to setup a malware analysis Sandbox on Windows 10. Almost giving up... | reddit.com/r/cybersecurity | 2021-07-21
Why not have a look at DRAKVUF? Supports W10 2004 guests: https://github.com/CERT-Polska/drakvuf-sandbox
-
Netzob - Reverse engineering, traffic generation and fuzzing of communication protocols.
-
vmlinux-to-elf
A tool to recover a fully analyzable .ELF from a raw kernel, through extracting the kernel symbol table (kallsyms)
Project mention: FYI: Synology SRM 1.3 is still running Linux kernel 4.4.60 though it's 64 bit ARM for RT6600ax | reddit.com/r/synology | 2022-05-11 -
-
-
Project mention: Hobbits is a software platform for analyzing, processing, and visualizing bits | news.ycombinator.com | 2021-11-19
-
Python Reverse Engineering related posts
Index
What are some of the best open-source Reverse Engineering projects in Python? This list will help you:
| Project | Stars | |
|---|---|---|
| 1 | owasp-mstg | 9,063 |
| 2 | pwndbg | 4,668 |
| 3 | gef | 4,647 |
| 4 | androguard | 3,988 |
| 5 | qiling | 3,507 |
| 6 | ROPgadget | 3,064 |
| 7 | apkleaks | 3,026 |
| 8 | plasma | 2,967 |
| 9 | miasm | 2,799 |
| 10 | flare-ida | 1,722 |
| 11 | AppleNeuralHash2ONNX | 1,465 |
| 12 | PINCE | 1,299 |
| 13 | pyinstxtractor | 994 |
| 14 | tenet | 905 |
| 15 | vivisect | 759 |
| 16 | OpenWifiPass | 696 |
| 17 | drakvuf-sandbox | 681 |
| 18 | netzob | 654 |
| 19 | vmlinux-to-elf | 637 |
| 20 | reFlutter | 596 |
| 21 | pwndra | 516 |
| 22 | hobbits | 492 |
| 23 | unipacker | 454 |
Are you hiring? Post a new remote job listing for free.
