본문 바로가기
Life/open source

open source 모음

by SpeeDr00t 2016. 11. 24.
반응형


http://www.capstone-engine.org/showcase.html


Showcase

In our knowledge, Capstone has been used by 211 following products (listed in no particular order).

  • Unicorn: Lightweight multi-arch, multi-platform CPU emulator framework.

  • Keystone: Lightweight multi-arch, multi-platform assembler framework.

  • CEnigma: Web-based disassembler tool that is simple, easy, fast & user-friendly. (inactive now)

  • CEbot: A Twitter bot for binary-reversing right from Twitter account. (inactive now)

  • Camal: Coseinc automated malware analysis lab.

  • Radare2: Unix-like reverse engineering framework and commandline tools.

  • Pyew: a Python tool for static malware analysis.

  • WinAppDbg: Code instrumentation scripts in Python under a Windows environment.

  • PowerSploit: PowerShell Post-Exploitation Framework.

  • MachOView: Visual Mach-O file browser that allows exploring and in-place editing Intel and ARM binaries.

  • RopShell: Free online Return-Oriented-Programming (ROP) gadgets search.

  • ROPgadget: Gadgets finder and auto-roper.

  • Frida: Inject JavaScript code into native apps on Windows, Mac, Linux and iOS.

  • The-Backdoor-Factory: Patch Win86/64 PE and Linux86/64 binaries with shellcode.

  • BDFProxy: Patch Binaries via MITM (BackdoorFactory + mitmProxy).

  • Cuckoo: Open source automated malware analysis system.

  • Cerbero Profiler: Malware and forensic analysis tool.

  • CryptoShark: Cross-platform interactive debugger (powered by Frida).

  • Ropper: ROP gadget and binary information tool.

  • Snowman: A native code to C/C++ decompiler.

  • x64dbg: An open-source x64/x32 debugger for Windows.

  • Concolica: Python concolic execution framework for program analysis.

  • Memtools Vita: Toolkit to explore PlayStation Vita firmware.

  • BARF: Multiplatform open source Binary Analysis and Reverse engineering Framework.

  • rp++: Full-cpp written tool to find ROP sequences in PE/Elf/Mach-O x86/x64/ARM binaries.

  • Binwalk: Firmware analysis tool.

  • MPRESS dumper: Unpacking tool for some HackingTeam’s OS X malware.

  • Xipiter toolkit: Miscellaneous tools for various security tasks.

  • Sonare: Qt-based disassembly viewer.

  • PyDA: Python DisAssembler.

  • Qira: QEMU Interactive Runtime Analyser.

  • Rekall: Rekall Memory Forensic Framework.

  • Inficere: MacOSX rootkit (for learning purpose)

  • Pwntools: CTF framework used by Gallopsled in every CTF.

  • Bokken: GUI for the Pyew malware analysis tool and Radare reverse engineering framework.

  • Webkitties: PlayStation Vita Webkit Exploit / Mini SDK and Testing Framework.

  • Malware_config_parsers: A collection of public malware config parsers.

  • Nightmare: A distributed fuzzing testing suite with web administration.

  • Catfish: A tool to ease the process of finding ROP gadgets & creating payloads with them.

  • JSoS-Module-Dump: PlayStation Vita module dumper.

  • Vitasploit: PlayStation Vita native exploitation framework.

  • PowerShellArsenal: A PowerShell Module Dedicated to Reverse Engineering.

  • PyReil: REIL translation library.

  • ARMSCGen: Shellcodes for ARM/Thumb mode.

  • Shwass: Mach-O Executables Analyzer & Disassembler.

  • Nrop: Automated Return-Oriented Programming Chaining.

  • lldb-capstone-arm: Disassemble scripts for LLDB (for Arm & Arm64)

  • Capstone.js: JavaScript wrapper over an Emscripten build of Capstone.

  • ELF Unstrip Tool: Generate unstripped binary from an ELF strip binary.

  • Binjitsu: CTF framework and exploit development library.

  • Rop-tool: A tool to help you writing binary exploits.

  • JitAsm: JIT Assembler Library for multiple ISAs.

  • OllyCapstone: A plugin for OllyDbg 1.10 to replace the old disasm engine with Capstone.

  • PackerId: A fork of packerid.py with disassembly support.

  • UEFI_boot_script_expl: CHIPSEC module to exploit UEFI boot script table vulnerability.

  • Symx: Lightweight Symbolic Execution Engine.

  • ArmExec: Android native runtime emulator.

  • Capstone View for IDA: A plugin to use Capstone to display code instead of IDA's own disassembly engine.

  • Honggfuzz: A general-purpose fuzzer with simple, command-line interface.

  • Triad decompiler: A tiny, free and open source decompiler that will take ELF files as input and spit out pseudo-C.

  • SemTrax: Data Tracking for Binary Software.

  • Senseye: Dynamic Visual Debugging / Reverse Engineering Toolsuite.

  • Plasma: Reverse engineering tool for x86/ARM. Generates indented pseudo-C with colored syntax code.

  • Binflow: A fast & multi-thread support tool to trace function calls in ELF binaries.

  • OpenREIL: Translator and tools for REIL (Reverse Engineering Intermediate Language).

  • PREF: Portable Reverse Engineering Framework that aims to be the swiss army knife for Reverse Engineering.

  • Pwnypack: Certified Edible Dinosaurs official CTF toolkit.

  • GEF: Multi-Architecture GDB Enhanced Features for Exploiters & Reverse-Engineers.

  • Hopper: A reverse engineering tool to disassemble/decompile/debug Intel Mac, Linux, Windows & iOS executables.

  • Pysymemu: An Intel 64 symbolic emulator.

  • Decompiler: A decompiler with multiple backend support, written in Python.

  • ArkDasm: 64-bit interactive disassembler for Windows.

  • SM64tools: Collection of tools for manipulating the Super Mario 64 ROM.

  • ViDi: Visual Disassembler for static analysis of PE files.

  • Volatility_plugins: A collection of plugins for the Volatility framework.

  • ThunderGate: An open source toolkit for PCI bus exploration.

  • Visulator: A machine emulator that visualizes how each instruction is processed.

  • Psce4all: PlayStation Console Emulators For All.

  • Pwndbg: A Python plugin of GDB to assist exploit development.

  • IntelliJ IDEA: A Java IDE.

  • Binch: A light ELF binary patch tool in python urwid.

  • Ropchain: X86 systematic ROP payload generation (with API to customize payload).

  • PyOCD: Python library for programming and debugging ARM Cortex-M microcontrollers using CMSIS-DAP.

  • Okita: a set of proof-of-concepts to disassemble binaries to assembly.

  • Angr: A framework for static & dynamic concolic (symbolic) analysis.

  • Shellyzer-Gui: a GUI application that helps to analyze shellcode.

  • Xenia: Xbox 360 Emulator Research Project.

  • CodeReason: Semantic Binary Code Analysis Framework

  • Haka: a toolsuite to capture TCP/IP packets and filtering them based on Lua policy files.

  • Gcov: GNU gcov like tool.

  • Anticuckoo: A tool to detect and crash Cuckoo Sandbox.

  • EmilPRO: Graphical disassembler for a large number of instruction sets.

  • NextGen: A Genetic File, Sycall and Network Fuzzer for Unix systems.

  • Imatinib: Instrumentation tool that uses the only inline patch hooking.

  • PolyHook: X86/X64 hooking library.

  • Harpoon: Lightweight runtime hooking library for OS X.

  • fcd: A LLVM-based native program decompiler

  • MemoryPatchDetector: Detects code differentials between executables in disk and processes/modules in memory.

  • Mpesm: Indentify the compiler/packer/cryptor of PE files.

  • Silicon-disassembler: A high-performance, asynchronous web-component disassembler.

  • peCloakCapstone: A tool to encoder Windows PE files to bypass AntiVirus detection.

  • Reko: A multi-architecture decompiler.

  • Usercon: User-space system emulator.

  • Lyn: Python binding for GNU lighning.

  • Edb: A cross platform x86/x86-64 debugger.

  • Unicorn-decoder: A shellcode decoder that can dump self-modifying-code.

  • Hekate: Winsock inspection/filtering/modifying.

  • Capstone.js-bookmarklet: Disassemble from webpage with bookmarklet.

  • Qiew: Hex/File format viewer.

  • ProDBG: A debugger supports a variety of targets and operating systems.

  • Pageant_xkeys: Extract unencrypted SSH keys from Pageant memory dump.

  • Crumble: A cross-platform commandline tool to disassemble PE files.

  • Trap-syscalls: Library for in-process tracing and/or hooking of system calls.

  • Thunderstrike: EFI bootkits for Apple MacBooks.

  • rr-dataflow: A GDB plugin to trace back to the origin of data in Mozilla's rr.

  • ropnroll: OSX exploitation helper library.

  • StfuSIP: System Integrity Protection (SIP) bypass for OSX 10.11.1.

  • DirectX9Hook: Runtime DirectX9 Hooking.

  • fREedom: Extracting disassembly information from executables for Binnavi.

  • Trap-syscalls: Library for in-process tracing/hooking of system calls (on Linux/x86-64)

  • PyAna: Analyzing Windows shellcode.

  • CapFunc: IDA Python Script that Disassembles Functions with Capstone.

  • MyROP: ROP tool for ARM.

  • hsdecomp: A decompiler for GHC-compiled Haskell.

  • WWCD: What Would Capstone Decode - IDA plugin implementing a Capstone powered IDA view.

  • PythonForWindows: codebase to make it easier to work with Windows & native execution.

  • MacDBG: Simple easy to use C & Python debugging framework for Mac OS X.

  • VxPwn: A fuzzer for VxWorks.

  • CHDK: Canon Hack Development Kit.

  • Triton: Dynamic binary analysis framework.

  • Shellsploit: New generation exploit development kit.

  • ADBI: Android Dynamic Binary Instrumentation tool for tracing Android native layer.

  • Redress-Disassembler: Cross platform binary disassembler written in Java.

  • TraceGrind: Execution tracing module for Valgrind.

  • AppleALC: Native OS X HD audio for unofficially-supported codecs.

  • ArmRoper: ARM ROP chain gaget searcher.

  • EhTrace: A tool for tracing execution of binaries on Windows.

  • Ded: MSDOS executable disassembler.

  • Eli.Decode: Decode obfuscated shellcodes.

  • Awasm: An AIMGP (Automatic Induction of Machine code by Genetic Programming) engine.

  • Voltron: A hacky debugger UI for hackers.

  • fence_counter: QSIM based fence counter.

  • Lisa.py: An Exploit Dev Swiss Army Knife.

  • DdiMon: Monitoring and controlling kernel API calls with stealth breakpoint using EPT.

  • UniHook: Intercept arbitrary functions at run-time, without knowing their typedefs.

  • Redream: SEGA Dreamcast emulator.

  • Erebus: A reverse engineering tool suite for Linux.

  • Avery: x86-64 kernel in Rust.

  • Pyflirt: Map file generator for Intel X86 binary based on FLIRT signature.

  • dispatch: Programmatic disassembly and patching.

  • cypher: Simple tool to automate adding shellcode to PE files.

  • Cemu: Cheap EMUlator based on Keystone and Unicorn engines.

  • ROPMEMU: Analyze ROP-based exploitation.

  • AssemblyBot: Telegram bot for assembling and disassembling on-the-go.

  • Demovfuscator: Deobfuscator for movfuscated binaries.

  • Ropf: Gadget displacement on top of IPR (In-Place Randomization) against Code Reuse Attack.

  • Cardinal: Similarity Analysis to Defeat Malware Compiler Variations.

  • dynStruct: Reverse engineering tool for structure recovering and memory usage analysis based on DynamoRIO.

  • iokit-dumper-arm64: Statically reconstructing the IOKit classes hierarchy from iOS kernelcache dumps.

  • Spedi: Speculative disassembly, CFG recovery, and call-graph recovery from stripped binaries.

  • Dash: A simple web based tool for working with assembly language.

  • Qsim: Full system emulator front-end to a multi-core timing model.

  • Windows_Debugger: A simple Windows x86-32 debugger.

  • MongoDB disasm: Interactive Disassembler with GUI (Web-based).

  • WTFJH: iOS Security Runtime Inspection.

  • Xenpwn: A toolkit for memory access tracing using hardware-assisted virtualization.

  • Resonance: A C polymorphic and metamorphic engine.

  • Rebours: A framework for control-flow recovery in binary programs.

  • Patchkit: A powerful binary patching toolkit.

  • CFFCapstone: Assembler extension to CFF Explorer.

  • FirmInsight: Automatic collect firmwares from internet and extract info.

  • UniAna: Analysis PE file or Shellcode (Only Windows x86).

  • pymetamorph: Metamorphic engine in Python for Windows executables.

  • WCC: The Witchcraft Compiler Collection.

  • Patcherex: Shellphish's automated patching engine, originally created for the Cyber Grand Challenge.

  • Cgrex: Targeted patcher for CGC binaries - using in the Cyber Grand Challenge.

  • C-flat: Control Flow Attestation for Embedded Systems Software.

  • W-SWFIT: x64 Windows Software Fault Injection Tool.

  • DynInst Tools: Tools built using Dyninst or Dyninst component libraries.

  • PeiBackdoor: PEI stage backdoor for UEFI compatible firmware.

  • CaptainHook: x86/x64 hook environment.

  • Ropstone: A basic ROP/gadget finder.

  • Labeless: Labels/Comments synchronization between IDA PRO and debugger backend (OllyDbg, x64dbg).

  • KlareDbg: Kernel debugger using Timeless Debugging method.

  • Ponce: IDA Pro-based symbolic execution & taint anlysis engine.

  • Relyze: Interactive Software Analysis.

  • Shellsploit-library: Exploit development library for python users.

  • asm_buddy: Small script to assemble/disassemble from CLI.

  • Rgat: Instruction trace visualisation tool for dynamic program analysis.

  • Shellbug: Basic command-line, text-based, shellcode debugger.

  • Cheat Happens: CoSMOS Memory Scanner and Gamehacking Tool.

  • SimpleDpack: Windows PE packer.

  • EasyROP: A Python tool to generate ROP chains.

  • Nemezisv3: A GUI tool to convert hex-string to assembly and vice versa.

  • Stoneb0t: IRC bot providing assemble / disassemble for various architectures.

  • Rop-chainer: Generates return-oriented exploits for ELF binaries.

  • Wdbdbg: Python WDB RPC monitor for X86 targets on VxWorks 5.x/6.x.

  • kHypervisor: Light-weight nested Virtual Machine Monitor for Windows x64.

  • RePEconstruct: Automatically unpacking a Windows binary & rebuild its import address table.

  • DirEngine: Disassembly Intermediate Representation Engine.

  • Wag: WebAssembly compiler implemented in Go.

  • Fuzzemu: Instruction emulator for the Cortex-M3 ARM.

  • IDASec: IDA plugin for reverse-engineering and dynamic interactions with the Binsec platform.

  • Satt: Software Analyze Trace using Intel Processor Trace.

  • PShape: Practical Support for Half-Automated Program Exploitation.

  • PowerShell Suite: A collection of PowerShell utilities.

  • Nougat: ART-Extension for Android Nougat.

  • instruction_set_research: Analyse the instruction set distribution on malicicous PE files.

  • VulcanoIO: Open Source Cluster IOTs for Reverse Engineering Malware.

  • Proctal: Manipulates the address space of a running program on Linux.

  • Lazy Office Analyzer: Analyze Microsoft Office docs.


In addition, Capstone is available in the following Operating System distributions (listed in no particular order)

  • Gentoo: Gentoo Linux distribution.

  • Fedora: Fedora Linux distribution.

  • Arch: Arch Linux distribution.

  • Ubuntu: Ubuntu Linux distribution.

  • Debian: Debian Linux distribution.

  • OpenBSD: Security-oriented, multi-platform 4.4BSD-based UNIX-like operating system.

  • FreeBSD: Free Unix-like operating system descended from AT&T Unix via BSDS.

  • NetBSD: Free, fast, secure, and highly portable Unix-like Open Source operating system.

  • Pentoo: Gentoo-based Linux distribution for pentesters.

  • Kali Linux: Rebirth BackTrack, the Penetration testing distribution.

  • BlackArch: Arch-based GNU/Linux distribution for pentesters and security researchers.

  • NixOS: The Purely Functional Linux Distribution.

  • ArchAssault : A fully customizable pentest distribution done the Arch Linux way.

  • DragonFly BSD: Free Unix-like operating system.

  • NetHunter: Android penetration testing platform for Nexus devices.

  • Void Linux: A Linux distro based on the xbps packaging system.

  • REMnux: A Linux Toolkit for Reverse-Engineering and Analyzing Malware.


반응형

'Life > open source' 카테고리의 다른 글

Brutal - v1.0 Codename : Reaper  (0) 2016.11.24
ctf hackers toolbox  (0) 2016.11.24
x64dbg  (0) 2016.11.24
Zomato-Crawler  (0) 2016.11.24
crawler  (0) 2016.11.24

관련글

티스토리툴바