Xupeng Yun

https://github.com/xupeng/apkjet

apktool

apkjet is a python wrap of the apktool to make it easier to do apk reverse engineering in a automated way.

???

???

Falaina (falaina@falaina.net)

https://github.com/Falaina/AsmJit-Python

AsmJit

Simple Python wrapper for AsmJit using SWIG.
AsmJit has a high-level code generation classes which can be used as a portable way to create JIT code.

???

???

Mario Vilas (@Mario_Vilas)

http://pypi.python.org/pypi/BeaEnginePython/

BeaEngine (http://www.beaengine.org/)

BeaEngine disassembler bindings for Python.

RopMount
simple-x86-decompiler

Installers for BeaEnginePython, Pymsasid and PyDasm

SkyLined

https://github.com/SkyLined/BugId

BugId is a python script that runs an application in cdb.exe, a command-line debugger that is part of Microsoft's Debugging Tools for Windows. It interacts with cdb.exe to detect any potential bugs in the application, and analyzes them. When a bug is detected, detailed information is collected and an id is generated that should be unique and consistent for that particular bug. In other words, if you run the same application twice and trigger the same bug, the bug id should be the same.

The bug id can be useful when trying to determine whether two crashes have the same bug as their root cause. It is used in automated fuzzing frameworks to allow "bucketizing" crashes to skip known bugs and focus on bugs that have not been found before.

A human-readable report containing information collected about the bug is available in HTML format, for use when manually analyzing bugs. The code attempts to determine the security risk of the bug it detected, so even novice users may be able to determine whether or not a particular bug is likely to be a security vulnerability.

BugId can be used as a command-line utility through BugId.py and integrated into your own Python project using cBugId.py.

???

???

Thomas Heller

http://sourceforge.net/projects/ctypes/ (In Python 2.5 it is already included)

ctypes is a Python module allowing to create and manipulate C data types in Python. These can then be passed to C-functions loaded from dynamic link libraries.

PyMem, WinAppDBG

official documentation
presentation "Using Cython to optimize Python and interface with C"
"API Hooking in Python"

Samuel Chevet

Clement Rouault

https://github.com/sogeti-esec-lab/LKD

Local Kernel Debugger (LKD) is a python wrapper around dbgengine.dll

???

Slides

???

http://www.llvmpy.org/

LLVM

llvmpy is a Python wrapper around the llvm C++ library which allows simple access to compiler tools. It can be used for a lot of things, but here are some ideas:
- dynamically create LLVM IR for linking with LLVM IR produced by CLANG or dragonegg
- build machine code dynamically using LLVM execution engine
- use together with PLY or other tokenizer and parser to write a complete compiler in Python

Bitey

???

Assaf Nativ

https://github.com/assafnativ/NativDebugging

Debugging tools wrapped in Python enviourment.

???

???

???

https://github.com/cantora/py-eresi

ERESI

Python bindings for the eresi library.
The ERESI Reverse Engineering Software Interface is a multi-architecture binary analysis framework with a domain-specific language tailored to reverse engineering and program manipulation.

???

???

Doug Shikashio

https://github.com/dshikashio/Pybag

CPython module for Windbg's dbgeng plus additional wrappers. Pybag combines MS DebugEngine bindings with additional helper functions for a powerful Windows debugging module.

???

???

Sebastian Muniz ‏(@_topo)

Fernando Russ

https://github.com/Groundworkstech/pybfd

A Python interface to the GNU Binary File Descriptor (BFD) library.
It's a complete (or at least tries to be) wrapper around the low level functionality provided by GNU Binutils libopcodes and libbfd. This allows the user to manipulate all the supported architectures and file formats that Binutils tools does.

Reimplementation of objdump in python
BARF

???

Francois Lalande

Francois-Xavier Oxeda

Edouard Fajnzilberg

Kevin Szkudlapski

https://github.com/wisk/medusa

Medusa (http://eip.epitech.eu/2012/medusa/)

Medusa is an interractive disassembler available on multiple operating systems (MS Windows, GNU/Linux, *BSD, etc). It is a free software. Medusa permit to convert machine code into human readable entities, to apply heuristics in order to improve code clearness and to handle these heuristics to apply its own code analysis. Its modular design permit to handle
different executable file formats (PE, ELF, RAW, etc) and different architectures (Intel, ARM, etc) by the means of plugins. Differents views are usable in the graphical user interface. The views permit to see the character strings in the executable file, the list of imported and exported functions, etc. One example of a view, the control flow graph, allows for better viewing of the different parts of the execution flow and therefore to undertand more quickly the internal mechanism of the executable file.

???

How to emulate executable with Medusa and python (part 0)

Antonio Cuni

https://bitbucket.org/antocuni/pygdb2/

Gdb

pygdb2 is a python module which allows you to send commands to the underlying gdb process. For example, it can be used to automatically and programmatically add breakpoints and watchpoints.

???

???

Georg Wicherski (@ochsff): http://code.mwcollect.org/projects/pylibscizzle

http://code.mwcollect.org/projects/pylibscizzle

libscizzle

Identification of possible getpc sequences, bruteforce possible starting location around sequence, use efficient sandbox. Disassemble guest code, execute one basic blocks, emulate all other instructions, exception.

???

Efficient Bytecode Analysis: Linespeed Shellcode Detection
Shellcode Detection Using Python

Fabien Reboia (srounet@gmail.com)

https://github.com/srounet/Pymem

Pymem is a memory wrapper built on top of python ctypes and windll imports to facilitate process memory access in Read or Write. It has functionalities such as Opening a process in debug mode, hijacking threads, listing process modules and much more.

???

code example

AmrThabet

https://github.com/AmrThabet/pySRDF

The Security Research and Development Framework

This Project is a the python implementation for The Security Research and Development Framework
This Project includes:
1. PE Parser
2. Process analyzer, DLL Injector
3. Debugger
4. x86 Emulator for binary files and shellcodes

???

Examples

Victor Stinner (@victor_stinner)

http://pypi.python.org/pypi/python-ptrace

python-ptrace is a debugger using ptrace (Linux, BSD and Darwin system call to trace processes) written in Python.

Fuzil

wiki

hakril

https://github.com/hakril/PythonForWindows

PythonForWindows is a base of code aimed to make interaction with Windows (on X86/X64) easier (for both 32 and 64 bits Python). Its goal is to offer abstractions around some of the OS features in a (I hope) pythonic way. It also tries to make the barrier between python and native execution thinner in both ways. There is no external dependencies but it relies heavily on the ctypes module.

???

PythonForWindows’s documentation
Samples
Samples online

Bryan Payne

https://code.google.com/p/vmitools

LibVMI

LibVMI is an introspection library focused on reading and writing memory from virtual machines (VMs). For convienence, LibVMI also provides functions for accessing CPU registers, pausing and unpausing a VM, printing binary data, and more. LibVMI is designed to work across multiple virtualization platforms. LibVMI currently supports VMs running in either Xen or KVM. LibVMI also supports reading physical memory snapshots when saved as a file.

???

???

Doug Shikashio

https://github.com/dshikashio/pywindbg

Pywindbg is a Windbg extension that embeds a Python interpreter into the Windbg console. Currently does not interact with the debugging session. Requires dbgeng bindings available separately.

???

???

x64dbg

https://github.com/x64dbg/x64dbg-python

Automating x64dbg using Python.

???

???