Python arsenal for RE

Main menu

Home
Feedback
About

static analysis

A

Amoco

×

Amoco

Author(s)	Axel Tillequin
Site project	https://github.com/bdcht/amoco
Tag(s)	static analysis, disassembler, SMT
License	GNU GPL v2
Python versions	2.x
Platforms	win/lin
Processors (Architecture)	x86/ARM
Description	Amoco is a python package dedicated to the (static) analysis of binaries. It features: - a generic framework for decoding instructions, developed to reduce the time needed to implement support for new architectures. - a symbolic algebra module which allows to describe the semantics of every instructions and compute a functional representation of instruction blocks. - a generic execution model wich provides an abstract memory model to deal with concrete or symbolic values transparently, and other system-dependent features. - various classes implementing usual disassembly techniques like linear sweep, recursive traversal, or more elaborated techniques like path-predicate which relies on SAT/SMT solvers to proceed with discovering the control flow graph or even to implement techniques like DARE (Directed Automated Random Exploration). - various generic "helpers" and arch-dependent pretty printers to allow custom look-and-feel configurations (think AT&T vs. Intel syntax, absolute vs. relative offsets, decimal or hex immediates, etc).
Tools	AmocoPlugin look_for_gadgets_with_equations.py
Useful links	???

B

BAP

×

BAP

Author(s)	https://github.com/BinaryAnalysisPlatform
Site project	https://github.com/BinaryAnalysisPlatform/bap
Tag(s)	static analysis, intermediate language, binding
License	???
Python versions	2.x
Platforms	lin
Processors (Architecture)	x86/ARM
Base project	BAP
Description	BAP is a platform for binary analysis. It is written in OCaml, but can be used from other languages. After BAP and python bindings are properly installed.
Tools	QIRA
Useful links	???

D

Disass

×

Disass

Author(s)	Ivan Fontarensky
Site project	http://bitbucket.cassidiancybersecurity.com/disass
Tag(s)	static analysis
License	GNU GPL v3
Python versions	2.x
Platforms	win
Processors (Architecture)	???
Description	Disass is a binary analysis framework written in Python to ease the automation of static malware reverse engineering. The purpose of Disass is to automatically retrieve relevant information in a malware such as the C&C, the user agent, cipher keys, etc.
Tools	???
Useful links	???

P

PyRevEng

×

PyRevEng

Author(s)	Poul-Henning
Site project	https://github.com/bsdphk/PyRevEng
Tag(s)	search in memory, static analysis
License	???
Python versions	3.x
Platforms	???
Processors (Architecture)	???
Description	Software Reverse Engineering toolkit in python.
Tools	???
Useful links	???

P cont.

PyVEX

×

PyVEX

Author(s)	zardus
Site project	https://github.com/zardus/pyvex
Tag(s)	intermediate language, interface, static analysis, binding
License	GNU GPL v3
Python versions	2.x
Platforms	lin
Processors (Architecture)	x86/x64
Base project	Valgrind
Description	Python bindings for Valgrind's VEX IR.
Tools	Angr rop_compiler
Useful links	???

V

Vivisect

×

Vivisect

Author(s)	invisigoth kenshoto (@invisig0th)
Site project	http://visi.kenshoto.com/viki/MainPage https://github.com/vivisect/vivisect
Tag(s)	static analysis, emulator, ELF reader, PE reader
License	???
Python versions	???
Platforms	win/lin/mac
Processors (Architecture)	x86/x64
Description	Vivisect is programatic binary analysis framework. Features: * Simple/fast python API for trying out crazy analysis ideas * Complete emulation pass with annotation * Import emulation to allow emu state tracking * Analysis of Elf/PE/binaryblob formats (Mach-O to come soon) * Support for easy to implement and batch run analysis module interface * Support for more than one binary file loaded in one workspace * Colaborative real-time client/server mode * Reasonably decent GUI (mostly for viewing) results * Support for running on windows/linux/mac * Windows symbol server support (when run on win32) * Bulk analysis mode which goes nice and fast (w/o GUI)
Tools	SocketSniff Nightmare FLOSS flare-dbg
Useful links	Visipedia Examples