Binary analysis tools

Image displaying binary zeroes and ones as part of binary analysis

Introduction

The best way to understand how a program works is by performing research on its internals. These are the tools to help you with binary analysis of programs and malware.

Binary analysis is a specialization that requires technical knowledge, patience, and especially the right tools. It is also known as reverse engineering and continues to be in demand by security firms. Reverse engineering is definitely a valuable skill to have or obtain. Typically it is used to investigate malware and during digital forensics.

During our reviews, we came across many open source projects. Most of these projects are not just limited to the analysis of binaries, but can also be used to reverse engineer systems and firmware. It is safe to say that there is not a single tool that will perform all activities required during analysis. So instead of picking one, it is worth investigating all options. As always, some projects are a safe pick, as they are popular and often requested in professional experience. Radare2 is a good example of such tool that can be found in the toolbox of the professional reverse engineers.

Usage

Binary analysis tools are typically used for binary analysis, malware analysis, reverse engineering.

Users for these tools include malware analysts, security professionals.

Tools

Binary analysis tools
ToolTypeDescriptionLatest releaseRelease dateScore
BAPBinary analysis toolkitBAP is the abbreviation for Binary Analysis Platform, a toolkit created by the Carnegie Mellon University. It helps with reverse engineering and program analysis. As it focuses on the analysis of binaries, it does not require the source code. Supported hardware architectures include ARM, x86, x86-64, PowerPC, and MIPS.1.4.0March 1, 201884
Binary Analysis Next GenerationFramework for binary analysisBinary Analysis Next Generation (BANG) or binaryanalysis-ng is a security tool to perform binary analysis by Armijn Hemel. Learn how the tool works.UnknownUnknown64
CutterQt and C++ graphical user interface for radare2Cutter is a graphical user interface for radare2, the reverse engineering framework. It focuses on those who are not familiar enough with radare2, or rather have a graphical interface instead of the command-line interface that radare2 provides.1.6July 14, 201889
LIEFLibrary for analysis of executable formatsLIEF is a library to analyze executable formats like ELF, MachO, and PE. It can be used during reverse engineering, binary analysis, and malware research.0.9.0June 10, 201897
ManticoreDynamic binary analysis toolManticore is a binary analysis tool. It uses dynamic analysis, meaning parts of the binary will be executed and tested.0.1.10June 23, 201885
PEDAPython Exploit Development Assistance for GDBPEDA is an extension for GDB (GNU DeBugger) to help with the development of exploit code. It can be used by reverse engineers and pentesters.1.1June 3, 201664
pyelftoolsELF parsing toolkitPyelftools is a Python library to parse ELF files and DWARF debugging information. It can be useful to perform dynamic binary analysis on files.0.24Aug. 5, 201660
PyREBoxPython scriptable Reverse Engineering SandboxLooking for a way to perform reverse engineering or dynamic analysis? PyREBox is an instrumentation tool for virtual machines. Learn how it works and its benefits.UnknownUnknown78
r2fridaBridge between Radare2 and FridaThe r2frida project combines the best of both worlds from Radare2 and Frida. Where Radare2 focuses on static analysis of binaries and files, Frida will target running processes. This project combines the powers of both.2.6.0June 7, 201889
radare2Reverse engineering tool and binary analysisRadare2 is a tool to perform reverse engineering on files of all types. It can be used to analyze malware, firmware, or any other type of binary files.2.7.0July 9, 201897

Other related category: Linux reverse engineering tools