Binary analysis tools
The best way to understand how a program works is by performing research on its internals. These are the tools to help you with binary analysis of programs and malware.
Binary analysis is a specialization that requires technical knowledge, patience, and especially the right tools. It is also known as reverse engineering and continues to be in demand by security firms. Reverse engineering is definitely a valuable skill to have or obtain. Typically it is used to investigate malware and during digital forensics.
During our reviews, we came across many open source projects. Most of these projects are not just limited to the analysis of binaries, but can also be used to reverse engineer systems and firmware. It is safe to say that there is not a single tool that will perform all activities required during analysis. So instead of picking one, it is worth investigating all options. As always, some projects are a safe pick, as they are popular and often requested in professional experience. Radare2 is a good example of such tool that can be found in the toolbox of the professional reverse engineers.
Binary analysis tools are typically used for binary analysis, malware analysis, reverse engineering.
Users for these tools include malware analysts, security professionals.
|Tool||Type||Description||Latest release||Release date||Score|
|BAP||Binary analysis toolkit||BAP is the abbreviation for Binary Analysis Platform, a toolkit created by the Carnegie Mellon University. It helps with reverse engineering and program analysis. As it focuses on the analysis of binaries, it does not require the source code. Supported hardware architectures include ARM, x86, x86-64, PowerPC, and MIPS.||1.4.0||March 1, 2018||84|
|Binary Analysis Next Generation||Framework for binary analysis||Binary Analysis Next Generation (BANG) or binaryanalysis-ng is a security tool to perform binary analysis by Armijn Hemel. Learn how the tool works.||Unknown||Unknown||64|
|Cutter||Qt and C++ graphical user interface for radare2||Cutter is a graphical user interface for radare2, the reverse engineering framework. It focuses on those who are not familiar enough with radare2, or rather have a graphical interface instead of the command-line interface that radare2 provides.||1.6||July 14, 2018||89|
|LIEF||Library for analysis of executable formats||LIEF is a library to analyze executable formats like ELF, MachO, and PE. It can be used during reverse engineering, binary analysis, and malware research.||0.9.0||June 10, 2018||97|
|Manticore||Dynamic binary analysis tool||Manticore is a binary analysis tool. It uses dynamic analysis, meaning parts of the binary will be executed and tested.||0.1.10||June 23, 2018||85|
|PEDA||Python Exploit Development Assistance for GDB||PEDA is an extension for GDB (GNU DeBugger) to help with the development of exploit code. It can be used by reverse engineers and pentesters.||1.1||June 3, 2016||64|
|pyelftools||ELF parsing toolkit||Pyelftools is a Python library to parse ELF files and DWARF debugging information. It can be useful to perform dynamic binary analysis on files.||0.24||Aug. 5, 2016||60|
|PyREBox||Python scriptable Reverse Engineering Sandbox||Looking for a way to perform reverse engineering or dynamic analysis? PyREBox is an instrumentation tool for virtual machines. Learn how it works and its benefits.||Unknown||Unknown||78|
|r2frida||Bridge between Radare2 and Frida||The r2frida project combines the best of both worlds from Radare2 and Frida. Where Radare2 focuses on static analysis of binaries and files, Frida will target running processes. This project combines the powers of both.||2.6.0||June 7, 2018||89|
|radare2||Reverse engineering tool and binary analysis||Radare2 is a tool to perform reverse engineering on files of all types. It can be used to analyze malware, firmware, or any other type of binary files.||2.7.0||July 9, 2018||97|
Other related category: Linux reverse engineering tools