Dynamic code analyzers

Tools

angr (binary analysis framework)

binary analysis, malware analysis

Tools like angr are great for performing in-depth analysis of binaries. This could be the analysis of an unknown binary, like a collected malware sample.

BAP (binary analysis toolkit)

binary analysis, malware analysis

The main purpose of BAP is to provide a toolkit for program analysis. This platform comes as a complete package with a set of tools, libraries, and related plugins. There are bindings available for C, Python, and Rust.

Frida (reverse engineering tool)

black-box testing, reverse engineering

Frida allows developers and researchers to inject custom scripts into black box processes. This way it can provide a hook into any function, allowing to trace executed instructions. The source code is not needed. Frida even allows direct manipulation and see the results. The tool comes with bindings for different programming languages, allowing to interact with processes. Example of the bindings that Frida provides include Python, Swift, .NET, Qt/Qml, and C API.

Manticore (dynamic binary analysis tool)

binary analysis, malware analysis, reverse engineering

Manticore is a so-called symbolic execution tool to perform a binary analysis. It supports Linux ELF binaries and Ethereum smart contracts. The tool helps with researching binaries and their behavior. This might be useful to learn how malware works and troubleshooting.

pyelftools (ELF parsing toolkit)

binary analysis, malware analysis

This toolkit is used by other software, or standalone. Its main purpose is to parse binary ELF files and DWARF debugging information. This can be useful during malware analysis or troubleshooting issues with programs.

Missing a favorite tool in this list? Share a tool suggestion and we will review it.