r2frida alternatives

Looking for an alternative tool to replace r2frida? During the review of r2frida we looked at other open source tools. Based on their category, tags, and text, these are the ones that have the best match.

Top 3

  1. radare2 (reverse engineering tool and binary analysis)
  2. PyREBox (Python scriptable Reverse Engineering Sandbox)
  3. Cutter (graphical user interface for radare2)

These tools are ranked as the best alternatives to r2frida.

Alternatives (by score)

85

radare2

Introduction

Radare2 is a popular framework to perform reverse engineering on many different file types. It can be used to analyze malware, firmware, or any other type of binary files. Besides reverse engineering, it can be used for forensics on filesystems and do data carving. Tasks can be scripted and support languages like JavaScript, Go, and Python. Even software exploitation is one of the functions it can be used in.

Project details

radare2 is written in C.

Strengths and weaknesses

  • + More than 500 contributors
  • + More than 8000 GitHub stars
  • + Many releases available
  • + The source code of this software is available

    Typical usage

    • Digital forensics
    • Reverse engineering
    • Software exploitation
    • Troubleshooting

    radare2 review

    78

    PyREBox

    Introduction

    PyREBox is short for Python scriptable Reverse Engineering Sandbox. It provides dynamic analysis and debugging capabilities of a running QEMU virtual machine. The primary usage is the analysis of running processes to perform reverse engineering. PyREBox can change parts of the running system by changing data in memory or within processor registers.

    Project details

    PyREBox is written in C++, Python.

    Strengths and weaknesses

    • + The source code of this software is available

      Typical usage

      • Binary analysis
      • Malware analysis
      • Reverse engineering

      PyREBox review

      64

      Cutter

      Introduction

      Cutter is a graphical user interface for radare2, the well-known reverse engineering framework. It focuses on those who are not familiar enough with radare2, or rather have a graphical interface instead of the command-line interface that radare2 provides.

      Project details

      Cutter is written in C++, Qt.

      Strengths and weaknesses

      • + More than 50 contributors
      • + More than 3000 GitHub stars
      • + The source code of this software is available

        Typical usage

        • Binary analysis
        • Malware analysis
        • Reverse engineering

        Cutter review

        97

        LIEF

        Introduction

        LIEF is short for Library to Instrument Executable Formats.

        Project details

        LIEF is written in Python.

        Strengths and weaknesses

        • + The source code of this software is available

          Typical usage

          • Binary analysis
          • Malware analysis
          • Reverse engineering

          LIEF review

          74

          MIG (Mozilla InvestiGator)

          Introduction

          MIG provides a platform to perform investigative analysis on remote systems. By using the right queries, information can be obtained from these systems. This all happens in parallel, making intrusion detection, investigation, and follow-up easier.

          Project details

          Strengths and weaknesses

          • + More than 25 contributors
          • + More than 1000 GitHub stars
          • + The source code of this software is available
          • + Supported by a large company

            Typical usage

            • Digital forensics
            • Intrusion detection

            MIG review

            74

            Volatility

            Introduction

            Volatility is a well-known tool to analyze memory dumps. Interesting about this project is that the founders of this project decided to create a foundation around the project. This foundation is an independent 501(c) (3) non-profit organization that maintains and promotes open source memory forensics with The Volatility Framework.

            Project details

            Volatility is written in Python.

            Strengths and weaknesses

            • + More than 2000 GitHub stars
            • + The source code of this software is available
            • + Project is supported by a foundation

              Typical usage

              • Digital forensics

              Volatility review

              100

              Frida

              Introduction

              Frida allows developers and researchers to inject custom scripts into black box processes. This way it can provide a hook into any function, allowing to trace executed instructions. The source code is not needed. Frida even allows direct manipulation and see the results. The tool comes with bindings for different programming languages, allowing to interact with processes. Example of the bindings that Frida provides include Python, Swift, .NET, Qt/Qml, and C API.

              Project details

              Frida is written in C.

              Strengths and weaknesses

              • + More than 10 contributors
              • + More than 2000 GitHub stars
              • + Many releases available
              • + Project is mature (5+ years)
              • + The source code of this software is available

                Typical usage

                • Black-box testing
                • Reverse engineering

                Frida review

                60

                BAP (Binary Analysis Platform)

                Introduction

                The main purpose of BAP is to provide a toolkit for program analysis. This platform comes as a complete package with a set of tools, libraries, and related plugins. There are bindings available for C, Python, and Rust.

                Project details

                BAP is written in OCaml.

                Strengths and weaknesses

                • + More than 25 contributors
                • + More than 500 GitHub stars
                • + The source code of this software is available

                  Typical usage

                  • Binary analysis
                  • Malware analysis

                  BAP review

                  60

                  Manticore

                  Introduction

                  Manticore is a so-called symbolic execution tool to perform a binary analysis. It supports Linux ELF binaries and Ethereum smart contracts. The tool helps with researching binaries and their behavior. This might be useful to learn how malware works and troubleshooting.

                  Project details

                  Manticore is written in Python.

                  Strengths and weaknesses

                  • + More than 25 contributors
                  • + More than 1000 GitHub stars
                  • + The source code of this software is available

                    Typical usage

                    • Binary analysis
                    • Malware analysis
                    • Reverse engineering

                    Manticore review

                    64

                    PEDA

                    Introduction

                    PEDA is an extension for GDB (GNU DeBugger) to help with the development of exploit code. It can be used by reverse engineers and pentesters.

                    Project details

                    PEDA is written in Python.

                    Strengths and weaknesses

                    • + More than 2000 GitHub stars
                    • + The source code of this software is available

                      Typical usage

                      • Debugging
                      • Exploit development
                      • Reverse engineering

                      PEDA review

                      85

                      pyelftools

                      Introduction

                      This toolkit is used by other software, or standalone. Its main purpose is to parse binary ELF files and DWARF debugging information. This can be useful during malware analysis or troubleshooting issues with programs.

                      Project details

                      pyelftools is written in Python.

                      Strengths and weaknesses

                      • + More than 25 contributors
                      • + More than 500 GitHub stars
                      • + The source code of this software is available

                        Typical usage

                        • Binary analysis
                        • Malware analysis

                        pyelftools review

                        64

                        Binary Analysis Next Generation (BANG)

                        Introduction

                        BANG is a framework to unpack files recursively and scan them. The files can be firmware, binaries, or malware. The main goal is to scan all files and perform classification and labeling. This way each file can be further analyzed based on the characteristics.

                        Project details

                        Binary Analysis Next Generation is written in Python.

                        Strengths and weaknesses

                        • + The source code of this software is available
                        • - No releases on GitHub available

                        Typical usage

                        • Binary analysis
                        • Malware analysis
                        • Malware scanning

                        Binary Analysis Next Generation review

                        64

                        Bitscout

                        Introduction

                        Bitscout contains a set of popular tools to acquire and analyze disk images onsite. It saves engineers from traveling to the physical location. In other words, it is providing the option to do remote forensics. The project claims that everything is correctly implemented when it comes to digital forensics. One of these requirements is that no data is altered. For example, the remote security professional can obtain a disk image clone, but not alter the machine state.

                        Project details

                        Bitscout is written in shell script.

                        Strengths and weaknesses

                        • + Used language is shell script
                        • + The source code of this software is available

                          Typical usage

                          • Digital forensics

                          Bitscout review

                          60

                          FIR (Fast Incident Response)

                          Introduction

                          FIR is an incident response tool written in the Django framework. It provides a web interface to deal with the creation and management of security-related incidents.

                          Project details

                          Strengths and weaknesses

                          • + More than 10 contributors
                          • + The source code of this software is available

                            Typical usage

                            • Incident response
                            • Security monitoring

                            FIR review

                            100

                            GRR Rapid Response

                            Introduction

                            The goal of the GRR tooling is to support digital forensics and investigations. By using a fast and scalable model, analysts can quickly perform their analysis. One of the main features is the ability to search for particular information or details. This process is called hunting.

                            Project details

                            GRR Rapid Response is written in Python.

                            Strengths and weaknesses

                            • + More than 25 contributors
                            • + More than 3000 GitHub stars
                            • + The source code of this software is available
                            • + Supported by a large company

                              Typical usage

                              • Digital forensics
                              • Intrusion detection
                              • Threat hunting

                              GRR Rapid Response review

                              84

                              LogonTracer

                              Introduction

                              LogonTracer is a tool to investigate malicious logins from Windows event logs with visualization capabilities.

                              Project details

                              LogonTracer is written in Python.

                              Strengths and weaknesses

                              • + More than 500 contributors
                              • + The source code of this software is available

                                Typical usage

                                • Criminal investigations
                                • Digital forensics
                                • Learning

                                LogonTracer review

                                78

                                Loki

                                Introduction

                                Loki is security tool to find so-called indicators of compromise (IOC). It does this by scanning files and then uses pattern matching.

                                Project details

                                Loki is written in Python.

                                Strengths and weaknesses

                                • + More than 10 contributors
                                • + Commercial support available
                                • + More than 500 GitHub stars
                                • + The source code of this software is available

                                  Typical usage

                                  • Digital forensics
                                  • Intrusion detection
                                  • Security monitoring

                                  Loki review

                                  89

                                  The Sleuth Kit

                                  Introduction

                                  The Sleuth Kit is a forensics tool to analyze volume and file system data on disk images. With its modular design, it can be used to carve out the right data, find evidence, and use it for digital forensics.

                                  Project details

                                  The Sleuth Kit is written in C.

                                  Strengths and weaknesses

                                  • + More than 50 contributors
                                  • + More than 1000 GitHub stars
                                  • + The source code of this software is available
                                  • + Well-known tool

                                    Typical usage

                                    • Criminal investigations
                                    • Digital forensics
                                    • File system analysis

                                    The Sleuth Kit review

                                    64

                                    dfis (Digital Forensic Investigative Scripts)

                                    Introduction

                                    This toolkit of scripts are made by Hal to help in forensic assignments. They make several parts of the job easier, like converting data to another format for further processing.

                                    Project details

                                    dfis is written in Perl.

                                    Strengths and weaknesses

                                    • + The source code of this software is available
                                    • + Well-known author
                                    • - No updates for a while

                                    Typical usage

                                    • Digital forensics

                                    dfis review

                                    60

                                    libewf

                                    Introduction

                                    The libewf toolkit is useful for those who need to create a disk image or perform disk forensics.

                                    Project details

                                    libewf is written in C.

                                    Strengths and weaknesses

                                    • + The source code of this software is available

                                      Typical usage

                                      • Digital forensics

                                      libewf review

                                      60

                                      shellbags

                                      Introduction

                                      Typically this tool will be used to gather information from a compromised system or to track traces from a system to find evidence. Shellbags can provide some insight on browsed directories on the system via Explorer on Microsoft Windows systems.

                                      Project details

                                      shellbags is written in Python.

                                      Strengths and weaknesses

                                      • + The source code of this software is available

                                        Typical usage

                                        • Digital forensics

                                        shellbags review

                                        60

                                        Jackhammer

                                        Introduction

                                        The tool uses RBAC (Role Based Access Control) with different levels of access. Jackhammer uses several tools to do dynamic and static code analysis (e.g. for Java, Ruby, Python, and Nodejs). It checks also for vulnerabilities in libraries. Due to its modular architecture, it can use several scanners out of the box, with options to add your own.

                                        The Jackhammer project was initially added to GitHub on the 8th of May, 2017.

                                        Project details

                                        Jackhammer is written in Ruby.

                                        Strengths and weaknesses

                                        • + The source code of this software is available

                                          Typical usage

                                          • Collaboration
                                          • Information sharing

                                          Jackhammer review

                                          93

                                          angr

                                          Introduction

                                          Tools like angr are great for performing in-depth analysis of binaries. This could be the analysis of an unknown binary, like a collected malware sample.

                                          Project details

                                          angr is written in Python.

                                          Strengths and weaknesses

                                          • + More than 50 contributors
                                          • + More than 1000 GitHub stars
                                          • + The source code of this software is available

                                            Typical usage

                                            • Binary analysis
                                            • Malware analysis

                                            angr review

                                            52

                                            bingrep

                                            Introduction

                                            Searches through binaries and highlights the most important areas with colors.

                                            Supported binary formats:

                                            • ELF 32/64, arm, x86, openrisc
                                            • Mach 32/64, arm, x86
                                            • PE

                                            Project details

                                            60

                                            elf2json

                                            Introduction

                                            The elf2json converts an ELF binary into JSON output and helping with reverse engineering and malware analysis.

                                            Project details

                                            Some relevant tool missing as an alternative to r2frida? Please contact us with your suggestion.