radare2 alternatives

Looking for an alternative tool to replace radare2? During the review of radare2 we looked at other open source tools. Based on their category, tags, and text, these are the ones that have the best match.

Top 3

  1. Cutter (graphical user interface for radare2)
  2. LIEF (library for analysis of executable formats)
  3. PyREBox (Python scriptable Reverse Engineering Sandbox)

These tools are ranked as the best alternatives to radare2.

Alternatives (by score)

89

Cutter

Introduction

Cutter is a graphical user interface for radare2, the well-known reverse engineering framework. It focuses on those who are not familiar enough with radare2, or rather have a graphical interface instead of the command-line interface that radare2 provides.

Project details

Cutter is written in C++, Qt.

Strengths and weaknesses

  • + More than 50 contributors
  • + More than 3000 GitHub stars
  • + The source code of this software is available

    Typical usage

    • Binary analysis
    • Malware analysis
    • Reverse engineering

    Cutter review

    89

    LIEF

    Introduction

    LIEF is short for Library to Instrument Executable Formats.

    Project details

    LIEF is written in Python.

    Strengths and weaknesses

    • + The source code of this software is available

      Typical usage

      • Binary analysis
      • Malware analysis
      • Reverse engineering

      LIEF review

      78

      PyREBox

      Introduction

      PyREBox is short for Python scriptable Reverse Engineering Sandbox. It provides dynamic analysis and debugging capabilities of a running QEMU virtual machine. The primary usage is the analysis of running processes to perform reverse engineering. PyREBox can change parts of the running system by changing data in memory or within processor registers.

      Project details

      PyREBox is written in C++, Python.

      Strengths and weaknesses

      • + The source code of this software is available

        Typical usage

        • Binary analysis
        • Malware analysis
        • Reverse engineering

        PyREBox review

        89

        r2frida

        Introduction

        Both Radare2 and Frida have their own area of expertise. This project combines both, to allow a more extensive analysis of files and processes.

        Project details

        r2frida is written in C, JavaScript.

        Strengths and weaknesses

        • + The source code of this software is available

          Typical usage

          • Application testing
          • Binary analysis
          • Memory analysis

          r2frida review

          64

          Binary Analysis Next Generation (BANG)

          Introduction

          BANG is a framework to unpack files recursively and scan them. The files can be firmware, binaries, or malware. The main goal is to scan all files and perform classification and labeling. This way each file can be further analyzed based on the characteristics.

          Project details

          Binary Analysis Next Generation is written in Python.

          Strengths and weaknesses

          • + The source code of this software is available
          • - No releases on GitHub available

          Typical usage

          • Binary analysis
          • Malware analysis
          • Malware scanning

          Binary Analysis Next Generation review

          64

          PEDA

          Introduction

          PEDA is an extension for GDB (GNU DeBugger) to help with the development of exploit code. It can be used by reverse engineers and pentesters.

          Project details

          PEDA is written in Python.

          Strengths and weaknesses

          • + More than 2000 GitHub stars
          • + The source code of this software is available

            Typical usage

            • Debugging
            • Exploit development
            • Reverse engineering

            PEDA review

            97

            The Sleuth Kit

            Introduction

            The Sleuth Kit is a forensics tool to analyze volume and file system data on disk images. With its modular design, it can be used to carve out the right data, find evidence, and use it for digital forensics.

            Project details

            The Sleuth Kit is written in C.

            Strengths and weaknesses

            • + More than 50 contributors
            • + More than 1000 GitHub stars
            • + The source code of this software is available
            • + Well-known tool

              Typical usage

              • Criminal investigations
              • Digital forensics
              • File system analysis

              The Sleuth Kit review

              85

              Manticore

              Introduction

              Manticore is a so-called symbolic execution tool to perform a binary analysis. It supports Linux ELF binaries and Ethereum smart contracts. The tool helps with researching binaries and their behavior. This might be useful to learn how malware works and troubleshooting.

              Project details

              Manticore is written in Python.

              Strengths and weaknesses

              • + More than 25 contributors
              • + More than 1000 GitHub stars
              • + The source code of this software is available

                Typical usage

                • Binary analysis
                • Malware analysis
                • Reverse engineering

                Manticore review

                64

                Bitscout

                Introduction

                Bitscout contains a set of popular tools to acquire and analyze disk images onsite. It saves engineers from traveling to the physical location. In other words, it is providing the option to do remote forensics. The project claims that everything is correctly implemented when it comes to digital forensics. One of these requirements is that no data is altered. For example, the remote security professional can obtain a disk image clone, but not alter the machine state.

                Project details

                Bitscout is written in shell script.

                Strengths and weaknesses

                • + Used language is shell script
                • + The source code of this software is available

                  Typical usage

                  • Digital forensics

                  Bitscout review

                  74

                  MIG (Mozilla InvestiGator)

                  Introduction

                  MIG provides a platform to perform investigative analysis on remote systems. By using the right queries, information can be obtained from these systems. This all happens in parallel, making intrusion detection, investigation, and follow-up easier.

                  Project details

                  Strengths and weaknesses

                  • + More than 25 contributors
                  • + More than 1000 GitHub stars
                  • + The source code of this software is available
                  • + Supported by a large company

                    Typical usage

                    • Digital forensics
                    • Intrusion detection

                    MIG review

                    85

                    BAP (Binary Analysis Platform)

                    Introduction

                    The main purpose of BAP is to provide a toolkit for program analysis. This platform comes as a complete package with a set of tools, libraries, and related plugins. There are bindings available for C, Python, and Rust.

                    Project details

                    BAP is written in OCaml.

                    Strengths and weaknesses

                    • + More than 25 contributors
                    • + More than 500 GitHub stars
                    • + The source code of this software is available

                      Typical usage

                      • Binary analysis
                      • Malware analysis

                      BAP review

                      76

                      pyelftools

                      Introduction

                      This toolkit is used by other software, or standalone. Its main purpose is to parse binary ELF files and DWARF debugging information. This can be useful during malware analysis or troubleshooting issues with programs.

                      Project details

                      pyelftools is written in Python.

                      Strengths and weaknesses

                      • + More than 25 contributors
                      • + More than 500 GitHub stars
                      • + The source code of this software is available

                        Typical usage

                        • Binary analysis
                        • Malware analysis

                        pyelftools review

                        100

                        GRR Rapid Response

                        Introduction

                        The goal of the GRR tooling is to support digital forensics and investigations. By using a fast and scalable model, analysts can quickly perform their analysis. One of the main features is the ability to search for particular information or details. This process is called hunting.

                        Project details

                        GRR Rapid Response is written in Python.

                        Strengths and weaknesses

                        • + More than 25 contributors
                        • + More than 3000 GitHub stars
                        • + The source code of this software is available
                        • + Supported by a large company

                          Typical usage

                          • Digital forensics
                          • Intrusion detection
                          • Threat hunting

                          GRR Rapid Response review

                          60

                          libewf

                          Introduction

                          The libewf toolkit is useful for those who need to create a disk image or perform disk forensics.

                          Project details

                          libewf is written in C.

                          Strengths and weaknesses

                          • + The source code of this software is available

                            Typical usage

                            • Digital forensics

                            libewf review

                            74

                            Volatility

                            Introduction

                            Volatility is a well-known tool to analyze memory dumps. Interesting about this project is that the founders of this project decided to create a foundation around the project. This foundation is an independent 501(c) (3) non-profit organization that maintains and promotes open source memory forensics with The Volatility Framework.

                            Project details

                            Volatility is written in Python.

                            Strengths and weaknesses

                            • + More than 2000 GitHub stars
                            • + The source code of this software is available
                            • + Project is supported by a foundation

                              Typical usage

                              • Digital forensics

                              Volatility review

                              64

                              dfis (Digital Forensic Investigative Scripts)

                              Introduction

                              This toolkit of scripts are made by Hal to help in forensic assignments. They make several parts of the job easier, like converting data to another format for further processing.

                              Project details

                              dfis is written in Perl.

                              Strengths and weaknesses

                              • + The source code of this software is available
                              • + Well-known author
                              • - No updates for a while

                              Typical usage

                              • Digital forensics

                              dfis review

                              64

                              FIR (Fast Incident Response)

                              Introduction

                              FIR is an incident response tool written in the Django framework. It provides a web interface to deal with the creation and management of security-related incidents.

                              Project details

                              Strengths and weaknesses

                              • + More than 10 contributors
                              • + The source code of this software is available

                                Typical usage

                                • Incident response
                                • Security monitoring

                                FIR review

                                84

                                LogonTracer

                                Introduction

                                LogonTracer is a tool to investigate malicious logins from Windows event logs with visualization capabilities.

                                Project details

                                LogonTracer is written in Python.

                                Strengths and weaknesses

                                • + More than 500 contributors
                                • + The source code of this software is available

                                  Typical usage

                                  • Criminal investigations
                                  • Digital forensics
                                  • Learning

                                  LogonTracer review

                                  93

                                  Loki

                                  Introduction

                                  Loki is security tool to find so-called indicators of compromise (IOC). It does this by scanning files and then uses pattern matching.

                                  Project details

                                  Loki is written in Python.

                                  Strengths and weaknesses

                                  • + More than 10 contributors
                                  • + Commercial support available
                                  • + More than 500 GitHub stars
                                  • + The source code of this software is available

                                    Typical usage

                                    • Digital forensics
                                    • Intrusion detection
                                    • Security monitoring

                                    Loki review

                                    60

                                    shellbags

                                    Introduction

                                    Typically this tool will be used to gather information from a compromised system or to track traces from a system to find evidence. Shellbags can provide some insight on browsed directories on the system via Explorer on Microsoft Windows systems.

                                    Project details

                                    shellbags is written in Python.

                                    Strengths and weaknesses

                                    • + The source code of this software is available

                                      Typical usage

                                      • Digital forensics

                                      shellbags review

                                      60

                                      Bowcaster

                                      Introduction

                                      Bowcaster is a framework to create exploits. It is written in Python and comes with a set of tool and modules to help exploit development.

                                      Project details

                                      Bowcaster is written in Python.

                                      Strengths and weaknesses

                                      • + The source code of this software is available
                                      • - No updates for a while

                                      Typical usage

                                      • Exploit development
                                      • Penetration testing

                                      Bowcaster review

                                      74

                                      Halcyon IDE

                                      Introduction

                                      Halcyon IDE provides an interface to develop Nmap scripts (NSE). These scripts can be used to extend the functionality of Nmap and perform more advanced scans on applications and infrastructures. By using an IDE, the development of NSE scripts can be simplified.

                                      Project details

                                      Halcyon IDE is written in Java.

                                      Strengths and weaknesses

                                      • + Runs on multiple platforms
                                      • + The source code of this software is available

                                        Typical usage

                                        • Exploit development
                                        • Penetration testing
                                        • Security awareness

                                        Halcyon IDE review

                                        60

                                        ShellPop

                                        Introduction

                                        During a penetration test, you might have an opportunity to gain shell access to a system. This tool helps with crafting the required type of reverse or bind shell for the task. PopShell also helps with encoding, staging, or switching between different protocols.

                                        Project details

                                        ShellPop is written in Python.

                                        Strengths and weaknesses

                                        • + The source code of this software is available

                                          Typical usage

                                          • Penetration testing

                                          ShellPop review

                                          60

                                          bamfdetect

                                          Introduction

                                          With bamfdetect, malware and bots can be analyzed. It identifies and extracts information and returns data in JSON format.

                                          Project details

                                          bamfdetect is written in Python.

                                          Strengths and weaknesses

                                          • + The source code of this software is available

                                            Typical usage

                                            • Malware analysis
                                            • Malware scanning

                                            bamfdetect review

                                            100

                                            Intrigue Core

                                            Introduction

                                            Intrigue Core provides a framework to measure the attack surface of an environment. This includes discovering infrastructure and applications, performing security research, and doing vulnerability discovery.

                                            Intrigue also allows enriching available data and perform OSINT research (open source intelligence). The related scans include DNS subdomain brute-forcing, email harvesting, IP geolocation, port scanning, and using public search engines like Censys, Shodan, and Bing.

                                            Project details

                                            Intrigue Core is written in Ruby.

                                            Strengths and weaknesses

                                            • + More than 500 GitHub stars
                                            • + The source code of this software is available

                                              Typical usage

                                              • Asset discovery
                                              • Attack surface measurement
                                              • Intelligence gathering
                                              • OSINT research
                                              • Penetration testing
                                              • Security assessment

                                              Intrigue Core review

                                              Some relevant tool missing as an alternative to radare2? Please contact us with your suggestion.