Reverse Engineering and tinkering
x64dbg is a 64-bit assembler-level debugger for Windows. The corresponding 32-bit debugger is called x32dbg.
Key features:
- Open-source
- Intuitive and familiar, yet new user interface
- C-like expression parser
- Full-featured debugging of DLL and EXE files (TitanEngine)
- IDA-like sidebar with jump arrows
- IDA-like instruction token highlighter (highlight registers etc.)
- Memory map
- Symbol view
- Thread view
- Content-sensitive register view
- Fully customizable color scheme
- Dynamically recognize modules and strings
- Import reconstructor integrated (Scylla)
- Fast disassembler (BeaEngine)
- User database (JSON) for comments, labels, bookmarks etc.
- Plugin support with growing API
- Extendable, debuggable scripting language for automation
- Multi-datatype memory dump
- Basic debug symbol (PDB) support
- Dynamic stack view
- Built-in assembler (XEDParse)
- View your patches and save them to disk
- Built-in hex editor
- Find patterns in memory
Ghidra is a software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate. This framework includes a suite of full-featured, high-end software analysis tools that enable users to analyze compiled code on a variety of platforms including Windows, macOS, and Linux. Capabilities include disassembly, assembly, decompilation, graphing, and scripting, along with hundreds of other features. Ghidra supports a wide variety of process instruction sets and executable formats and can be run in both user-interactive and automated modes. Users may also develop their own Ghidra plug-in components and/or scripts using Java or Python.
In support of NSA's Cybersecurity mission, Ghidra was built to solve scaling and teaming problems on complex SRE efforts, and to provide a customizable and extensible SRE research platform. NSA has applied Ghidra SRE capabilities to a variety of problems that involve analyzing malicious code and generating deep insights for SRE analysts who seek a better understanding of potential vulnerabilities in networks and systems.
The IDA Pro Disassembler and debugger is a multi-processor disassembler and debugger hosted on the Windows, Linux and Mac OS X Platforms.
Radare project started as a forensics tool, a scriptable commandline hexadecimal editor able to open disk files, but later support for analyzing binaries, disassembling code, debugging programs, attaching to remote gdb servers, ...
Radare is a portable reversing framework that can...
• Disassemble (and assemble for) many different architectures • Debug with local native and remote debuggers (gdb, rap, webui, r2pipe, winedbg, windbg) • Run on Linux, *BSD, Windows, OSX, Android, iOS, Solaris and Haiku • Perform forensics on filesystems and data carving • Be scripted in Python, Javascript, Go and more • Support collaborative analysis using the embedded webserver • Visualize data structures of several file types • Patch programs to uncover new features or fix vulnerabilities • Use powerful analysis capabilities to speed up reversing • Aid in software exploitation
Wireshark is the world's foremost network protocol analyzer. It lets you capture and interactively browse the traffic running on a computer network. It is the de facto (and often de jure) standard across many industries and educational institutions.
Wireshark has a rich feature set which includes the following:
-Deep inspection of hundreds of protocols, with more being added all the time -Live capture and offline analysis -Standard three-pane packet browser -Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others -Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility -The most powerful display filters in the industry -Rich VoIP analysis -Read/write many different capture file formats: tcpdump (libpcap), Pcap NG, Catapult DCT2000, Cisco Secure IDS iplog, Microsoft Network Monitor, Network General Sniffer® (compressed and uncompressed), Sniffer® Pro, and NetXray®, Network Instruments Observer, NetScreen snoop, Novell LANalyzer, RADCOM WAN/LAN Analyzer, Shomiti/Finisar Surveyor, Tektronix K12xx, Visual Networks Visual UpTime, WildPackets EtherPeek/TokenPeek/AiroPeek, and many others -Capture files compressed with gzip can be decompressed on the fly -Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platform) -Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2 -Coloring rules can be applied to the packet list for quick, intuitive analysis -Output can be exported to XML, PostScript®, CSV, or plain text
mitmproxy is an SSL-capable man-in-the-middle proxy for HTTP. It provides a console interface that allows traffic flows to be inspected and edited on the fly. It also features mitmdump, a commandline tool that provides a tcpdump-like interface for saving, viewing and manipulating HTTP traffic.
Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application's attack surface, through to finding and exploiting security vulnerabilities.
Fiddler is a Web Debugging Proxy which logs all HTTP(S) traffic between your computer and the Internet. Fiddler allows you to inspect all HTTP(S) traffic, set breakpoints, and "fiddle" with incoming or outgoing data. Fiddler includes a powerful event-based scripting subsystem, and can be extended using any .NET language.
Fiddler captures HTTP and HTTPS traffic and logs it for the user to review (the latter by implementing man-in-the-middle interception using self-signed certificates).
Fiddler is freeware and can debug traffic from virtually any application, including Internet Explorer, Mozilla Firefox, Opera, and thousands more.
Process Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity. It combines the features of two legacy Sysinternals utilities, Filemon and Regmon, and adds an extensive list of enhancements including rich and non-destructive filtering, comprehensive event properties such session IDs and user names, reliable process information, full thread stacks with integrated symbol support for each operation, simultaneous logging to a file, and much more. Its uniquely powerful features will make Process Monitor a core utility in your system.
Process Explorer shows you information about which handles and DLLs processes have opened or loaded. The display consists of two sub-windows. The top always shows a list of the currently active processes, including the names of their owning accounts, whereas the information displayed in the bottom window depends on the mode that it is in. The unique capabilities make it useful for tracking down DLL-version problems or handle leaks, and provide insight into the way Windows and applications work.
HxD is a carefully designed and fast hex editor which, additionally to raw disk editing and modifying of main memory (RAM), handles files of any size.
The easy to use interface offers features such as searching and replacing, exporting, checksums/digests, insertion of byte patterns, a file shredder, concatenation or splitting of files, statistics and much more.
Editing works like in a text editor with a focus on a simple and task-oriented operation, as such functions were streamlined to hide differences that are purely technical. For example, drives and memory are presented similar to a file
Latest version: 2.0 (July 16, 2018)
