Reverse Engineering and tinkering

  • mitmproxy

    Free Mac Windows Linux Website

    mitmproxy is an SSL-capable man-in-the-middle proxy for HTTP. It provides a console interface that allows traffic flows to be inspected and edited on the fly. It also features mitmdump, a commandline tool that provides a tcpdump-like interface for saving, viewing and manipulating HTTP traffic.


    mitmproxy icon
  • x64dbg

    Free Windows Website

    x64dbg is a 64-bit assembler-level debugger for Windows. The corresponding 32-bit debugger is called x32dbg.

    Key features:

    • Open-source
    • Intuitive and familiar, yet new user interface
    • C-like expression parser
    • Full-featured debugging of DLL and EXE files (TitanEngine)
    • IDA-like sidebar with jump arrows
    • IDA-like instruction token highlighter (highlight registers etc.)
    • Memory map
    • Symbol view
    • Thread view
    • Content-sensitive register view
    • Fully customizable color scheme
    • Dynamically recognize modules and strings
    • Import reconstructor integrated (Scylla)
    • Fast disassembler (BeaEngine)
    • User database (JSON) for comments, labels, bookmarks etc.
    • Plugin support with growing API
    • Extendable, debuggable scripting language for automation
    • Multi-datatype memory dump
    • Basic debug symbol (PDB) support
    • Dynamic stack view
    • Built-in assembler (XEDParse)
    • View your patches and save them to disk
    • Built-in hex editor
    • Find patterns in memory


    x64dbg icon
  • IDA

    Commercial Mac Windows Linux Website

    The IDA Pro Disassembler and debugger is a multi-processor disassembler and debugger hosted on the Windows, Linux and Mac OS X Platforms.


    IDA icon
  • Burp Suite

    Freemium Mac Windows Linux BSD Website

    Simple, scalable cybersecurity tool suite for researchers, professionals, and enterprises.


    Burp Suite icon
  • HxD

    Free Windows Website

    HxD is a carefully designed and fast hex editor which, additionally to raw disk editing and modifying of main memory (RAM), handles files of any size.

    The easy to use interface offers features such as searching and replacing, exporting, checksums/digests, insertion of byte patterns, a file shredder, concatenation or splitting of files, statistics and much more.

    Editing works like in a text editor with a focus on a simple and task-oriented operation, as such functions were streamlined to hide differences that are purely technical.
    For example, drives and memory are presented similar to a file

    Latest version: 2.0 (July 16, 2018)


    HxD icon
  • Fiddler

    Freemium Windows Website

    Fiddler is a Web Debugging Proxy which logs all HTTP(S) traffic between your computer and the Internet.


    Fiddler icon
  • radare2

    Free Mac Windows Linux Android iPhone ... Android Tablet BSD iPad C (programming language) Git Haiku Docker Website

    Radare project started as a forensics tool, a scriptable commandline hexadecimal editor able to open disk files, but later support for analyzing binaries, disassembling code, debugging programs, attaching to remote gdb servers, ...

    Radare is a portable reversing framework that can...

    • Disassemble (and assemble for) many different architectures
    • Debug with local native and remote debuggers (gdb, rap, webui, r2pipe, winedbg, windbg)
    • Run on Linux, *BSD, Windows, OSX, Android, iOS, Solaris and Haiku
    • Perform forensics on filesystems and data carving
    • Be scripted in Python, Javascript, Go and more
    • Support collaborative analysis using the embedded webserver
    • Visualize data structures of several file types
    • Patch programs to uncover new features or fix vulnerabilities
    • Use powerful analysis capabilities to speed up reversing
    • Aid in software exploitation


    radare2 icon
  • Process Monitor

    Free Windows Website

    Process Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity. It combines the features of two legacy Sysinternals utilities, Filemon and Regmon, and adds an extensive list of enhancements including rich and non-destructive filtering, comprehensive event properties such session IDs and user names, reliable process information, full thread stacks with integrated symbol support for each operation, simultaneous logging to a file, and much more. Its uniquely powerful features will make Process Monitor a core utility in your system.


    Process Monitor icon
  • Wireshark

    Free Mac Windows Linux BSD Website

    Wireshark is the world's foremost network protocol analyzer. It lets you capture and interactively browse the traffic running on a computer network. It is the de facto (and often de jure) standard across many industries and educational institutions.

    Wireshark has a rich feature set which includes the following:

    -Deep inspection of hundreds of protocols, with more being added all the time
    -Live capture and offline analysis
    -Standard three-pane packet browser
    -Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others
    -Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility
    -The most powerful display filters in the industry
    -Rich VoIP analysis
    -Read/write many different capture file formats: tcpdump (libpcap), Pcap NG, Catapult DCT2000, Cisco Secure IDS iplog, Microsoft Network Monitor, Network General Sniffer® (compressed and uncompressed), Sniffer® Pro, and NetXray®, Network Instruments Observer, NetScreen snoop, Novell LANalyzer, RADCOM WAN/LAN Analyzer, Shomiti/Finisar Surveyor, Tektronix K12xx, Visual Networks Visual UpTime, WildPackets EtherPeek/TokenPeek/AiroPeek, and many others
    -Capture files compressed with gzip can be decompressed on the fly
    -Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platform)
    -Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2
    -Coloring rules can be applied to the packet list for quick, intuitive analysis
    -Output can be exported to XML, PostScript®, CSV, or plain text


    Wireshark icon
  • Process Explorer

    Free Windows Website

    Process Explorer shows you information about which handles and DLLs processes have opened or loaded.


    Process Explorer icon
  • Ghidra

    Free Mac Windows Linux Website

    Ghidra is a software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate. This framework includes a suite of full-featured, high-end software analysis tools that enable users to analyze compiled code on a variety of platforms including Windows, macOS, and Linux. Capabilities include disassembly, assembly, decompilation, graphing, and scripting, along with hundreds of other features. Ghidra supports a wide variety of process instruction sets and executable formats and can be run in both user-interactive and automated modes. Users may also develop their own Ghidra plug-in components and/or scripts using Java or Python.

    In support of NSA's Cybersecurity mission, Ghidra was built to solve scaling and teaming problems on complex SRE efforts, and to provide a customizable and extensible SRE research platform. NSA has applied Ghidra SRE capabilities to a variety of problems that involve analyzing malicious code and generating deep insights for SRE analysts who seek a better understanding of potential vulnerabilities in networks and systems.


    Ghidra icon

Comments on Reverse Engineering and tinkering

Echo echo ... Feels empty in here

Maybe you want to be the first to submit a comment?

Sign up to comment, it's simple!