PyREbox
Cisco Talos's PyREbox is a python QEMU-based sandbox environment designed to aid in reverse engineering. It can be used for security researchers to aid them in malware analysis, or for general developers with debugging their applications.
Cost / License
- Free
- Open Source
Platforms
- Mac
- Windows
- Linux
- Python
- QEMU
Features
- Malware Analysis
- Debugging
- In-Depth Analysis
- Sandbox
Tags
- Virtual machine
- security-sandbox
- sandboxing
- security-sandboxes
PyREbox News & Activities
Recent activities
PyREbox information
Developed by
Cisco Licensing
Open Source (GPL-2.0) and Free product.Written in
Alternatives
10 alternatives listedSupported Languages
- English
AlternativeTo Categories
Network & Admin, DevelopmentGitHub repository
- 1,679 Stars
- 252 Forks
- 26 Open Issues
- Updated (Archived)
What is PyREbox?
PyREBox is a Python scriptable Reverse Engineering sandbox. It is based on QEMU, and its goal is to aid reverse engineering by providing dynamic analysis and debugging capabilities from a different perspective. PyREBox allows to inspect a running QEMU VM, modify its memory or registers, and to instrument its execution, by creating simple scripts in python to automate any kind of analysis. QEMU (when working as a whole-system-emulator) emulates a complete system (CPU, memory, devices...). By using VMI techniques, it does not require to perform any modification into the guest operating system, as it transparently retrieves information from its memory at run-time.
Several academic projects such as DECAF, PANDA, S2E, or AVATAR, have previously leveraged QEMU based instrumentation to overcome reverse engineering tasks. These projects allow to write plugins in C/C++, and implement several advanced features such as dynamic taint analysis, symbolic execution, or even record and replay of execution traces. With PyREBox, we aim to apply this technology focusing on keeping the design simple, and on the usability of the system for threat analysts.