Skip to content

Latest commit

 

History

History
121 lines (113 loc) · 15.1 KB

README.md

File metadata and controls

121 lines (113 loc) · 15.1 KB

Awesome IDA, Ghidra, x64DBG & OllyDBG plugins Awesome

A curated list of IDA x64DBG and OllyDBG plugins. IDA is a powerful disassembler and debugger that allows to analyze binary, it also includes a decompiler. X64DBG is an open-source x64/x32 debugger for Windows. OllyDbg is a 32-bit assembler level analysing debugger for Windows.

Content

IDA Plugins

  • Keypatch: Friendly assembly-level patching/searching plugin (using multi-arch assembler framework Keystone engine inside).
  • Lazy ida: Add functionalities such as function return removing, converting data, scanning for string vulnerabilities.
  • IDAemu: Use for emulating code in IDA Pro. It is based on unicorn-engine.
  • IDA_EA: A set of exploitation/reversing aids for IDA.
  • Labeless: System for labels/comments synchronization with a debugger backend.
  • Idadiff: A diffing tool using Machoc Hash.
  • IDA Skin: Plugin providing advanced skinning support for IDA Pro utilizing Qt stylesheets, similar to CSS.
  • Auto Re: Auto-renaming dummy-named functions, which have one API call or jump to the imported API.
  • IDA IPython: An IDA Pro Plugin for embedding an IPython.
  • IDA Sploiter: An exploit development and vulnerability research plugin.
  • IDATropy: It is designed to generate charts of entropy and histograms using the power of idapython and matplotlib.
  • IDA Patcher: It is designed to enhance IDA's ability to patch binary files and memory.
  • IDAHunt: Analyze binaries with IDA Pro and hunt for things in IDA Pro.
  • IDA for Delphi: IDA Python Script to Get All function names from Event Constructor (VCL).
  • IDA ARM Highlight: Highlighting and decoding ARM system instructions.
  • BinDiff: It is a comparison tool for binary files, that assists vulnerability researchers and engineers to quickly find differences and similarities in disassembled code.
  • Diaphora: It is a program diffing plugin for IDA, similar to Zynamics Bindiff.
  • Yaco: Collaborative Reverse-Engineering for IDA.
  • IDASignSrch: It can recognize tons of compression, multimedia and encryption algorithms and many other things like known strings and anti-debugging code.
  • Findcrypt2: It searches constants known to be associated with cryptographic algorithm in the code.
  • Driver Buddy: It assists with the reverse engineering of Windows kernel drivers.
  • Heap Viewer: Used to examine the glibc heap, focused on exploit development.
  • IDAScope: It consists of multiple tabs, containing functionality to achieve different goals such as fast identification of semantically interesting locations.
  • HexRayPytools: Assist in the creation of classes/structures and detection of virtual tables.
  • Ponce: Symbolic Execution just one-click away!
  • idenLib.py: idenLib (Library Function Identification ) plugin for IDA Pro
  • J.A.R.V.I.S A plugin for IDA Pro to assist you with the most common reversing tasks. It integrates with the (J.A.R.V.I.S) tracer.
  • golang_loader_assist: Making GO reversing easier in IDA Pro
  • FindYara: IDA python plugin to scan binary with yara rules.
  • Karta: Source code assisted fast binary matching plugin for IDA
  • VT-IDA-PLUGIN: This plugin integrates functionality from VirusTotal web services into the IDA Pro's user interface.
  • mkYARA: mkYARA comes with a IDA plugin to easily create YARA signatures by selecting a set of instructions and choosing one of the mkYARA -> Generate YARA rule options.
  • Oregami: IDA plugins and scripts for analyzing register usage frame.
  • IDA_IFL: A small plugin with a goal to provide user-friendly way to navigate between functions and their references.
  • xray: xray is a plugin for the Hexrays decompiler that both filters and colorizes the textual representation of the decompiler's output based on configurable regular expressions.
  • Lighthouse: Lighthouse is a powerful code coverage plugin for IDA Pro and Binary Ninja. As an extension of the leading disassemblers, this plugin enables one to interactively explore code coverage data in new and innovative ways when symbols or source may not be available for a given binary.
  • CAPA Explorer: Capa explorer is an IDA Pro plugin written in Python that integrates the FLARE team's open-source framework, capa, with IDA.
  • Ghida: GhIDA is an IDA Pro plugin that integrates the Ghidra decompiler in IDA.
  • vt-ida-plugin: This plugin integrates functionality from VirusTotal web services into the IDA Pro's user interface.
  • Virtuailor: IDAPython tool for C++ vtables reconstruction.
  • ipyda: PyIDA is a python-only solution to add an IPython console to IDA Pro.
  • ComIDA: An IDA Plugin that help during the analysis of modules using COM.
  • D810: D-810 is an IDA Pro plugin which can be used to deobfuscate code at decompilation time by modifying IDA Pro microcode.
  • lumen: A private Lumina server for IDA Pro.
  • Hexrays Toolbox: Hexrays Toolbox is a script for the Hexrays Decompiler which can be used to find code patterns within decompiled code.
  • HRDevHelper: This plugin for the HexRays decompiler creates a graph of a decompiled function's AST using IDA's internal graph viewer.
  • dsync: IDAPython plugin that synchronizes disassembler and decompiler views.
  • IDACyber: IDACyber is an interactive data visualization plugin for IDA Pro. It consists of external "color filters" that transform raw data bytes into a canvas that can be used to inspect and navigate data interactively.
  • abyss: Augmentation of postprocess Hexrays decompiler output.
  • genmc: genmc is an IDAPython script/plugin hybrid that displays Hexrays decompiler microcode, which can help in developing microcode plugins.
  • ida-minsc: IDA-minsc is a plugin for IDA Pro that assists a user with scripting the IDAPython plugin that is bundled with the disassembler.
  • Bip: Bip is a project which aims to simplify the usage of python for interacting with IDA. Its main goals are to facilitate the usage of python in the interactive console of IDA and the writing of plugins.
  • FIDL: This is a set of utilities wrapping the decompiler API into something sane. This code focus on vulnerability research and bug hunting.
  • flare-emu: flare-emu marries a supported binary analysis framework, such as IDA Pro or Radare2, with Unicorn’s emulation framework to provide the user with an easy to use and flexible interface for scripting emulation tasks.
  • CTO (Call Tree Overviewer): CTO (Call Tree Overviewer) is an IDA plugin for creating a simple and efficiant function call tree graph. It can also summarize function information such as internal function calls, API calls, static linked library function calls, unresolved function calls, string references, structure member accesses, specific comments.
  • HashDB: Malware string hash lookup plugin for IDA Pro. This plugin connects to the OALABS HashDB Lookup Service.
  • deREferencing: deReferencing is an IDA Pro plugin that implements new registers and stack views. Adds dereferenced pointers, colors and other useful information, similar to some GDB plugins (e.g: PEDA, GEF, pwndbg, etc).
  • syms2elf: The plugin export the symbols (for the moment only functions) recognized by IDA Pro and radare2 to the ELF symbol table.
  • retdec-idaplugin: RetDec plugin for IDA (Interactive Disassembler). The plugin comes at both 32-bit and 64-bit address space variants (both are 64-bit binaries).
  • VMAttack: IDA Pro Plugin for static and dynamic virtualization-based packed analysis and deobfuscation.
  • BinCAT: Binary code static analyser, with IDA integration. Performs value and taint analysis, type reconstruction, use-after-free and double-free detection.
  • ttddbg - Time Travel Debugging IDA plugin: This plugin adds a new debugger to IDA which supports loading Time Travel Debugging traces generated using WinDBG Preview.

Ghidra Plugins

  • Ghidra Scripts: Port of devttyS0's IDA plugins to the Ghidra plugin framework, new plugins as well.
  • Ghidra Scripts 2: Ghidra script for malware analysis.
  • Findcrypt: IDA Pro's FindCrypt ported to Ghidra, with an updated and customizable signature database.
  • Lazy Ghidra: Make your Ghidra Lazy.
  • Pcode Emulator: A PCode Emulator for Ghidra.
  • dragondance: Dragon Dance is a plugin for Ghidra to get visualize and manipulate the binary code coverage data.
  • ghidra_nodejs: Ghidra plugin to parse, disassemble and decompile NodeJS Bytenode (JSC) binaries.
  • cantordust: CantorDust is a binary visulization tool used to aid reverse engineering efforts. It allows humans to utilize their superior visual pattern recognition to identify patterns in binary data.
  • ghidra-findcrypt: Ghidra analysis plugin to locate cryptographic constants (This is a re-write of another Ghidra FindCrypt script as an auto analysis module).
  • Awesome Ghidra: A list of additionnal Ghidra plugins.

x64dbg Plugins

OllyDBG Plugins

  • OllyDumpEx: This plugin is process memory dumper for OllyDbg.
  • OllyDeobfuscator: Deobfuscator for Olly.
  • Phantom: Anti anti-debug trick.
  • TLSCatch 0.3: This plugin simply intercepts any new module loaded into the current process address space, searches it for TLS callbacks.
  • AnalyzeThis: Assisting for unpacking.

GDB Plugins

  • GEF: GEF (GDB Enhanced Features) - a modern experience for GDB with advanced debugging features for exploit developers & reverse engineers.
  • pwndbg: Pwndbg is a GDB plug-in that makes debugging with GDB suck less, with a focus on features needed by low-level software developers, hardware hackers, reverse-engineers and exploit developers.
  • Voltron: Voltron is an extensible debugger UI toolkit written in Python. It aims to improve the user experience of various debuggers (LLDB, GDB, VDB and WinDbg)
  • gdbghidra: gdbghidra - a visual bridge between a GDB session and GHIDRA
  • angrgdb: Use angr inside GDB. Create an angr state from the current debugger state.