ida
跟IDA Pro有关的资源收集。当前包括的工具个数400+,并根据功能进行了粗糙的分类。部分工具添加了中文描述。
目录
- 工具
- 未分类
- 结构体&&类的检测&&创建&&恢复
- 收集
- 外观&&主题
- 固件&&嵌入式设备
- 签名(FLIRT等)&&比较(Diff)&&匹配
- IDB操作
- 协作逆向&&多人操作相同IDB文件
- 与调试器同步&&通信&&交互
- 导入导出&与其他工具交互
- 针对特定分析目标
- IDAPython本身
- 指令参考&文档
- 辅助脚本编写
- 古老的
- 调试&&动态运行&动态数据
- 反编译器
- 反混淆
- 效率&&导航&&快速访问&&图形&&图像&&可视化
- 针对特定CTF
- Android
- iOS&&macOS&&iPhone&&iPad&&iXxx
- ELF
- Microcode
- 模拟器集成
- 新添加的
- 作为辅助&&构成其他的一环
- 漏洞
- 补丁&&Patch
- 其他
- Qt
- TODO
- 文章
工具
- 以Github开源工具为主
未分类
- [1033星][1mo] [Python]fireeye/flare-ida 多工具
- StackStrings 自动恢复手动构造的字符串
- Struct Typer
- ApplyCalleeType This plugin allows you to specify or choose a function type for indirect calls as described here: Flare-Ida-Pro-Script
- argtracker 识别函数使用的静态参数
- idb2pat FLIRT签名生成
- objc2_analyzer 在目标Mach-O可执行文件的与Objective-C运行时相关的部分中定义的选择器引用及其实现之间创建交叉引用
- MSDN Annotations 从XML文件中提取MSDN信息,添加到IDB数据库中
- ironstrings 使用代码模拟执行(flare-emu), 恢复构造的字符串
- Shellcode Hashes 生成Hash数据库
- [920星][2d] [OCaml]airbus-seclab/bincat 二进制代码静态分析工具。值分析(寄存器、内存)、污点分析、类型重建和传播(propagation)、前向/后向分析
- [862星][2y] [C++]illera88/ponce 简化污点分析+符号执行
- [729星][5mo] [Python]devttys0/ida 多工具
- wpsearch 查找在MIPS WPS checksum实现中常见的立即数
- md5hash 纯Python版的MD5 hash实现(IDA的hashlib有问题)
- alleycat 查找向指定的函数内代码块的路径、查找两个或多个函数之间的路径、生成交互式调用图、可编程
- codatify 定义IDA自动化分析时miss的ASCII字符串、函数、代码。将data段的所有未定义字节转换为DWORD(于是IDA可识别函数和跳转表指针)
- fluorescence 高亮函数调用指令
- leafblower 识别常用的POSIX函数:printf, sprintf, memcmp, strcpy等
- localxrefs 在当前函数内部查找所有对任意选择文本的引用
- mipslocalvars 对栈上只用于存储寄存器的变量进行命名,简化栈数据分析(MISP)
- mipsrop 在MIPS可执行代码中搜寻ROP。查找常见的ROP
- rizzo 对2个或多个IDB之间的函数进行识别和重命名,基于:函数签名、对唯一字符串/常量的引用、模糊签名、调用图
- [382星][3y] [Python]36hours/idaemu 基于Unicorn引擎的代码模拟插件
- 重复区段: 工具/模拟器集成 |
- [305星][3w] [C]ohjeongwook/darungrim 软件补丁分析工具
- [283星][4w] [Python]a1ext/auto_re 自动化函数重命名
- [269星][2mo] [Python]jpcertcc/aa-tools 多脚本(还有的没列出在子工具)
- apt17scan.py Volatility插件, 检测APT17相关的恶意代码并提取配置
- emdivi_postdata_decoder 解码Emdivi post的数据
- emdivi_string_decryptor IDAPython脚本, 解密Emdivi内的字符串
- [266星][1mo] [Python]fireeye/flare-emu 结合Unicorn引擎, 简化模拟脚本的编写
- 重复区段: 工具/模拟器集成 |
- [177星][3d] [Python]joxeankoret/idamagicstrings 从字符串常量中提取信息
- [167星][1y] [Python]tintinweb/ida-batch_decompile 将多个文件及其import用附加注释(外部参照,堆栈变量大小)反编译到pseudocode.c文件
- [148星][1y] [Python]ax330d/hrdev 反编译输出增强: 使用Python Clang解析标准的IDA反编译结果
- [133星][1y] [Python]carlosgprado/jarvis 多功能, 带界面,辅助静态分析、漏洞挖掘、动态追踪(Pin)、导入导出等
- [121星][1mo] [Python]you0708/ida 查找加密常量
- [117星][5y] [C++]zyantific/retypedef 函数名称替换,可以自定义规则
- [116星][1y] [Python]xerub/idastuff 针对ARM处理器
- [103星][7mo] [Python]sibears/hrast 演示如何修改AST(抽象语法树)
- [102星][2mo] [Python]lucasg/findrpc 从二进制文件中提取内部的RPC结构体
- [94星][2y] [Python]gaasedelen/prefix IDA 插件,为函数添加前缀
- [79星][2mo] [Python]takahiroharuyama/ida_haru 多工具
- bindiff 使用BinDiff对多个二进制文件进行对比,可多达100个
- eset_crackme ESET CrackMe driver VM loader/processor
- fn_fuzzy 快速二进制文件对比
- stackstring_static 静态恢复栈上的字符串
- [73星][9mo] [Python]secrary/ida-scripts 多脚本
- dumpDyn 保存动态分配并执行的代码的相关信息:注释、名称、断点、函数等,之后此代码在不同基址执行时使保存内容依然可用
- idenLib 库函数识别
- IOCTL_decode Windows驱动的IO控制码
- XORCheck
- [67星][11mo] [Python]lucasg/idamagnum 在IDA中向MagnumDB发起请求, 查询枚举常量可能的值
- [60星][2y] [Python]tmr232/idabuddy 逆向滴好盆友??
- [59星][2y] [C++]alexhude/loadprocconfig 加载处理器配置文件
- [57星][3w] [Python]williballenthin/idawilli IDA Pro 资源、脚本和配置文件等
- hint_calls 以Hint的形式战士函数引用的call和字符串
- dynamic_hints 演示如何为动态数据提供自定义hint的示例插件
- add_segment 将已存在文件的内容添加为新的segment
- color 对指令进行着色
- find_ptrs 扫描.text区段查找可能为指针的值,并进行标记
- yara_fn 创建yara规则,匹配当前函数的basic block
- [54星][1y] [Python]zardus/idalink 使用IDA API时保证不卡界面. 在后台启动与界面脱离IDA CLI会话, 再使用RPyC连接界面
- [53星][3y] [Python]patois/drgadget 开发和分析ROP链
- [52星][3y] [C++]sektioneins/wwcd Capstone powered IDA view
- [51星][2y] [Python]cseagle/ida_clemency IDA cLEMENCy Tools
- [49星][10mo] [Python]agustingianni/utilities 多个IDAPython脚本
- [47星][3y] [Python]alessandrogario/ida-function-tagger 根据函数使用的导入表,对函数进行标记
- [47星][3y] [Python]jjo-sec/idataco 多功能
- [47星][2mo] [Python]lich4/personal_script 010Editor/BurpSuite/Frida/IDA等多个工具的多个脚本
- 010Editor 010Editor的多个脚本
- ParamChecker Burp插件
- Frida Frida多个脚本
- IDA IDA多个脚本
- IDA-read_unicode.py IDA插件,识别程序中的中文字符
- IDA-add_xref_for_macho 辅助识别Objective-C成员函数的caller和callee
- IDA-add_info_for_androidgdb 使用gdbserver和IDA调试Android时,读取module列表和segment
- IDA-trace_instruction 追踪指令流
- IDA-detect_ollvm 检测OLLVM,在某些情况下修复(Android/iOS)
- IDA-add_block_for_macho 分析macho文件中的block结构
- [45星][7y] [Python]carlosgprado/milf IDA瑞士军刀
- milf 辅助漏洞挖掘
- [45星][5y] [Python]kyrus/ida-translator 将IDB数据库中的任意字符集转换为Unicode,然后自动调用基于网页的翻译服务(当前只有谷歌翻译)将非英文语言翻译为英文
- [43星][1y] [Python]nirizr/pytest-idapro A pytest module for The Interactive Disassembler and IDAPython; Record and Replay IDAPython API, execute inside IDA or use mockups of IDAPython API.
- [42星][5y] [Python]nihilus/idasimulator 扩展IDA的条件断点支持,在被调试进行中使用Python代码替换复杂的执行代码
- [41星][2w] [Python]patois/mrspicky IDA反编译器脚本,辅助审计对于memcpy() 和memmove()函数的调用
- [41星][6y] [C++]vlad902/findcrypt2-with-mmx 对findcrypt2插件的增强,支持MMX AES指令
- [40星][6mo] [Visual Basic]dzzie/re_plugins 逆向插件收集
- IDASrvr wm_copydata IPC 服务器,可从其他进程中想IDA发送命令,查询数据,控制接口显示
- IDA_JScript
- IDA_JScript_w_DukDbg
- IDASrvr2
- IdaUdpBridge
- IdaVbScript
- OllySrvr
- Olly_hittrace
- Olly_module_bpx
- Olly_vbscript
- PyIDAServer
- Wingraph32
- rabc_gui
- swfdump_gui
- gleegraph
- hidden_strings
- memdump_conglomerate
- memdump_embedder
- rtf_hexconvert
- uGrapher
- wininet_hooks
- [40星][2y] [Python]mxmssh/idametrics 收集x86体系结构的二进制可执行文件的静态软件复杂性度量
- [40星][4y] [C++]nihilus/guid-finder 查找GUID/UUID
- [40星][3mo] [Python]tmr232/brutal-ida 在IDA 7.3中禁用Undo/Redo
- [39星][8mo] [Python]rr-/ida-images 图像预览插件,辅助查找图像解码函数(运行复杂代码,查看内存中是否存在图像)
- [38星][2y] [Python]saelo/ida_scripts 多脚本
- kernelcache 识别并重命名iOS kernelcache函数stub。ARM64 Only
- ssdt 解析Windows内核中的syscall表
- [34星][4y] [Python]madsc13ntist/idapython IDAPython脚本收集(无文档)
- [33星][3y] [Python]darx0r/reef 显示"由指定函数发起的"交叉应用。可以理解为函数内部引用的其他函数
- [33星][3y] [Python]sam-b/windows_syscalls_dumper 转储Windows系统调用Call的 number/name,以json格式导出
- [32星][5y] [Python]iphelix/ida-pomidor 在长时间的逆向中保存注意力和效率
- [32星][2y] [CMake]zyantific/ida-cmake IDA plugin CMake build-script
- [28星][4mo] [Python]enovella/re-scripts IDA/Ghidra/Radare2脚本收集(无文档)
- [28星][2y] [Python]kerrigan29a/idapython_virtualenv 在IDAPython中启用Virtualenv或Conda,使可以有多个虚拟环境
- [28星][1y] [Python]xyzz/vita-ida-physdump None
- [27星][1y] [python]daniel_plohmann/simplifire.idascope 简化恶意代码分析
- [26星][5y] [Python]bastkerg/recomp IDA recompiler(无文档)
- [26星][7mo] [C++]offlinej/ida-rpc Discord rich presence plugin for IDA Pro 7.0
- [25星][3y] [Python]zyantific/continuum Plugin adding multi-binary project support to IDA Pro (WIP)
- [23星][3y] [Python]devttys0/idascript IDA的Wrapper,在命令行中自动对目标文件执行IDA脚本
- [23星][1y] [C++]dougallj/dj_ida_plugins 向Hex-Rays反编译器添加VMX intrinsics
- [23星][9mo] [C++]trojancyborg/ida_jni_rename IDA JNI调用重命名
- [22星][4y] [Python]onethawt/idapyscripts IDAPython脚本
- DataXrefCounter 枚举指定区段的所有交叉引用,计算使用频率
- [22星][3y] [C++]patois/idaplugins Random IDA scripts, plugins, example code (some of it may be old and not working anymore)
- [21星][5y] [Python]nihilus/idascope 辅助恶意代码逆向(Bitbucket上的代码较新)
- [21星][4w] [Python]rceninja/re-scripts None
- Hyperv-Scripts
- IA32-MSR-Decoder 查找并解码所有的MSR码
- IA32-VMX-Helper 查找并解码所有的MSR/VMCS码
- [20星][1y] [Python]hyuunnn/ida_python_scripts IDAPython脚本
- [20星][2mo] [Python]nlitsme/idascripts 枚举多种类型数据:Texts/NonFuncs/...
- [20星][2y] [C#]zoebear/radia 创建一个用于可视化代码的交互式、沉浸式环境,辅助二进制文件逆向
- [20星][1y] [Python]hyuunnn/ida_python_scripts ida python scripts
- [20星][2w] [Python]mephi42/ida-kallsyms None
- [19星][8mo] [Python]yellowbyte/reverse-engineering-playground 逆向脚本收集,包括:IDAPython、文件分析、文件格式分析、文件系统分析、Shellcode分析
- [19星][3y] [Python]ztrix/idascript Full functional idascript with stdin/stdout handled
- [18星][1y] [Python]a1ext/ida-embed-arch-disasm 使IDA可在32位数据库中反汇编x64代码(WOW64)
- [17星][4y] [Python]gsingh93/ida-swift-demangle 对Swift函数名进行demangle
- [17星][1y] [Python]honeybadger1613/etm_displayer IDA Pro плагин для отображения результата Coresight ETM трассировки perf'а
- [17星][7y] [Python]rmadair/windbg2ida Import debugging traces from WinDBG into IDA. Color the graph, fill in the value of all the operands, etc.
- [16星][4y] fabi/idacsharp C# 'Scripts' for IDA 6.6+ based on
- [16星][4y] [Python]danielmgmi/virusbattle-ida-plugin The plugin is an integration of Virus Battle API to the well known IDA Disassembler.
- [14星][1y] [Python]ax330d/exports-plus 修复IDA不显示全部导出项以及不对导出项名称进行demangle的问题
- [14星][6mo] [CMake]google/idaidle 如果用户将实例闲置时间过长,则会警告用户。在预定的空闲时间后,该插件首先发出警告,然后再保存当前的disassemlby数据库并关闭IDA
- [14星][4y] [C++]nihilus/fast_idb2sig_and_loadmap_ida_plugins 2个插件
- [13星][2y] [Python]cisco-talos/pdata_check 根据pdata节和运行时函数的最后一条指令识别异常运行时。
- [13星][1y] [Python]cxm95/ida_wrapper An IDA_Wrapper for linux, shipped with an Function Identifier. It works well with Driller on static linked binaries.
- [12星][1y] [Assembly]gabrielravier/cave-story-decompilation 使用IDA反编译的游戏洞窟物語(Cave Story)
- [12星][11mo] [C++]nihilus/graphslick IDA Plugin - GraphSlick
- [11星][2y] [Python]0xddaa/iddaa idapython scripts
- [11星][5y] [Python]dshikashio/idarest Expose some basic IDA Pro interactions through a REST API for JSONP
- [11星][8mo] [C++]ecx86/ida7-supportlib IDA-SupportLib library by sirmabus, ported to IDA 7
- [10星][2y] [C++]fireundubh/ida7-functionstringassociate FunctionStringAssociate plugin by sirmabus, ported to IDA 7
- [10星][4y] [C++]revel8n/spu3dbg 调试anergistic SPU emulator
- [9星][2y] [Python]d00rt/easy_way_nymaim easy_way_nymaim: IDA脚本, 用于去除恶意代码nymaim的混淆,创建干净的idb
- [9星][4y] [Python]nfarrar/ida-colorschemes A .clr colorscheme generator for IDA Pro 6.4+.
- [9星][5y] [Ruby]rogwfu/plympton Library to work with yaml exported IDA Pro information and run statistics
- [8星][5y] [python]daniel_plohmann/idapatchwork None
- [8星][2y] [C++]ecx86/ida7-segmentselect IDA-SegmentSelect library by sirmabus, ported to IDA 7
- [8星][1y] [Python]lanhikari22/gba-ida-pseudo-terminal IDAPython tools to aid with analysis, disassembly and data extraction using IDA python commands, tailored for the GBA architecture at some parts
- [8星][2d] [C++]nlitsme/idcinternals 研究IDC脚本的内部表现形式
- [8星][3y] [Python]pwnslinger/ibt IDA Pro Back Tracer - Initial project toward automatic customized protocols structure extraction
- [8星][2y] [C++]shazar14/idadump An IDA Pro script to verify binaries found in a sample and write them to disk
- [7星][2y] [Python]swackhamer/ida_scripts IDAPython脚本(无文档)
- [7星][8mo] [Python]techbliss/ida_pro_http_ip_geolocator ida_pro_http_ip_geolocator:IDA 插件,查找网址并解析为 ip,通过Google 地图查看
- [7星][5y] [Python]techbliss/processor-changer 修改处理器(需重新打开IDA)
- [7星][1y] [C++]tenable/mida 提取RPC接口,重新创建关联的IDL文件
- [6星][2y] [CMake]elemecca/cmake-ida 使用CMake构建IDA Pro模块
- [6星][2y] [Python]fireundubh/ida7-alleycat Alleycat plugin by devttys0, ported to IDA 7
- [6星][7mo] [Python]geosn0w/dumpanywhere64 An IDA (Interactive Disassembler) script that can save a chunk of binary from an address.
- [6星][1y] [C++]ecx86/ida7-hexrays-invertif Hex-Rays Invert if statement plugin for IDA 7.0
- [5星][2y] [Python]andreafioraldi/idavshelp 在IDA中集成VS的帮助查看器
- [5星][1y] [C++]lab313ru/m68k_fixer IDA Pro plugin fixer for m68k
- [5星][5y] [C#]npetrovski/ida-smartpatcher IDA apply patch GUI
- [5星][4y] [Python]tmr232/tarkus Plugin Manager for IDA Pro
- [4星][2y] [Python]andreafioraldi/idaretaddr 在IDA调试器中高亮函数的返回地址
- [4星][4mo] [Python]fdiskyou/ida-plugins IDAPython脚本(无文档)
- [4星][1mo] [Python]gitmirar/idaextapi IDA API utlitites
- [4星][3y] [Python]hustlelabs/joseph IDA Viewer Plugins
- [4星][1y] savagedd/samp-server-idb None
- [4星][4w] [Python]spigwitmer/golang_struct_builder IDA 7.0+ script that auto-generates structs and interfaces from runtime metadata found in golang binaries
- [3星][4y] [Python]ayuto/discover_win 对比Linux和Windows二进制文件,对Windows文件未命名的函数进行自动重命名
- [3星][8mo] [Python]gdataadvancedanalytics/ida-python None
- [3星][2y] [Python]ypcrts/ida-pro-segments It's very hard to load multiple files in the IDA GUI without it exploding. This makes it easy.
- [3星][1y] abarbatei/ida-utils links, information and helper scripts for IDA Pro
- [2星][2y] [C++]ecx86/ida7-oggplayer IDA-OggPlayer library by sirmabus, ported to IDA 7
- [2星][2y] [Python]mayl8822/ida 快速执行谷歌/百度/Bing搜索
- [2星][5y] [C++]nihilus/ida-x86emu x86模拟执行
- [2星][4y] [Python]nihilus/idapatchwork Stitching against malware families with IDA Pro
- [2星][2y] [Python]sbouber/idaplugins None
- [2星][3w] [Python]psxvoid/idapython-debugging-dynamic-enrichment None
- [1星][2y] [Python]andreafioraldi/idamsdnhelp 打开MSDN帮助搜索页
- [1星][4mo] [Python]farzonl/idapropluginlab3 通过静态分析使用的函数,描述恶意代码的行为
- [1星][1y] [Python]farzonl/idapropluginlab4 An ida pro plugin that tracks def use chains of a given x86 binary.
- [0星][1mo] [Python]voidsec/ida-helpers Collection of IDA helpers
收集
- [1715星][4w] onethawt/idaplugins-list IDA插件收集
- [349星][8mo] fr0gger/awesome-ida-x64-olly-plugin IDA x64DBG OllyDBG 插件收集
- [10星][1y] [Python]ecx86/ida-scripts IDA Pro/Hex-Rays configs, scripts, and plugins收集
结构体&&类的检测&&创建&&恢复
未分类
- [648星][4mo] [Python]igogo-x86/hexrayspytools 结构体和类重建插件
- [137星][4y] [C++]nihilus/hexrays_tools 辅助结构体定义和需函数检测
- [4星][3y] [C#]andreafioraldi/idagrabstrings IDAPython plugin to search strings in a specified range of addresses and map it to a C struct
C++类&&虚表
- [591星][2mo] [Python]0xgalz/virtuailor IDAPython tool for creating automatic C++ virtual tables in IDA Pro
- [167星][8mo] [C++]ecx86/classinformer-ida7 ClassInformer backported for IDA Pro 7.0
- [128星][2y] [Python]nccgroup/susanrtti RTTI解析插件
- [65星][7y] [C]nektra/vtbl-ida-pro-plugin Identifying Virtual Table Functions using VTBL IDA Pro Plugin + Deviare Hooking Engine
- [35星][5y] [C++]nihilus/ida_classinformer IDA ClassInformer PlugIn
- [32星][2y] [Python]krystalgamer/dec2struct 使用类定义/声明文件,在 IDA 中轻松创建虚表
- [16星][2y] [C++]mwl4/ida_gcc_rtti Class informer plugin for IDA which supports parsing GCC RTTI
外观&&主题
- [708星][5mo] [Python]zyantific/idaskins 皮肤插件
- [257星][7y] eugeneching/ida-consonance 黑色皮肤插件
- [103星][5mo] [CSS]0xitx/ida_nightfall 黑色主题插件
- [58星][7y] gynophage/solarized_ida Solarized黑色主题
- [10星][7y] [Python]luismiras/ida-color-scripts 导入导出颜色主题
- [8星][2y] [CSS]gbps/x64dbg-consonance-theme 黑色的x64dbg主题
- [6星][5y] [Python]techbliss/ida-styler 修改IDA样式
- [3星][1mo] rootbsd/ida_pro_zinzolin_theme zinzolin主题
- [1星][11mo] [C]albertzsigovits/idc-dark A dark-mode color scheme for Hex-Rays IDA using idc
固件&&嵌入式设备
- [5079星][2d] [Python]refirmlabs/binwalk 固件分析工具(命令行+IDA插件)
- [483星][3mo] [Python]maddiestone/idapythonembeddedtoolkit 自动分析嵌入式设备的固件
- [172星][2y] [Python]duo-labs/idapython Duo 实验室使用的IDAPython 脚本收集
- 重复区段: 工具/针对特定分析目标/Apple&&iOS&&Objective-C |
- cortex_m_firmware 整理包含ARM Cortex M微控制器固件的IDA Pro数据库
- amnesia 使用字节级启发式在IDA Pro数据库中的未定义字节中查找ARM Thumb指令
- REobjc 在Objective-C的调用函数和被调用函数之间进行适当的交叉引用
- [88星][6d] [Python]pagalaxylab/vxhunter 用于分析基于VxWorks的嵌入式设备的工具集
签名(FLIRT等)&&比较(Diff)&&匹配
未分类
- [415星][2w] [C]mcgill-dmas/kam1n0-community 汇编代码管理与分析平台(独立工具+IDA插件)
- 重复区段: 工具/作为辅助&&构成其他的一环 |
- IDA插件
- kam1n0
- [146星][12mo] [C++]ajkhoury/sigmaker-x64 IDA Pro 7.0 compatible SigMaker plugin
- [128星][1y] [Python]cisco-talos/bass 从先前生成的恶意软件集群的样本中自动生成AV签名
- [71星][4y] [Python]icewall/bindifffilter IDA Pro plugin making easier work on BinDiff results
- [68星][5y] [Python]arvinddoraiswamy/slid 静态链接库检测
- [50星][4w] [Python]vrtadmin/first-plugin-ida 函数识别与签名恢复工具
- [44星][1y] [Python]l4ys/idasignsrch 签名搜索
- [33星][3y] [Python]g4hsean/binauthor 识别未知二进制文件的作者
- [31星][1y] [Python]cisco-talos/casc 在IDA的反汇编和字符串窗口中, 辅助创建ClamAV NDB 和 LDB签名
- [25星][2y] [LLVM]syreal17/cardinal Similarity Analysis to Defeat Malware Compiler Variations
- [23星][4mo] [Python]xorpd/fcatalog_server Functions Catalog
- [21星][3y] [Python]xorpd/fcatalog_client fcatalog idapython client
- [18星][5y] [Python]zaironne/snippetdetector IDA Python scripts project for snippets detection
- [16星][8y] [C++]alexander-pick/idb2pat idb2pat plugin, fixed to work with IDA 6.2
- [14星][7y] [Standard ML]letsunlockiphone/iphone-baseband-ida-pro-signature-files IDA PRO signature files that can be used in reversing the iPhone baseband. On an iPhone 4 firmware can pickup upto 800 functions when all the sigs applied.
- [0星][1y] [Python]gh0st3rs/idaprotosync 在2个或多个函数中识别函数原型
FLIRT签名
FLIRT签名收集
- [581星][1y] [Max]maktm/flirtdb A community driven collection of IDA FLIRT signature files
- [299星][3mo] push0ebp/sig-database IDA FLIRT Signature Database
- [4星][7mo] cloudwindby/ida-pro-sig IDA PRO FLIRT signature files MSVC2017的sig文件
FLIRT签名生成
- [56星][9mo] [Python]push0ebp/allirt Tool that converts All of libc to signatures for IDA Pro FLIRT Plugin. and utility make sig with FLAIR easily
- [40星][7mo] [Python]nwmonster/applysig Apply IDA FLIRT signatures for Ghidra
- 重复区段: 工具/导入导出&与其他工具交互/Ghidra |
Diff&&Match工具
- [1520星][1w] [Python]joxeankoret/diaphora program diffing
- [349星][2mo] [Python]checkpointsw/karta Karta - source code assisted fast binary matching plugin for IDA
- [327星][11mo] [Python]joxeankoret/pigaios A tool for matching and diffing source codes directly against binaries.
- [136星][12mo] [Python]nirizr/rematch REmatch, a complete binary diffing framework that is free and strives to be open source and community driven.
- [94星][6mo] [Visual Basic]dzzie/idacompare IDA disassembly level diffing tool, - read more->
- [72星][5y] [Python]binsigma/binsourcerer 反汇编与源码匹配
- [72星][4y] [C]nihilus/ida_signsrch signsrch签名匹配
- [71星][3y] vrtadmin/first 函数识别和签名恢复, 带服务器
- [51星][5y] [C++]filcab/patchdiff2 IDA binary differ. Since code.google.com/p/patchdiff2/ seemed abandoned, I did the obvious thing…
- [14星][2y] [Python]0x00ach/idadiff IDAPython脚本,使用@Heurs MACHOC algorithm (https://github.com/ANSSI-FR/polichombr)算法创建二进制文件的CFG Hash,与其他样本对比。如果发现1-1关系,则重命名
- [14星][5y] [C++]binsigma/binclone 检测恶意代码中的相似代码
Yara
- [418星][2w] [Python]polymorf/findcrypt-yara 查找加密常量
- [92星][3w] [Python]hyuunnn/hyara 辅助编写Yara规则
- [81星][1y] [Python]oalabs/findyara 使用Yara规则扫描二进制文件
- [16星][10mo] [Python]bnbdr/ida-yara-processor 针对已编译Yara规则文件的Loader&&Processor
- 重复区段: 工具/针对特定分析目标/Loader&Processor |
- [14星][1y] [Python]alexander-hanel/ida_yara 使用Yara扫描IDB数据
- [14星][12mo] [Python]souhailhammou/idaray-plugin IDARay is an IDA Pro plugin that matches the database against multiple YARA files which themselves may contain multiple rules.
IDB操作
- [312星][5mo] [Python]williballenthin/python-idb idb 文件解析和分析工具
- [135星][11mo] [Python]nccgroup/idahunt 在IDA外部使用IDAPython脚本, 批量创建/读取/解析IDB文件, 可编写自己的IDB分析脚本,命令行工具,
- [84星][4mo] [C++]nlitsme/idbutil 从 IDA 数据库中提取数据,支持 idb 及 i64
- [78星][2mo] [Python]nlitsme/pyidbutil A python library for reading IDA pro databases.
协作逆向&&多人操作相同IDB文件
- [504星][10mo] [Python]idarlingteam/idarling 多人协作插件
- [257星][12mo] [C++]dga-mi-ssi/yaco 利用Git版本控制,同步多人对相同二进制文件的修改
- [88星][5y] [Python]cubicalabs/idasynergy 集成了版本控制系统(svn)的IDA插件
- [70星][6d] [C++]cseagle/collabreate Hook IDA的事件通知,将事件涉及的修改内容广播到中心服务器,中心服务器转发给其他分析相同文件的用户
- [4星][2y] [python]argussecurity/psida IDAPython脚本收集,当前只有协作逆向的脚本
与调试器同步&&通信&&交互
- [444星][1w] [C]bootleg/ret-sync 在反汇编工具和调试器之间同步调试会话
- [283星][9mo] [C]a1ext/labeless 在IDA和调试器之间无缝同步Label/注释等
- [166星][11mo] [Python]andreafioraldi/idangr 在IDA中使用angrdbg调试器进行调试
- [128星][2y] [Python]comsecuris/gdbida 使用GDB调试时,在IDA中自动跟随当前GDB的调试位置
- [98星][4y] [C++]quarkslab/qb-sync 使用调试器调试时,自动在IDA中跟随调试位置
- [43星][2mo] [JavaScript]sinakarvandi/windbg2ida 在IDA中显示Windbg调试的每个步骤
- [36星][9mo] [Python]anic/ida2pwntools IDA插件,远程连接pwntools启动的程序进行pwn调试
- [28星][1y] [Python]iweizime/dbghider 向被调试进程隐藏IDA调试器
导入导出&与其他工具交互
未分类
- [158星][2w] [Python]x64dbg/x64dbgida Official x64dbg plugin for IDA Pro.
- [143星][2w] [C++]alschwalm/dwarfexport Export dwarf debug information from IDA Pro
- [125星][7mo] [Python]danigargu/syms2elf A plugin for Hex-Ray's IDA Pro and radare2 to export the symbols recognized to the ELF symbol table
- 重复区段: 工具/ELF |
- [123星][2w] [Python]radare/radare2ida Tools, documentation and scripts to move projects from IDA to R2 and viceversa
- [95星][2y] [Python]robindavid/idasec IDA插件,与Binsec 平台进行交互
- [79星][5y] [Python]techbliss/frida_for_ida_pro 在IDA中使用Frida, 主要用于追踪函数
- [58星][7mo] [Python]binaryanalysisplatform/bap-ida-python IDAPython脚本,在IDA中集成BAP
- [43星][3y] [Batchfile]maldiohead/idapin plugin of ida with pin
- [35星][5y] [Python]siberas/ida2sym IDAScript to create Symbol file which can be loaded in WinDbg via AddSyntheticSymbol
- [29星][5y] [C++]oct0xor/deci3dbg Ida Pro debugger module for Playstation 3
- 重复区段: 工具/针对特定分析目标/PS3&&PS4 |
- [28星][4mo] [C++]thalium/idatag IDA plugin to explore and browse tags
- [19星][2y] [Python]brandon-everhart/angryida 在IDA中集成angr二进制分析框架
- [18星][1y] [Python]kkhaike/tinyidb Some python scripts are used to export userdata from huge idb(ida's database),ida 7.0 support only
- [16星][4y] [C++]m417z/mapimp This is an OllyDbg plugin which will help you to import map files exported by IDA, Dede, IDR, Microsoft and Borland linkers.
- [8星][7y] [C++]patois/madnes 从IDB中导出符号和名称,使可在FCEUXD SP中导入
- [3星][1y] [Python]r00tus3r/differential_debugging Differential debugging using IDA Python and GDB
Ghidra
- [282星][2mo] [Python]cisco-talos/ghida 在IDA中集成Ghidra反编译器
- [233星][7mo] [Python]daenerys-sre/source 使IDA和Ghidra脚本通用, 无需修改
- [84星][2mo] [Python]cisco-talos/ghidraaas 通过REST API暴露Ghidra分析服务, 也是GhIDA的后端
- [47星][3w] [Python]utkonos/lst2x64dbg Extract labels from IDA .lst or Ghidra .csv file and export x64dbg database.
- [40星][7mo] [Python]nwmonster/applysig Apply IDA FLIRT signatures for Ghidra
BinNavi
- [377星][3d] [C++]google/binexport 将反汇编以Protocol Buffer的形式导出为PostgreSQL数据库, 导入到BinNavi中使用
- [213星][3y] [PLpgSQL]cseagle/freedom 从IDA中导出反汇编信息, 导入到binnavi中使用
- [25星][7y] [Python]tosanjay/bopfunctionrecognition This python/jython script is used as plugin to BinNavi tool to analyze a x86 binanry file to find buffer overflow prone functions. Such functions are important for vulnerability analysis.
BinaryNinja
- [67星][7mo] [Python]lunixbochs/revsync IDA和Binja实时同步插件
- [60星][4mo] [Python]zznop/bnida Suite of plugins that provide the ability to transfer analysis data between Binary Ninja and IDA
- [14星][4mo] [Python]cryptogenic/idc_importer A Binary Ninja plugin for importing IDC database dumps from IDA.
针对特定分析目标
未分类
- [537星][2y] [Python]anatolikalysch/vmattack 基于虚拟化的壳的分析(静态/动态)与反混淆
- 重复区段: 工具/反混淆 |
- [195星][3y] [Python]f8left/decllvm 针对OLLVM的IDA分析插件
- [93星][3mo] [Python]themadinventor/ida-xtensa IDAPython plugin for Tensilica Xtensa (as seen in ESP8266)
- [81星][4y] [C++]wjp/idados DOSBox调试器插件
- 重复区段: 工具/调试&&动态运行&动态数据/未分类 |
- [72星][2mo] [Python]coldzer0/ida-for-delphi 针对Delphi的IDAPython脚本,从 Event Constructor (VCL)中获取所有函数名称
- [59星][1y] [Python]isra17/nrs 脱壳并分析NSIS installer打包的文件
- [52星][3mo] [Python]giantbranch/mipsaudit IDA MIPS静态扫描脚本,汇编审计辅助脚本
- [50星][4mo] [C++]troybowman/dtxmsg 辅助逆向DTXConnectionServices 框架
- [47星][2y] [C++]antid0tecom/aarch64_armv81extension IDA AArch64 处理器扩展:添加对ARMv8.1 opcodes的支持
- [47星][8mo] [C]lab313ru/smd_ida_tools Sega Genesis/MegaDrive ROM文件加载器,Z80音频驱动加载器,IDA Pro调试器
- [33星][1y] [Python]kasperskylab/actionscript3 SWF Loader、ActionScript3 Processor和 IDA 调试辅助插件
- [27星][4y] [C++]nihilus/ida-pro-swf 处理SWF文件
- [23星][3y] [Python]pfalcon/ida-xtensa2 IDAPython plugin for Tensilica Xtensa (as seen in ESP8266), version 2
- [21星][10mo] [Python]howmp/comfinder IDA plugin for COM
- [20星][5y] [Python]digitalbond/ibal 辅助Bootrom分析
- [17星][3y] [Python]tylerha97/swiftdemang Demangle Swift
- [17星][2y] [C]andywhittaker/idaproboschme7x IDA Pro Bosch ME7x C16x Disassembler Helper
- [16星][3y] [Python]0xdeva/ida-cpu-risc-v RISCV-V disassembler for IDA Pro
- [15星][5y] [Python]dolphin-emu/gcdsp-ida An IDA plugin for GC DSP reverse engineering
- [11星][2y] [C++]hyperiris/gekkops Nintendo GameCube Gekko CPU Extension plug-in for IDA Pro 5.2
- [8星][3y] [Python]thngkaiyuan/mynaim Nymaim 家族样本反混淆插件
- 重复区段: 工具/反混淆 |
- [4星][1y] [Python]immortalp0ny/fyvmdisassembler IDAPython scripts for devirtualization/disassembly FinSpy VM
- [4星][3y] [Python]neogeodev/idaneogeo NeoGeo binary loader & helper for the Interactive Disassembler
- [4星][7mo] [C]lacike/gandcrab_string_decryptor IDC script for decrypting strings in the GandCrab v5.1-5.3
- [2星][3mo] [C]extremlapin/glua_c_headers_for_ida Glua module C headers for IDA
- [2星][4mo] [Python]lucienmp/idapro_m68k 扩展IDA对m68k的支持,添加gdb step-over 和类型信息支持
- [0星][7mo] [C]0xd0cf11e/idcscripts idc脚本
- emotet-decode 解码emotet
- [0星][4w] [C++]marakew/emuppc PowerPC模拟器,脱壳某些 PowerPC 二进制文件
GoLang
- [362星][8mo] [Python]sibears/idagolanghelper 解析Go语言编译的二进制文件中的GoLang类型信息
- [279星][2w] [Python]strazzere/golang_loader_assist 辅助Go逆向
Windows驱动
- [302星][1y] [Python]fsecurelabs/win_driver_plugin A tool to help when dealing with Windows IOCTL codes or reversing Windows drivers.
- [216星][12mo] [Python]nccgroup/driverbuddy 辅助逆向Windows内核驱动
- [73星][4y] [Python]tandasat/winioctldecoder IDA插件,将Windows设备IO控制码解码成为DeviceType, FunctionCode, AccessType, MethodType.
- [23星][1y] [C]ioactive/kmdf_re 辅助逆向KMDF驱动
Apple&&iOS&&Objective-C
- [483星][3mo] [Python]maddiestone/idapythonembeddedtoolkit 自动分析嵌入式设备的固件
- 重复区段: 工具/固件&&嵌入式设备 |
- [172星][2y] [Python]duo-labs/idapython Duo 实验室使用的IDAPython 脚本收集
- 重复区段: 工具/固件&&嵌入式设备 |
- cortex_m_firmware 整理包含ARM Cortex M微控制器固件的IDA Pro数据库
- amnesia 使用字节级启发式在IDA Pro数据库中的未定义字节中查找ARM Thumb指令
- REobjc 在Objective-C的调用函数和被调用函数之间进行适当的交叉引用
- [168星][12mo] [Python]bazad/ida_kernelcache 使用IDA Pro重建iOS内核缓存的C++类
- [167星][8y] [Python]zynamics/objc-helper-plugin-ida 辅助Objective-C二进制文件的分析
- [137星][8y] stefanesser/ida-ios-toolkit 辅助处理iOS kernelcache的IDAPython收集
- [50星][1y] [Python]synacktiv-contrib/kernelcache-laundering load iOS12 kernelcaches and PAC code in IDA
PS3&&PS4
- [68星][1mo] [C]aerosoul94/ida_gel A collection of IDA loaders for various game console ELF's. (PS3, PSVita, WiiU)
- [55星][7y] [C++]kakaroto/ps3ida IDA scripts and plugins for PS3
- [44星][2y] [C]aerosoul94/dynlib IDA Pro plugin to aid PS4 user mode ELF reverse engineering.
- 重复区段: 工具/ELF |
- [29星][5y] [C++]oct0xor/deci3dbg Ida Pro debugger module for Playstation 3
- 重复区段: 工具/导入导出&与其他工具交互/未分类 |
Loader&Processor
- [205星][1y] [Python]fireeye/idawasm WebAssembly loader & processor
- [158星][4w] [Python]nforest/droidimg Android/Linux vmlinux loader
- 重复区段: 工具/Android |工具/ELF |
- [155星][2y] [Python]crytic/ida-evm IDA Processor Module for the Ethereum Virtual Machine (EVM)
- [137星][2w] [Python]argp/iboot64helper IDAPython loader to help with AArch64 iBoot, iBEC, and SecureROM reverse engineering
- [125星][2y] [C]gsmk/hexagon IDA processor module for the hexagon (QDSP6) processor
- [105星][1y] pgarba/switchidaproloader Loader for IDA Pro to support the Nintendo Switch NRO binaries
- [72星][2y] [Python]embedi/meloader 加载英特尔管理引擎固件
- [53星][5mo] [C++]mefistotelis/ida-pro-loadmap Plugin for IDA Pro disassembler which allows loading .map files.
- [37星][11mo] [C++]patois/nesldr Nintendo Entertainment System (NES) ROM loader module for IDA Pro
- [35星][1y] [Python]bnbdr/ida-bpf-processor BPF Processor for IDA Python
- [32星][5y] [Python]0xebfe/3dsx-ida-pro-loader IDA PRO Loader for 3DSX files
- [32星][1y] [C++]teammolecule/toshiba-mep-idp IDA Pro module for Toshiba MeP processors
- [28星][4y] [C]gdbinit/teloader A TE executable format loader for IDA
- [27星][3y] [Python]w4kfu/ida_loader loader module 收集
- [25星][2mo] [Python]ghassani/mclf-ida-loader An IDA file loader for Mobicore trustlet and driver binaries
- [23星][1y] [C++]balika011/belf Balika011's PlayStation 4 ELF loader for IDA Pro 7.0/7.1
- [23星][6y] vtsingaras/qcom-mbn-ida-loader IDA loader plugin for Qualcomm Bootloader Stages
- [20星][3y] [C++]patois/ndsldr Nintendo DS ROM loader module for IDA Pro
- [18星][8y] [Python]rpw/flsloader IDA Pro loader module for Infineon/Intel-based iPhone baseband firmwares
- [17星][7mo] [C++]gocha/ida-snes-ldr SNES ROM Cartridge File Loader for IDA (Interactive Disassembler) 6.x
- [16星][10mo] [Python]bnbdr/ida-yara-processor 针对已编译Yara规则文件的Loader&&Processor
- 重复区段: 工具/签名(FLIRT等)&&比较(Diff)&&匹配/Yara |
- [16星][7mo] [C++]gocha/ida-65816-module SNES 65816 processor plugin for IDA (Interactive Disassembler) 6.x
- [16星][12mo] [Python]lcq2/riscv-ida RISC-V ISA processor module for IDAPro 7.x
- [16星][1y] [Python]ptresearch/nios2 IDA Pro processor module for Altera Nios II Classic/Gen2 microprocessor architecture
- [13星][2y] [Python]patois/necromancer IDA Pro V850 Processor Module Extension
- [13星][1y] [Python]rolfrolles/hiddenbeeloader IDA loader module for Hidden Bee's custom executable file format
- [10星][4y] [C++]areidz/nds_loader Nintendo DS loader module for IDA Pro 6.1
- [10星][6y] [python]cycad/mbn_loader IDA Pro Loader Plugin for Samsung Galaxy S4 ROMs
- [7星][1y] [C++]fail0verflow/rl78-ida-proc Renesas RL78 processor module for IDA
- [5星][7mo] [C++]gocha/ida-spc700-module SNES SPC700 processor plugin for IDA (Interactive Disassembler)
- [3星][7mo] [C++]gocha/ida-snes_spc-ldr SNES-SPC700 Sound File Loader for IDA (Interactive Disassembler)
- [2星][1mo] [C]cisco-talos/ida_tilegx This is an IDA processor module for the Tile-GX processor architecture
PDB
- [62星][3mo] [C++]mixaill/fakepdb 通过IDA数据库生成PDB文件
- [38星][1y] [Python]ax330d/ida_pdb_loader IDA PDB Loader
- [14星][1y] [CMake]gdataadvancedanalytics/bindifflib Automated library compilation and PDB annotation with CMake and IDA Pro
- [2星][4mo] [Python]clarkb7/annotate_lineinfo Annotate IDA with source and line number information from a PDB
IDAPython本身
未分类
- [706星][3w] [Python]idapython/src IDAPython源码
- [362星][4w] [Python]tmr232/sark IDAPython的高级抽象
- [249星][2y] [Python]intezer/docker-ida 在Docker容器中执行IDA, 以自动化/可扩展/分布式的方式执行IDAPython脚本
- [79星][4y] idapython/bin IDAPython binaries
- [65星][2y] [Python]alexander-hanel/idapython6to7 None
cheatsheets
- [230星][1mo] [Python]inforion/idapython-cheatsheet Scripts and cheatsheets for IDAPython
指令参考&文档
- [493星][11mo] [PLpgSQL]nologic/idaref 指令参考插件.
- [441星][3mo] [C++]alexhude/friend 反汇编显示增强, 文档增强插件
- 重复区段: 工具/效率&&导航&&快速访问&&图形&&图像&&可视化 /其他 |
- [240星][2y] [Python]gdelugre/ida-arm-system-highlight 用于高亮和解码 ARM 系统指令
- [103星][2w] [Python]neatmonster/amie 针对ARM架构的
FRIEND插件, 文档增强 - [45星][8y] [Python]zynamics/msdn-plugin-ida Imports MSDN documentation into IDA Pro
- [25星][3y] [AutoIt]yaseralnajjar/ida-msdn-helper IDA Pro MSDN Helper
辅助脚本编写
- [258星][6d] [Python]eset/ipyida IPython console integration for IDA Pro
- [231星][2y] [Jupyter Notebook]james91b/ida_ipython 嵌入IPython内核
- [175星][3mo] [Python]techbliss/python_editor 脚本编辑界面
- [134星][t] [Python]arizvisa/ida-minsc IDA-minsc is a plugin for IDA Pro that assists a user with scripting the IDAPython plugin that is bundled with the disassembler. This plugin groups the different aspects of the IDAPython API into a simpler format which allows a reverse engineer to script aspects of their work with very little investment. Smash that "Star" button if you like this.
- [97星][2w] [Python]patois/idapyhelper IDAPython脚本编写辅助
- [74星][3mo] [C++]0xeb/ida-qscripts An IDA plugin to increase productivity when developing scripts for IDA
- [42星][4mo] [C++]0xeb/ida-climacros 在IDA命令行接口中定义和使用静态/动态的宏
- [22星][1y] [Python]nirizr/idasix IDAPython兼容库。创建平滑的IDA开发流程,使相同代码可应用于多个IDA/IDAPython版本
- [20星][3y] [Java]cblichmann/idajava Java integration for Hex-Rays IDA Pro
- [8星][3y] [C++]nlitsme/idaperl 在IDA中使用Perl编写脚本
- [5星][2y] [C++]patois/ida_vs2017 IDA 7.x VS 2017 项目模板
- [4星][6mo] inndy/idapython-cheatsheet scripting IDA like a Pro
- [4星][5y] [JavaScript]nihilus/ida-pro-plugin-wizard-for-vs2013 None
古老的
- [286星][5y] [Python]aaronportnoy/toolbag 反编译强化插件
- [163星][4y] [Python]osirislab/fentanyl 简化打补丁
- [127星][6y] [C++]crowdstrike/crowddetox None
- [94星][5y] [Python]nihilus/ida-idc-scripts 多个IDC脚本收集
- [83星][6y] [Python]einstein-/hexrays-python Python bindings for the Hexrays Decompiler
- [76星][5y] [PHP]v0s/plus22 Tool to analyze 64-bit binaries with 32-bit Hex-Rays Decompiler
- [63星][5y] [C]nihilus/idastealth None
- [40星][6y] [C++]wirepair/idapinlogger Logs instruction hits to a file which can be fed into IDA Pro to highlight which instructions were called.
- [39星][10y] izsh/ida-python-scripts IDA Python Scripts
- [39星][8y] [Python]zynamics/bincrowd-plugin-ida BinCrowd Plugin for IDA Pro
- [35星][8y] [Python]zynamics/ida2sql-plugin-ida None
- [27星][4y] [C++]luorui110120/idaplugins 一堆IDA插件,无文档
- [21星][10y] [C++]sporst/ida-pro-plugins Collection of IDA Pro plugins I wrote over the years
- [18星][10y] [Python]binrapt/ida Python script which extracts procedures from IDA Win32 LST files and converts them to correctly dynamically linked compilable Visual C++ inline assembly.
- [15星][7y] [Python]nihilus/optimice None
- [10星][10y] jeads-sec/etherannotate_ida EtherAnnotate IDA Pro Plugin - Parse EtherAnnotate trace files and markup IDA disassemblies with runtime values
- [6星][10y] [C]jeads-sec/etherannotate_xen EtherAnnotate Xen Ether Modification - Adds a feature to Ether that pulls register values and potential string values at each instruction during an instruction trace.
调试&&动态运行&动态数据
未分类
- [388星][11mo] [C++]cseagle/sk3wldbg 用Unicorn引擎做后端的调试插件
- 重复区段: 工具/模拟器集成 |
- [184星][5y] [C++]nihilus/scyllahide 用户模式反-反调试
- [102星][1mo] [Python]danielplohmann/apiscout 简化导入API恢复。可以从内存中恢复API信息。包含命令行版本和IDA插件。可以处理PE头被抹掉等ImpRec/ImpRec无法处理的情况。
- [81星][4y] [C++]wjp/idados DOSBox调试器插件
- 重复区段: 工具/针对特定分析目标/未分类 |
- [56星][7y] [Python]cr4sh/ida-vmware-gdb 辅助Windows内核调试
- [38星][2y] [Python]thecjw/ida_android_script 辅助Android调试的IDAPython脚本
- 重复区段: 工具/Android |
- [22星][5y] [Python]techbliss/scylladumper Ida Plugin to Use the Awsome Scylla plugin
- [14星][5y] [Python]techbliss/free_the_debuggers 自动加载并执行调试器插件??
- [0星][2y] [Python]benh11235/ida-windbglue 与远程WinDBG调试服务器进行连接的"胶水"脚本
DBI数据
- [923星][11mo] [Python]gaasedelen/lighthouse 从DBI中收集代码覆盖情况,在IDA/Binja中映射、浏览、查看
- coverage-frida 使用Frida收集信息
- coverage-pin 使用Pin收集覆盖信息
- 插件 支持IDA和BinNinja
- [129星][3y] [Python]friedappleteam/frapl 在Frida Client和IDA之间建立连接,将运行时信息直接导入IDA,并可直接在IDA中控制Frida
- [121星][5y] [C++]zachriggle/ida-splode 使用Pin收集动态运行数据, 导入到IDA中查看
- [116星][2y] [C++]0xphoenix/mazewalker 使用Pin收集数据,导入到IDA中查看
- [88星][8y] [C]neuroo/runtime-tracer 使用Pin收集运行数据并在IDA中显示
- [79星][3y] [Python]davidkorczynski/repeconstruct 自动脱壳并重建二进制文件
- [51星][10mo] [Python]cisco-talos/dyndataresolver 动态数据解析: 在IDA中控制DyRIO执行程序的指定部分, 记录执行过程后传回数据到IDA
- [20星][8mo] [C++]secrary/findloop 使用DyRIO查找执行次数过多的代码块
- [15星][11mo] [C++]agustingianni/instrumentation PinTool收集。收集数据可导入到IDA中
调试数据
- [383星][3mo] [Python]ynvb/die 使用IDA调试器收集动态运行信息, 辅助静态分析
- [378星][4y] [Python]deresz/funcap 使用IDA调试时记录动态信息, 辅助静态分析
- [103星][3y] [Python]c0demap/codemap Hook IDA,调试命中断点时将寄存器/内存信息保存到数据库,在web浏览器中查看
反编译器
- [1660星][6mo] [C++]yegord/snowman Snowman decompiler
- [465星][4y] [Python]einstein-/decompiler 多后端的反编译器, 支持IDA和Capstone.
- [399星][2mo] [C++]avast/retdec-idaplugin retdec 的 IDA 插件
- [291星][5y] [C++]smartdec/smartdec 反编译器, 带IDA插件(进阶版为: snowman)
反混淆
- [537星][2y] [Python]anatolikalysch/vmattack 基于虚拟化的壳的分析(静态/动态)与反混淆
- 重复区段: 工具/针对特定分析目标/未分类 |
- [285星][3mo] [C++]rolfrolles/hexraysdeob 利用Hex-Rays microcode API破解编译器级别的混淆
- 重复区段: 工具/Microcode |
- [201星][2y] [Python]tkmru/nao 移除死代码(dead code), 基于Unicorn引擎
- 重复区段: 工具/模拟器集成 |
- [47星][2y] [Python]riscure/drop-ida-plugin Experimental opaque predicate detection for IDA Pro
- [22星][3mo] [Python]jonathansalwan/x-tunnel-opaque-predicates IDA+Triton plugin in order to extract opaque predicates using a Forward-Bounded DSE. Example with X-Tunnel.
- [8星][3y] [Python]thngkaiyuan/mynaim Nymaim 家族样本反混淆插件
- 重复区段: 工具/针对特定分析目标/未分类 |
效率&&导航&&快速访问&&图形&&图像&&可视化
其他
-
[1312星][1y] [C++]rehints/hexrayscodexplorer 反编译插件, 多功能
-
[441星][3mo] [C++]alexhude/friend 反汇编显示增强, 文档增强插件
- 重复区段: 工具/指令参考&文档 |
-
[362星][4w] [Python]l4ys/lazyida 若干快速访问功能, 扫描字符串格式化漏洞
-
重复区段: 工具/漏洞 |
查看详情
功能
- 快速移除函数返回类型
- 数据格式(format)快速转换
- 扫描字符串格式化漏洞
- 双击跳转vtable函数
- 快捷键: w/c/v
-
-
[325星][2mo] [Python]pfalcon/scratchabit 交互式反汇编工具, 有与IDAPython兼容的插件API
-
[222星][6mo] [Python]patois/dsync 反汇编和反编译窗口同步插件
-
[181星][2w] [Python]danigargu/dereferencing 调试时寄存器和栈显示增强
-
[178星][5mo] [Python]hasherezade/ida_ifl 交互式函数列表
-
[130星][2y] [Python]comsecuris/ida_strcluster 扩展IDA的字符串导航功能
-
[98星][1y] [Python]darx0r/stingray 递归查找函数和字符串
-
[80星][1y] [Python]ax330d/functions-plus 解析函数名称,按命名空间分组,将分组结果以树的形式展示
-
[48星][2mo] [C++]jinmo/ifred IDA command palette & more (Ctrl+Shift+P, Ctrl+P)
-
[23星][6y] [C++]cr4sh/ida-ubigraph IDA Pro plug-in and tools for displaying 3D graphs of procedures using UbiGraph
-
[17星][2y] [Python]tmr232/graphgrabber 获取IDA图的全分辨率图像
-
[5星][2y] [Python]handsomematt/ida_func_ptr 右键菜单中快速拷贝函数指针定义
显示增强
- [200星][4w] [Python]patois/idacyber 交互式数据可视化插件
- [103星][2y] [Python]danigargu/idatropy 使用idapython和matplotlib的功能生成熵和直方图的图表
- [89星][5mo] [Python]patois/hrdevhelper 反编译函数CTree可视化
- [47星][4w] [Python]patois/xray 根据正则表达式对IDA反编译输出的特定内容进行高亮显示
- [20星][3mo] [C++]revspbird/hightlight 反编译窗口中代码块和括号高亮
- [5星][3y] [Python]oct0xor/ida_pro_graph_styling call/jump指令高亮显示
- [5星][1y] [C]teppay/ida 指令高亮,黑色主题
图形&&图像
- [2560星][4mo] [Java]google/binnavi 二进制分析IDE, 对反汇编代码的控制流程图和调用图进行探查/导航/编辑/注释.(IDA插件的作用是导出反汇编)
- [231星][2y] [C++]fireeye/simplifygraph 复杂graphs的简化
搜索
- [149星][2y] [Python]ga-ryo/idafuzzy 模糊搜索: 命令/函数/结构体
- [64星][3y] [Python]xorpd/idsearch 搜索工具
- [23星][4mo] [Python]alexander-hanel/hansel IDA搜索插件
针对特定CTF
- [130星][2y] [Python]pwning/defcon25-public DEFCON 25 某Talk用到的 反汇编器和 IDA 模块
Android
- [221星][2y] [Python]strazzere/android-scripts Android逆向脚本收集
- [158星][4w] [Python]nforest/droidimg Android/Linux vmlinux loader
- 重复区段: 工具/ELF |工具/针对特定分析目标/Loader&Processor |
- [115星][4y] [Python]cvvt/dumpdex 基于IDA python的Android DEX内存dump工具
- [79星][2y] [Python]zhkl0228/androidattacher IDA debugging plugin for android armv7 so
- [39星][5y] [Python]techbliss/adb_helper_qt_super_version All You Need For Ida Pro And Android Debugging
- [38星][2y] [Python]thecjw/ida_android_script 辅助Android调试的IDAPython脚本
- 重复区段: 工具/调试&&动态运行&动态数据/未分类 |
- [16星][7y] [C++]strazzere/dalvik-header-plugin Dalvik Header Plugin for IDA Pro
iOS&&macOS&&iPhone&&iPad&&iXxx
- [47星][6mo] [C]gdbinit/extractmacho IDA plugin to extract Mach-O binaries located in the disassembly or data
- [18星][2y] aozhimin/ios-monitor-resources 对各厂商的 iOS SDK 性能监控方案的整理和收集后的资源
- [18星][3y] [C]cocoahuke/iosdumpkernelfix This tool will help to fix the Mach-O header of iOS kernel which dump from the memory. So that IDA or function symbol-related tools can loaded function symbols of ios kernel correctly
- [17星][9y] [C++]alexander-pick/patchdiff2_ida6 patched up patchdiff2 to compile and work with IDA 6 on OSX
- [17星][8y] [C]gdbinit/machoplugin IDA plugin to Display Mach-O headers
- [14星][7y] [Standard ML]letsunlockiphone/iphone-baseband-ida-pro-signature-files IDA PRO signature files that can be used in reversing the iPhone baseband. On an iPhone 4 firmware can pickup upto 800 functions when all the sigs applied.
- 重复区段: 工具/签名(FLIRT等)&&比较(Diff)&&匹配/未分类 |
ELF
- [517星][2y] [C]lunixbochs/patchkit 给ELF文件打补丁(命令行+IDA插件)(可编写Python回调,C函数替换等)
- [201星][5y] [C]snare/ida-efiutils 辅助ELF逆向
- [158星][4w] [Python]nforest/droidimg Android/Linux vmlinux loader
- 重复区段: 工具/Android |工具/针对特定分析目标/Loader&Processor |
- [125星][7mo] [Python]danigargu/syms2elf A plugin for Hex-Ray's IDA Pro and radare2 to export the symbols recognized to the ELF symbol table
- 重复区段: 工具/导入导出&与其他工具交互/未分类 |
- [90星][2y] [C++]gdbinit/efiswissknife An IDA plugin to improve (U)EFI reversing
- [83星][2mo] [Python]yeggor/uefi_retool 在UEFI固件和UEFI模块分析中查找专有协议的工具
- [44星][2y] [C]aerosoul94/dynlib IDA Pro plugin to aid PS4 user mode ELF reverse engineering.
- 重复区段: 工具/针对特定分析目标/PS3&&PS4 |
- [44星][4y] [Python]danse-macabre/ida-efitools Some scripts for IDA Pro to assist with reverse engineering EFI binaries
- [42星][4y] [Python]strazzere/idant-wanna ELF header abuse
Microcode
- [285星][3mo] [C++]rolfrolles/hexraysdeob 利用Hex-Rays microcode API破解编译器级别的混淆
- 重复区段: 工具/反混淆 |
- [186星][3mo] [C++]chrisps/hexext 通过操作microcode, 优化反编译器的数据
- [60星][4mo] [Python]patois/genmc 显示Hex-Rays 反编译器的Microcode,辅助开发Microcode插件
- [43星][4w] [Python]idapython/pyhexraysdeob 工具 RolfRolles/HexRaysDeob 的Python版本
- [19星][8mo] [Python]neatmonster/mcexplorer 工具 RolfRolles/HexRaysDeob 的 Python 版本
模拟器集成
- [475星][11mo] [Python]alexhude/uemu 基于Unicorn的模拟器插件
- [388星][11mo] [C++]cseagle/sk3wldbg 用Unicorn引擎做后端的调试插件
- 重复区段: 工具/调试&&动态运行&动态数据/未分类 |
- [382星][3y] [Python]36hours/idaemu 基于Unicorn引擎的代码模拟插件
- 重复区段: 工具/未分类 |
- [266星][1mo] [Python]fireeye/flare-emu 结合Unicorn引擎, 简化模拟脚本的编写
- 重复区段: 工具/未分类 |
- [201星][2y] [Python]tkmru/nao 移除死代码(dead code), 基于Unicorn引擎
- 重复区段: 工具/反混淆 |
- [124星][2y] [Python]codypierce/pyemu 在IDA中使用x86模拟器
作为辅助&&构成其他的一环
- [1506星][2d] [Python]lifting-bits/mcsema 将x86, amd64, aarch64二进制文件转换成LLVM字节码
- [415星][2w] [C]mcgill-dmas/kam1n0-community 汇编代码管理与分析平台(独立工具+IDA插件)
- [27星][4y] [Scheme]yifanlu/cgen CGEN的Fork,增加了生成IDA IDP模块的支持
- [23星][2y] [Python]tintinweb/unbox Unbox is a convenient one-click unpack and decompiler tool that wraps existing 3rd party applications like IDA Pro, JD-Cli, Dex2Src, and others to provide a convenient archiver liker command line interfaces to unpack and decompile various types of files
漏洞
-
[485星][6mo] [Python]danigargu/heap-viewer 查看glibc堆, 主要用于漏洞开发
-
[376星][2y] [Python]1111joe1111/ida_ea 用于辅助漏洞开发和逆向
-
[362星][4w] [Python]l4ys/lazyida 若干快速访问功能, 扫描字符串格式化漏洞
-
重复区段: 工具/效率&&导航&&快速访问&&图形&&图像&&可视化 /其他 |
查看详情
功能
- 快速移除函数返回类型
- 数据格式(format)快速转换
- 扫描字符串格式化漏洞
- 双击跳转vtable函数
- 快捷键: w/c/v
-
-
[136星][6mo] [Python]iphelix/ida-sploiter 辅助漏洞研究
-
[32星][6y] [Python]coldheat/quicksec IDAPython script for quick vulnerability analysis
-
[19星][1y] [Python]lucasg/idarop 列举并存储ROP gadgets
补丁&&Patch
- [710星][11mo] [Python]keystone-engine/keypatch 汇编/补丁插件, 支持多架构, 基于Keystone引擎
- [87星][5y] [Python]iphelix/ida-patcher 二进制文件和内存补丁
- [42星][3y] [C++]mrexodia/idapatch IDA plugin to patch IDA Pro in memory.
- [30星][2mo] [Python]scottmudge/debugautopatch Patching system improvement plugin for IDA.
- [16星][8y] [C++]jkoppel/reprogram Patch binaries at load-time
- [0星][6mo] [Python]tkmru/genpatch 生成用于打补丁的Python脚本
其他
- [120星][2y] [Shell]feicong/ida_for_mac_green IDAPro 绿化增强版 (macOS)
- [26星][4mo] angelkitty/ida7.0
- [16星][2y] jas502n/ida7.0-pro IDA7.0 下载
Qt
- [25星][11mo] techbliss/ida_pro_ultimate_qt_build_guide Ida Pro Ultimate Qt Build Guide
- [13星][1mo] [Python]tmr232/cute 在IDAPython中兼容QT4/QT5
- [9星][3y] [Python]techbliss/ida_pro_screen_recorder PyQt plugin for Ida Pro for Screen recording.
TODO
- 对工具进行更细致的分类
- 为工具添加详细的中文描述,包括其内部实现原理和使用方式
- 添加非Github repo
- 添加文章
文章
贡献
内容为系统自动导出, 有任何问题请提issue
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent