ida

跟IDA Pro有关的资源收集。当前包括的工具个数400+，并根据功能进行了粗糙的分类。部分工具添加了中文描述。

目录

• 工具
  • 未分类
  • 结构体&&类的检测&&创建&&恢复
    • 未分类
    • C++类&&虚表
  • 收集
  • 外观&&主题
  • 固件&&嵌入式设备
  • 签名(FLIRT等)&&比较(Diff)&&匹配
    • 未分类
    • FLIRT签名
      • FLIRT签名收集
      • FLIRT签名生成
    • Diff&&Match工具
    • Yara
  • IDB操作
  • 协作逆向&&多人操作相同IDB文件
  • 与调试器同步&&通信&&交互
  • 导入导出&与其他工具交互
    • 未分类
    • Ghidra
    • BinNavi
    • BinaryNinja
  • 针对特定分析目标
    • 未分类
    • GoLang
    • Windows驱动
    • Apple&&iOS&&Objective-C
    • PS3&&PS4
    • Loader&Processor
    • PDB
  • IDAPython本身
    • 未分类
    • cheatsheets
  • 指令参考&文档
  • 辅助脚本编写
  • 古老的
  • 调试&&动态运行&动态数据
    • 未分类
    • DBI数据
    • 调试数据
  • 反编译器
  • 反混淆
  • 效率&&导航&&快速访问&&图形&&图像&&可视化
    • 其他
    • 显示增强
    • 图形&&图像
    • 搜索
  • 针对特定CTF
  • Android
  • iOS&&macOS&&iPhone&&iPad&&iXxx
  • ELF
  • Microcode
  • 模拟器集成
  • 新添加的
  • 作为辅助&&构成其他的一环
  • 漏洞
  • 补丁&&Patch
  • 其他
  • Qt
• TODO
• 文章

工具

• 以Github开源工具为主

---

---

未分类

• [1025星][1mo] [Python]fireeye/flare-ida 多工具
  • StackStrings
  • Struct Typer
  • ApplyCalleeType
  • argtracker
  • idb2pat
  • objc2_analyzer
  • MSDN Annotations
  • ironstrings
  • Shellcode Hashes 生成Hash数据库
• [916星][2mo] [OCaml]airbus-seclab/bincat 二进制代码静态分析工具。值分析（寄存器、内存）、污点分析、类型重建和传播（propagation）、前向/后向分析
• [857星][2y] [C++]illera88/ponce 简化污点分析+符号执行
• [725星][5mo] [Python]devttys0/ida 多工具
  • wpsearch
  • md5hash
  • alleycat
  • codatify
  • fluorescence
  • leafblower
  • localxrefs
  • mipslocalvars
  • mipsrop
  • rizzo
• [381星][3y] [Python]36hours/idaemu 基于Unicorn引擎的代码模拟插件
  • 重复区段: 工具/模拟器集成 |
• [305星][2w] [C]ohjeongwook/darungrim 补丁分析工具
  • IDA插件
  • DGEngine
• [280星][4w] [Python]a1ext/auto_re 自动化函数重命名
• [265星][2mo] [Python]jpcertcc/aa-tools 多脚本（还有的没列出在子工具）
  • apt17scan.py Volatility插件, 检测APT17相关的恶意代码并提取配置
  • emdivi_postdata_decoder 解码Emdivi post的数据
  • emdivi_string_decryptor IDAPython脚本, 解密Emdivi内的字符串
• [261星][1mo] [Python]fireeye/flare-emu 结合Unicorn引擎, 简化模拟脚本的编写
  • 重复区段: 工具/模拟器集成 |
• [248星][2y] [Python]intezer/docker-ida 在Docker容器中执行IDA, 以自动化/可扩展/分布式的方式执行IDAPython脚本
• [176星][4w] [Python]joxeankoret/idamagicstrings 从字符串常量中提取信息
• [167星][1y] [Python]tintinweb/ida-batch_decompile 将多个文件及其import用附加注释（外部参照，堆栈变量大小）反编译到pseudocode.c文件
• [148星][1y] [Python]ax330d/hrdev 反编译输出增强: 使用Python Clang解析标准的IDA反编译结果
• [133星][1y] [Python]carlosgprado/jarvis 多功能, 带界面,辅助静态分析、漏洞挖掘、动态追踪(Pin)、导入导出等
  • IDA插件
  • PinTracer
• [121星][1mo] [Python]you0708/ida 查找加密常量
  • IDA主题
  • findcrypt IDA FindCrypt/FindCrypt2 插件的Python版本
• [116星][5y] [C++]zyantific/retypedef 函数名称替换，可以自定义规则
• [115星][1y] [Python]xerub/idastuff 针对ARM处理器
• [103星][7mo] [Python]sibears/hrast 演示如何修改AST(抽象语法树)
• [100星][2mo] [Python]lucasg/findrpc 从二进制文件中提取内部的RPC结构体
• [94星][2y] [Python]gaasedelen/prefix IDA 插件，为函数添加前缀
• [93星][5y] [Python]nihilus/ida-idc-scripts 多个IDC脚本收集
• [79星][3y] [Python]davidkorczynski/repeconstruct 自动脱壳并重建二进制文件
• [79星][2mo] [Python]takahiroharuyama/ida_haru 多工具
  • bindiff
  • eset_crackme
  • fn_fuzzy
  • stackstring_static
• [72星][8mo] [Python]secrary/ida-scripts 多脚本
  • dumpDyn
  • idenLib
  • IOCTL_decode
  • XORCheck
• [67星][11mo] [Python]lucasg/idamagnum 在IDA中向MagnumDB发起请求, 查询枚举常量可能的值
• [60星][2y] [Python]tmr232/idabuddy 逆向滴好盆友??
• [59星][2y] [C++]alexhude/loadprocconfig 加载处理器配置文件
• [57星][3w] [Python]williballenthin/idawilli IDA Pro 资源、脚本和配置文件等（多个子工具未添加）
  • hint_calls
  • dynamic_hints
• [54星][1y] [Python]zardus/idalink 使用IDA API时保证不卡界面. 在后台启动与界面脱离IDA CLI会话, 再使用RPyC连接界面
• [52星][3y] [Python]patois/drgadget 开发和分析ROP链
• [52星][3y] [C++]sektioneins/wwcd Capstone powered IDA view
• [51星][2y] [Python]cseagle/ida_clemency IDA cLEMENCy Tools
• [49星][10mo] [Python]agustingianni/utilities 多个IDAPython脚本
• [47星][3y] [Python]alessandrogario/ida-function-tagger 根据函数使用的导入表，对函数进行标记
• [47星][2y] [C++]antid0tecom/aarch64_armv81extension IDA AArch64 processor extender extension: Adding support for ARMv8.1 opcodes
• [47星][3y] [Python]jjo-sec/idataco 多功能
• [47星][8mo] [C]lab313ru/smd_ida_tools Special IDA Pro tools for the Sega Genesis/Megadrive romhackers
• [45星][7y] [Python]carlosgprado/milf IDA瑞士军刀
• [45星][5y] [Python]kyrus/ida-translator 将IDB数据库中的任意字符集转换为Unicode，然后自动调用基于网页的翻译服务（当前只有谷歌翻译）将非英文语言翻译为英文
• [43星][1y] [Python]nirizr/pytest-idapro A pytest module for The Interactive Disassembler and IDAPython; Record and Replay IDAPython API, execute inside IDA or use mockups of IDAPython API.
• [43星][2mo] [Python]lichao890427/personal_script 010Editor/BurpSuite/Frida/IDA等多个工具的多个脚本
• [42星][4mo] [C++]0xeb/ida-climacros Create and use macros in IDA's CLIs
• [42星][5y] [Python]nihilus/idasimulator IDASimulator is a plugin that extends IDA's conditional breakpoint support, making it easy to augment / replace complex executable code inside a debugged process with Python code. Specifically, IDASimulator makes use of conditional breakpoints in the IDA debugger to hijack the execution flow of a process and invoke Python handler functions whene…
• [42星][2mo] [Python]partoftheworld/ghidrapy_functionstringassociate It does the same thing as plugin FunctionStringAssociate for IDA, Now the script just works, in the future it is planned to increase the speed of work and bring it closer to the speed of the plugin.
• [41星][2w] [Python]patois/mrspicky An IDAPython decompiler script that helps auditing calls to the memcpy() and memmove() functions.
• [41星][6y] [C++]vlad902/findcrypt2-with-mmx IDA Pro findcrypt2 plug-in with MMX AES instruction finding support
• [40星][5mo] [Visual Basic]dzzie/re_plugins misc reverse engineering plugins I have released over the years
• [40星][4y] [C++]nihilus/guid-finder None
• [40星][3mo] [Python]tmr232/brutal-ida Block Redo & Undo To Achieve Legacy IDA
• [39星][10y] izsh/ida-python-scripts IDA Python Scripts
• [39星][2y] [Python]mxmssh/idametrics IDA plugin for software complexity metrics assessment
• [39星][7mo] [Python]rr-/ida-images Image preview plugin for IDA disassembler.
• [39星][8y] [Python]zynamics/bincrowd-plugin-ida BinCrowd Plugin for IDA Pro
• [38星][2y] [Python]saelo/ida_scripts Collection of IDA scripts
• [34星][4y] [Python]madsc13ntist/idapython IDAPython脚本收集
• [33星][3y] [Python]darx0r/reef IDAPython plugin for finding Xrefs from a function
• [33星][3y] [Python]sam-b/windows_syscalls_dumper 转储Windows系统调用Call的 number/name，以json格式导出
• [32星][5y] [Python]iphelix/ida-pomidor IDA Pomidor is a plugin for Hex-Ray's IDA Pro disassembler that will help you retain concentration and productivity during long reversing sessions.
• [32星][2y] [CMake]zyantific/ida-cmake IDA plugin CMake build-script
• [31星][7mo] enovella/ida2ghidra-kb IDA Pro to Ghidra Key Bindings to feel like if you were in IDA Pro when navigating
• [28星][4mo] [Python]enovella/re-scripts IDA, Ghidra and Radare2 scripts. Also Android scripts to make your life easier.
• [28星][1y] [Python]iweizime/dbghider An IDA plugin aims to hide debugger from processes
• [28星][2y] [Python]kerrigan29a/idapython_virtualenv Enable Virtualenv or Conda in IDAPython
• [28星][1y] [Python]xyzz/vita-ida-physdump None
• [27星][1y] [python]daniel_plohmann/simplifire.idascope None
• [27星][4y] [C++]nihilus/ida-pro-swf None
• [26星][5y] [Python]bastkerg/recomp IDA recompiler
• [26星][7mo] [C++]offlinej/ida-rpc Discord rich presence plugin for IDA Pro 7.0
• [26星][4y] [Scheme]yifanlu/cgen CGEN with support for generating IDA Pro IDP modules
• [25星][7y] [Python]tosanjay/bopfunctionrecognition This python/jython script is used as plugin to BinNavi tool to analyze a x86 binanry file to find buffer overflow prone functions. Such functions are important for vulnerability analysis.
• [25星][3y] [Python]zyantific/continuum Plugin adding multi-binary project support to IDA Pro (WIP)
• [23星][4mo] [Python]alexander-hanel/hansel Hansel - a simple but flexible search for IDA
• [23星][3y] [Python]devttys0/idascript IDA的Wrapper，在命令行中自动对目标文件执行IDA脚本
• [23星][1y] [C++]dougallj/dj_ida_plugins 向Hex-Rays反编译器添加VMX intrinsics
• [23星][2y] [Python]tintinweb/unbox
• [23星][8mo] [C++]trojancyborg/ida_jni_rename IDA JNI调用重命名
• [22星][3mo] [Python]jonathansalwan/x-tunnel-opaque-predicates IDA+Triton plugin in order to extract opaque predicates using a Forward-Bounded DSE. Example with X-Tunnel.
• [22星][1y] [Python]nirizr/idasix IDAPython compatibility library. idasix aims to create a smooth ida development process and allow a single codebase to function with multiple IDA/IDAPython versions
• [22星][4y] [Python]onethawt/idapyscripts Collection of my IDAPython scripts
• [22星][3y] [C++]patois/idaplugins Random IDA scripts, plugins, example code (some of it may be old and not working anymore)
• [22星][5y] [Python]techbliss/scylladumper Ida Plugin to Use the Awsome Scylla plugin
• [21星][5y] [Python]nihilus/idascope None
• [21星][3w] [Python]rceninja/re-scripts None
• [21星][10y] [C++]sporst/ida-pro-plugins Collection of IDA Pro plugins I wrote over the years
• [21星][3y] [Python]xorpd/fcatalog_client fcatalog idapython client
• [20星][3y] [Java]cblichmann/idajava Java integration for Hex-Rays IDA Pro
• [20星][5y] [Python]digitalbond/ibal None
• [20星][10mo] [Python]howmp/comfinder IDA plugin for COM
• [20星][2mo] [Python]nlitsme/idascripts 枚举多种类型数据：Texts/NonFuncs/...
• [20星][7mo] [C++]secrary/findloop findLoop - find possible encryption/decryption or compression/decompression code
• [20星][2y] [C#]zoebear/radia Radia is a tool designed to create an interactive and immerse environment to visualize code, and to augment the task of reverse engineering binaries. The tool takes decompiled binaries extracted through IDA Pro, and visualizes the call graph in 3D space as a force directed graph. Radia tags functions that could be potential problems, as well as …
• [19星][1y] [Python]hy00un/ida_python_scripts IDAPython脚本
• [19星][2mo] [C++]revspbird/hightlight a plugin for ida of version 7.2 to help know F5 window codes better
• [19星][8mo] [Python]yellowbyte/reverse-engineering-playground 逆向脚本收集，包括：IDAPython、文件分析、文件格式分析、文件系统分析、Shellcode分析
• [19星][3y] [Python]ztrix/idascript Full functional idascript with stdin/stdout handled
• [18星][1y] [Python]a1ext/ida-embed-arch-disasm Allows IDA PRO to disassemble x86-64 code (WOW64) in 32-bit database
• [18星][10y] [Python]binrapt/ida Python script which extracts procedures from IDA Win32 LST files and converts them to correctly dynamically linked compilable Visual C++ inline assembly.
• [17星][3y] [Python]tylerha97/swiftdemang IDA Pro IDAPython Script to Demangle Swift
• [17星][4y] [Python]gsingh93/ida-swift-demangle An IDA plugin to demangle Swift function names
• [17星][2y] [Python]tmr232/graphgrabber None
• [16星][4y] fabi/idacsharp C# 'Scripts' for IDA 6.6+ based on
• [16星][1y] [Python]honeybadger1613/etm_displayer IDA Pro плагин для отображения результата Coresight ETM трассировки perf'а
• [14星][11mo] [C++]agustingianni/instrumentation PinTool收集
  • CodeCoverage
  • Pinnacle
  • Recoverer
  • Resolver
• [14星][1y] [Python]ax330d/exports-plus 修复IDA不显示全部导出项以及不对导出项名称进行demangle的问题
• [14星][6mo] [CMake]google/idaidle 如果用户将实例闲置时间过长，则会警告用户。在预定的空闲时间后，该插件首先发出警告，然后再保存当前的disassemlby数据库并关闭IDA
• [14星][4y] [C++]nihilus/fast_idb2sig_and_loadmap_ida_plugins 2个插件
  • LoadMap
  • idb2sig
• [13星][2y] [Python]cisco-talos/pdata_check 根据pdata节和运行时函数的最后一条指令识别异常运行时。
• [12星][1y] [Assembly]gabrielravier/cave-story-decompilation 使用IDA反编译的游戏洞窟物語（Cave Story）
• [11星][2y] [Python]0xddaa/iddaa idapython scripts
• [11星][5y] [Python]dshikashio/idarest Expose some basic IDA Pro interactions through a REST API for JSONP
• [11星][8mo] [C++]ecx86/ida7-supportlib IDA-SupportLib library by sirmabus, ported to IDA 7
• [10星][2y] [C++]fireundubh/ida7-functionstringassociate FunctionStringAssociate plugin by sirmabus, ported to IDA 7
• [10星][7y] [Python]luismiras/ida-color-scripts IDA Color Theme Scripts
• [10星][4y] [C++]revel8n/spu3dbg Ida Pro plugin that supports debugging with the anergistic spu emulator
• [10星][10y] jeads-sec/etherannotate_ida EtherAnnotate IDA Pro Plugin - Parse EtherAnnotate trace files and markup IDA disassemblies with runtime values
• [9星][2y] [Python]d00rt/easy_way_nymaim easy_way_nymaim: IDA脚本, 用于去除恶意代码nymaim的混淆,创建干净的idb
• [9星][4y] [Python]nfarrar/ida-colorschemes A .clr colorscheme generator for IDA Pro 6.4+.
• [9星][5y] [Ruby]rogwfu/plympton Library to work with yaml exported IDA Pro information and run statistics
• [8星][5y] [python]daniel_plohmann/idapatchwork None
• [8星][2y] [C++]ecx86/ida7-segmentselect IDA-SegmentSelect library by sirmabus, ported to IDA 7
• [8星][2y] [CSS]gbps/x64dbg-consonance-theme A dark x64dbg color theme based on IDA Consonance
• [8星][1y] [Python]lanhikari22/gba-ida-pseudo-terminal IDAPython tools to aid with analysis, disassembly and data extraction using IDA python commands, tailored for the GBA architecture at some parts
• [8星][3y] [C++]nlitsme/idaperl perl scripting support for IDApro
• [8星][2mo] [C++]nlitsme/idcinternals IDA plugin investigating the internal representation of IDC scripts
• [8星][7y] [C++]patois/madnes IDA plugin to export symbols and names from IDA db so they can be loaded into FCEUXD SP
• [8星][3y] [Python]pwnslinger/ibt IDA Pro Back Tracer - Initial project toward automatic customized protocols structure extraction
• [8星][2y] [C++]shazar14/idadump An IDA Pro script to verify binaries found in a sample and write them to disk
• [7星][1y] [C++]fail0verflow/rl78-ida-proc Renesas RL78 processor module for IDA
• [7星][2y] [Python]swackhamer/ida_scripts IDA Python scripts
• [7星][8mo] [Python]techbliss/ida_pro_http_ip_geolocator ida_pro_http_ip_geolocator：IDA 插件，查找网址并解析为 ip，通过Google 地图查看
• [7星][5y] [Python]techbliss/processor-changer Tool to change processor inside ida
• [7星][1y] [C++]tenable/mida None
• [6星][2y] [CMake]elemecca/cmake-ida Build IDA Pro modules with CMake
• [6星][2y] [Python]fireundubh/ida7-alleycat Alleycat plugin by devttys0, ported to IDA 7
• [6星][5y] [Python]techbliss/ida-styler Small Plugin to change the style off Ida Pro
• [6星][10y] [C]jeads-sec/etherannotate_xen EtherAnnotate Xen Ether Modification - Adds a feature to Ether that pulls register values and potential string values at each instruction during an instruction trace.
• [5星][2y] [Python]andreafioraldi/idavshelp IDAPython plugin to integrate Visual Studio Help Viewer in IDA Pro >= 6.8
• [5星][2mo] [Python]fuzzywalls/ida None
• [5星][1y] [C++]lab313ru/m68k_fixer IDA Pro plugin fixer for m68k
• [5星][5y] [C#]npetrovski/ida-smartpatcher IDA apply patch GUI
• [5星][4y] [Python]tmr232/tarkus Plugin Manager for IDA Pro
• [4星][2y] [Python]andreafioraldi/idaretaddr Highlight the return address of a function in the Ida Pro debugger
• [4星][4mo] [Python]fdiskyou/ida-plugins Dirty IDA scripts dump.
• [4星][4w] [Python]gitmirar/idaextapi IDA API utlitites
• [4星][3y] [Python]hustlelabs/joseph IDA Viewer Plugins
• [3星][4y] [Python]ayuto/discover_win IDA scripts which compare Linux and Windows binaries to automatically rename unnamed Windows functions.
• [3星][8mo] [Python]gdataadvancedanalytics/ida-python None
• [3星][6mo] [Python]patois/vds5plugin vds5plugin - vds5.py from IDAPython as a plugin
• [3星][4w] rootbsd/ida_pro_zinzolin_theme None
• [3星][2y] [Python]ypcrts/ida-pro-segments It's very hard to load multiple files in the IDA GUI without it exploding. This makes it easy.
• [2星][1mo] [C]cisco-talos/ida_tilegx None
• [2星][2y] [C++]ecx86/ida7-oggplayer IDA-OggPlayer library by sirmabus, ported to IDA 7
• [2星][3mo] [C]extremlapin/glua_c_headers_for_ida Glua module C headers for IDA
• [2星][4mo] [Python]lucienmp/idapro_m68k Extends existing support in IDA for the m68k by adding gdb step-over and type information support
• [2星][2y] [Python]mayl8822/ida Some useful ida script plugin
• [2星][5y] [C++]nihilus/ida-x86emu None
• [2星][4y] [Python]nihilus/idapatchwork
• [2星][2y] [Python]sbouber/idaplugins None
• [2星][1y] [Python]soggysec/psida None
• [1星][11mo] [C]albertzsigovits/idc-dark A dark-mode color scheme for Hex-Rays IDA using idc
• [1星][2y] [Python]andreafioraldi/idamsdnhelp IdaPython plugin to open MSDN Help Search page
• [1星][4mo] [Python]farzonl/idapropluginlab3 An Ida plugin that does static analysis to describe what malware is doing.
• [1星][1y] [Python]farzonl/idapropluginlab4 An ida pro plugin that tracks def use chains of a given x86 binary.
• [0星][7mo] [C]0xd0cf11e/idcscripts Scripts used when analyzing files in IDA
• [0星][2y] [Python]benh11235/ida-windbglue Humble suite of scripts to assist with remote debugging using IDA pro client and winDBG server.
• [0星][1y] [Python]gh0st3rs/idaprotosync IDAPython plugin for identifies functions prototypes between two or more IDBs
• [0星][3w] [C++]marakew/emuppc PowerPC emulator for unpack into IDAPro some PowerPC binary
• [0星][6mo] [Python]tkmru/genpatch genpatch is IDA plugin that generates a python script for patch

---

收集

• [1696星][3w] onethawt/idaplugins-list IDA插件收集
• [349星][8mo] fr0gger/awesome-ida-x64-olly-plugin IDA x64DBG OllyDBG 插件收集
• [10星][1y] [Python]ecx86/ida-scripts IDA Pro/Hex-Rays configs, scripts, and plugins收集

---

结构体&&类的检测&&创建&&恢复

未分类

• [644星][4mo] [Python]igogo-x86/hexrayspytools 结构体和类重建插件
• [134星][4y] [C++]nihilus/hexrays_tools 辅助结构体定义和需函数检测
• [4星][2y] [C#]andreafioraldi/idagrabstrings IDAPython plugin to search strings in a specified range of addresses and map it to a C struct

C++类&&虚表

• [573星][2mo] [Python]0xgalz/virtuailor IDAPython tool for creating automatic C++ virtual tables in IDA Pro
• [166星][8mo] [C++]ecx86/classinformer-ida7 ClassInformer backported for IDA Pro 7.0
• [128星][2y] [Python]nccgroup/susanrtti RTTI解析插件
• [65星][7y] [C]nektra/vtbl-ida-pro-plugin Identifying Virtual Table Functions using VTBL IDA Pro Plugin + Deviare Hooking Engine
• [34星][5y] [C++]nihilus/ida_classinformer IDA ClassInformer PlugIn
• [32星][2y] [Python]krystalgamer/dec2struct 使用类定义/声明文件，在 IDA 中轻松创建虚表
• [16星][2y] [C++]mwl4/ida_gcc_rtti Class informer plugin for IDA which supports parsing GCC RTTI

---

外观&&主题

• [706星][5mo] [Python]zyantific/idaskins 皮肤插件
• [256星][7y] eugeii/ida-consonance 黑色皮肤插件
• [102星][5mo] [CSS]0xitx/ida_nightfall 黑色主题插件
• [58星][7y] gynophage/solarized_ida Solarized黑色主题

---

固件&&嵌入式设备

• [5042星][2mo] [Python]refirmlabs/binwalk 固件分析工具（命令行+IDA插件）
  • IDA插件
  • binwalk
• [478星][3mo] [Python]maddiestone/idapythonembeddedtoolkit 自动分析嵌入式设备的固件
  • 重复区段: 工具/针对特定分析目标/Apple&&iOS&&Objective-C |
• [171星][2y] [Python]duo-labs/idapython Duo 实验室使用的IDAPython 脚本收集
  • 重复区段: 工具/针对特定分析目标/Apple&&iOS&&Objective-C |
  • cortex_m_firmware 整理包含ARM Cortex M微控制器固件的IDA Pro数据库
  • amnesia 使用字节级启发式在IDA Pro数据库中的未定义字节中查找ARM Thumb指令
  • REobjc 在Objective-C的调用函数和被调用函数之间进行适当的交叉引用
• [82星][4w] [Python]dark-lbp/vxhunter 用于分析基于VxWorks的嵌入式设备的工具集
  • R2
  • IDA插件
  • Ghidra插件

---

签名(FLIRT等)&&比较(Diff)&&匹配

未分类

• [413星][3w] [C]mcgill-dmas/kam1n0-plugin-ida-pro 汇编代码管理与分析平台(独立工具+IDA插件)
  • 重复区段: 工具/作为辅助&&构成其他的一环 |
  • IDA插件
  • kam1n0
• [146星][12mo] [C++]dude719/sigmaker-x64 IDA Pro 7.0 compatible SigMaker plugin
• [127星][1y] [Python]cisco-talos/bass 从先前生成的恶意软件集群的样本中自动生成AV签名
• [71星][4y] [Python]icewall/bindifffilter IDA Pro plugin making easier work on BinDiff results
• [67星][5y] [Python]arvinddoraiswamy/slid 静态链接库检测
• [49星][3w] [Python]vrtadmin/first-plugin-ida 函数识别与签名恢复工具
• [44星][1y] [Python]l4ys/idasignsrch 签名搜索
• [32星][3y] [Python]g4hsean/binauthor 识别未知二进制文件的作者
• [31星][1y] [Python]cisco-talos/casc 在IDA的反汇编和字符串窗口中, 辅助创建ClamAV NDB 和 LDB签名
• [25星][2y] [LLVM]syreal17/cardinal Similarity Analysis to Defeat Malware Compiler Variations
• [23星][4mo] [Python]xorpd/fcatalog_server Functions Catalog
• [18星][5y] [Python]zaironne/snippetdetector IDA Python scripts project for snippets detection
• [16星][8y] [C++]alexander-pick/idb2pat idb2pat plugin, fixed to work with IDA 6.2
• [14星][7y] [Standard ML]letsunlockiphone/iphone-baseband-ida-pro-signature-files IDA PRO signature files that can be used in reversing the iPhone baseband. On an iPhone 4 firmware can pickup upto 800 functions when all the sigs applied.
  • 重复区段: 工具/iOS&&macOS&&iPhone&&iPad&&iXxx |

FLIRT签名

FLIRT签名收集

• [580星][1y] [Max]maktm/flirtdb A community driven collection of IDA FLIRT signature files
• [298星][3mo] push0ebp/sig-database IDA FLIRT Signature Database
• [3星][7mo] cloudwindby/ida-pro-sig IDA PRO FLIRT signature files MSVC2017的sig文件

FLIRT签名生成

• [54星][9mo] [Python]push0ebp/allirt Tool that converts All of libc to signatures for IDA Pro FLIRT Plugin. and utility make sig with FLAIR easily
• [38星][7mo] [Python]nwmonster/applysig Apply IDA FLIRT signatures for Ghidra
  • 重复区段: 工具/导入导出&与其他工具交互/Ghidra |

Diff&&Match工具

• [1502星][2w] [Python]joxeankoret/diaphora program diffing
• [344星][2mo] [Python]checkpointsw/karta Karta - source code assisted fast binary matching plugin for IDA
• [321星][11mo] [Python]joxeankoret/pigaios A tool for matching and diffing source codes directly against binaries.
• [136星][11mo] [Python]nirizr/rematch REmatch, a complete binary diffing framework that is free and strives to be open source and community driven.
• [94星][5mo] [Visual Basic]dzzie/idacompare IDA disassembly level diffing tool, - read more->
• [72星][5y] [Python]binsigma/binsourcerer 反汇编与源码匹配
• [71星][4y] [C]nihilus/ida_signsrch signsrch签名匹配
• [70星][3y] vrtadmin/first 函数识别和签名恢复, 带服务器
• [52星][5y] [C++]filcab/patchdiff2 IDA binary differ. Since code.google.com/p/patchdiff2/ seemed abandoned, I did the obvious thing…
• [14星][2y] [Python]0x00ach/idadiff IDAPython脚本，使用@Heurs MACHOC algorithm (https://github.com/ANSSI-FR/polichombr)算法创建二进制文件的CFG Hash，与其他样本对比。如果发现1-1关系，则重命名
• [14星][5y] [C++]binsigma/binclone 检测恶意代码中的相似代码

Yara

• [405星][2w] [Python]polymorf/findcrypt-yara 查找加密常量
• [92星][2w] [Python]hy00un/hyara 辅助编写Yara规则
  • IDA插件
  • BinaryNinja插件
• [79星][1y] [Python]oalabs/findyara 使用Yara规则扫描二进制文件
• [16星][10mo] [Python]bnbdr/ida-yara-processor 针对已编译Yara规则文件的Loader&&Processor
  • 重复区段: 工具/针对特定分析目标/Loader&Processor |
• [14星][1y] [Python]alexander-hanel/ida_yara 使用Yara扫描IDB数据
• [14星][12mo] [Python]souhailhammou/idaray-plugin IDARay is an IDA Pro plugin that matches the database against multiple YARA files which themselves may contain multiple rules.

---

IDB操作

• [312星][5mo] [Python]williballenthin/python-idb idb 文件解析和分析工具
• [130星][11mo] [Python]nccgroup/idahunt 在IDA外部使用IDAPython脚本, 批量创建/读取/解析IDB文件, 可编写自己的IDB分析脚本,命令行工具,
• [84星][4mo] [C++]nlitsme/idbutil 从 IDA 数据库中提取数据，支持 idb 及 i64
• [78星][2mo] [Python]nlitsme/pyidbutil A python library for reading IDA pro databases.

---

协作逆向&&多人操作相同IDB文件

• [503星][10mo] [Python]idarlingteam/idarling 多人协作插件
• [258星][12mo] [C++]dga-mi-ssi/yaco 利用Git版本控制，同步多人对相同二进制文件的修改
• [88星][5y] [Python]cubicalabs/idasynergy 集成了版本控制系统(svn)的IDA插件
• [70星][1y] [C++]cseagle/collabreate Hook IDA的事件通知，将事件涉及的修改内容广播到中心服务器，中心服务器转发给其他分析相同文件的用户
• [4星][2y] [python]argussecurity/psida IDAPython脚本收集，当前只有协作逆向的脚本

---

与调试器同步&&通信&&交互

• [435星][2mo] [C]bootleg/ret-sync 在反汇编工具和调试器之间同步调试会话
  • GDB插件
  • Ghidra插件
  • IDA插件
  • LLDB
  • OD
  • OD2
  • WinDgb
  • x64dbg
• [282星][9mo] [C]a1ext/labeless 在IDA和调试器之间无缝同步Label/注释等
  • IDA插件
  • OD
  • OD2
  • x64dbg
• [165星][11mo] [Python]andreafioraldi/idangr 在IDA中使用angrdbg调试器进行调试
• [128星][2y] [Python]comsecuris/gdbida 使用GDB调试时，在IDA中自动跟随当前GDB的调试位置
  • IDA插件
  • GDB脚本
• [98星][4y] [C++]quarkslab/qb-sync 使用调试器调试时，自动在IDA中跟随调试位置
  • GDB插件
  • IDA插件
  • LLDB
  • OD2
  • WinDbg
  • x64dbg
• [43星][2mo] [JavaScript]sinakarvandi/windbg2ida 在IDA中显示Windbg调试的每个步骤
  • Windbg脚本 JavaScript
  • IDA脚本
• [36星][8mo] [Python]anic/ida2pwntools IDA插件，远程连接pwntools启动的程序进行pwn调试

---

导入导出&与其他工具交互

未分类

• [154星][2w] [Python]x64dbg/x64dbgida Official x64dbg plugin for IDA Pro.
• [142星][2w] [C++]alschwalm/dwarfexport Export dwarf debug information from IDA Pro
• [125星][6mo] [Python]danigargu/syms2elf A plugin for Hex-Ray's IDA Pro and radare2 to export the symbols recognized to the ELF symbol table
  • 重复区段: 工具/ELF |
• [123星][2w] [Python]radare/radare2ida Tools, documentation and scripts to move projects from IDA to R2 and viceversa
• [95星][2y] [Python]robindavid/idasec IDA插件，与Binsec 平台进行交互
• [78星][5y] [Python]techbliss/frida_for_ida_pro 在IDA中使用Frida, 主要用于追踪函数
• [58星][7mo] [Python]binaryanalysisplatform/bap-ida-python IDAPython脚本，在IDA中集成BAP
• [43星][3y] [Batchfile]maldiohead/idapin plugin of ida with pin
• [35星][5y] [Python]siberas/ida2sym IDAScript to create Symbol file which can be loaded in WinDbg via AddSyntheticSymbol
• [29星][5y] [C++]oct0xor/deci3dbg Ida Pro debugger module for Playstation 3
  • 重复区段: 工具/针对特定分析目标/PS3&&PS4 |
• [27星][4mo] [C++]thalium/idatag IDA plugin to explore and browse tags
• [19星][2y] [Python]brandon-everhart/angryida 在IDA中集成angr二进制分析框架
• [18星][1y] [Python]kkhaike/tinyidb Some python scripts are used to export userdata from huge idb(ida's database)，ida 7.0 support only
• [16星][4y] [C++]rammichael/mapimp This is an OllyDbg plugin which will help you to import map files exported by IDA, Dede, IDR, Microsoft and Borland linkers.
• [3星][1y] [Python]r00tus3r/differential_debugging Differential debugging using IDA Python and GDB

Ghidra

• [279星][2mo] [Python]cisco-talos/ghida 在IDA中集成Ghidra反编译器
• [233星][7mo] [Python]daenerys-sre/source 使IDA和Ghidra脚本通用, 无需修改
• [81星][2mo] [Python]cisco-talos/ghidraaas 通过REST API暴露Ghidra分析服务, 也是GhIDA的后端
• [46星][3w] [Python]utkonos/lst2x64dbg Extract labels from IDA .lst or Ghidra .csv file and export x64dbg database.
• [38星][7mo] [Python]nwmonster/applysig Apply IDA FLIRT signatures for Ghidra
  • 重复区段: 工具/签名(FLIRT等)&&比较(Diff)&&匹配/FLIRT签名/FLIRT签名生成 |

BinNavi

• [372星][2w] [C++]google/binexport 将反汇编以Protocol Buffer的形式导出为PostgreSQL数据库, 导入到BinNavi中使用
• [214星][3y] [PLpgSQL]cseagle/freedom 从IDA中导出反汇编信息, 导入到binnavi中使用

BinaryNinja

• [67星][7mo] [Python]lunixbochs/revsync IDA和Binja实时同步插件
• [60星][4mo] [Python]zznop/bnida Suite of plugins that provide the ability to transfer analysis data between Binary Ninja and IDA
• [14星][4mo] [Python]cryptogenic/idc_importer A Binary Ninja plugin for importing IDC database dumps from IDA.

---

针对特定分析目标

未分类

• [534星][2y] [Python]anatolikalysch/vmattack 基于虚拟化的壳的分析(静态/动态)与反混淆
  • 重复区段: 工具/反混淆 |
• [195星][3y] [Python]f8left/decllvm 针对OLLVM的IDA分析插件
• [91星][3mo] [Python]themadinventor/ida-xtensa IDAPython plugin for Tensilica Xtensa (as seen in ESP8266)
• [81星][4y] [C++]wjp/idados DOSBox调试器插件
  • 重复区段: 工具/调试&&动态运行&动态数据/未分类 |
• [72星][2mo] [Python]coldzer0/ida-for-delphi 针对Delphi的IDAPython脚本，从 Event Constructor (VCL)中获取所有函数名称
• [59星][1y] [Python]isra17/nrs 脱壳并分析NSIS installer打包的文件
• [50星][4mo] [C++]troybowman/dtxmsg 辅助逆向DTXConnectionServices 框架
• [32星][1y] [Python]kasperskylab/actionscript3 SWF Loader、ActionScript3 Processor和 IDA 调试辅助插件
• [23星][3y] [Python]pfalcon/ida-xtensa2 IDAPython plugin for Tensilica Xtensa (as seen in ESP8266), version 2
• [17星][2y] [C]andywhittaker/idaproboschme7x IDA Pro Bosch ME7x C16x Disassembler Helper
• [16星][3y] [Python]0xdeva/ida-cpu-risc-v RISCV-V disassembler for IDA Pro
• [15星][5y] [Python]dolphin-emu/gcdsp-ida An IDA plugin for GC DSP reverse engineering
• [11星][2y] [C++]hyperiris/gekkops Nintendo GameCube Gekko CPU Extension plug-in for IDA Pro 5.2
• [5星][3y] [Python]thngkaiyuan/mynaim Nymaim 家族样本反混淆插件
  • 重复区段: 工具/反混淆 |
• [4星][1y] [Python]immortalp0ny/fyvmdisassembler IDAPython scripts for devirtualization/disassembly FinSpy VM
• [4星][3y] [Python]neogeodev/idaneogeo NeoGeo binary loader & helper for the Interactive Disassembler

GoLang

• [355星][8mo] [Python]sibears/idagolanghelper 解析Go语言编译的二进制文件中的GoLang类型信息
• [275星][2mo] [Python]strazzere/golang_loader_assist 辅助Go逆向

Windows驱动

• [212星][12mo] [Python]nccgroup/driverbuddy 辅助逆向Windows内核驱动
• [73星][4y] [Python]tandasat/winioctldecoder IDA插件，将Windows设备IO控制码解码成为DeviceType, FunctionCode, AccessType, MethodType.
• [23星][1y] [C]ioactive/kmdf_re 辅助逆向KMDF驱动

Apple&&iOS&&Objective-C

• [478星][3mo] [Python]maddiestone/idapythonembeddedtoolkit 自动分析嵌入式设备的固件
  • 重复区段: 工具/固件&&嵌入式设备 |
• [171星][2y] [Python]duo-labs/idapython Duo 实验室使用的IDAPython 脚本收集
  • 重复区段: 工具/固件&&嵌入式设备 |
  • cortex_m_firmware 整理包含ARM Cortex M微控制器固件的IDA Pro数据库
  • amnesia 使用字节级启发式在IDA Pro数据库中的未定义字节中查找ARM Thumb指令
  • REobjc 在Objective-C的调用函数和被调用函数之间进行适当的交叉引用
• [167星][11mo] [Python]bazad/ida_kernelcache 使用IDA Pro重建iOS内核缓存的C++类
• [167星][8y] [Python]zynamics/objc-helper-plugin-ida 辅助Objective-C二进制文件的分析
• [137星][8y] stefanesser/ida-ios-toolkit 辅助处理iOS kernelcache的IDAPython收集
• [50星][1y] [Python]synacktiv/kernelcache-laundering load iOS12 kernelcaches and PAC code in IDA

PS3&&PS4

• [68星][1mo] [C]aerosoul94/ida_gel A collection of IDA loaders for various game console ELF's. (PS3, PSVita, WiiU)
• [55星][7y] [C++]kakaroto/ps3ida IDA scripts and plugins for PS3
• [44星][2y] [C]aerosoul94/dynlib IDA Pro plugin to aid PS4 user mode ELF reverse engineering.
  • 重复区段: 工具/ELF |
• [29星][5y] [C++]oct0xor/deci3dbg Ida Pro debugger module for Playstation 3
  • 重复区段: 工具/导入导出&与其他工具交互/未分类 |

Loader&Processor

• [203星][1y] [Python]fireeye/idawasm WebAssembly loader & processor
• [158星][3w] [Python]nforest/droidimg Android/Linux vmlinux loader
  • 重复区段: 工具/Android |工具/ELF |
• [155星][2y] [Python]trailofbits/ida-evm IDA Processor Module for the Ethereum Virtual Machine (EVM)
• [135星][2w] [Python]argp/iboot64helper IDAPython loader to help with AArch64 iBoot, iBEC, and SecureROM reverse engineering
• [124星][2y] [C]gsmk/hexagon IDA processor module for the hexagon (QDSP6) processor
• [104星][1y] pgarba/switchidaproloader Loader for IDA Pro to support the Nintendo Switch NRO binaries
• [71星][2y] [Python]embedi/meloader 加载英特尔管理引擎固件
• [52星][5mo] [C++]mefistotelis/ida-pro-loadmap Plugin for IDA Pro disassembler which allows loading .map files.
• [37星][11mo] [C++]patois/nesldr Nintendo Entertainment System (NES) ROM loader module for IDA Pro
• [35星][1y] [Python]bnbdr/ida-bpf-processor BPF Processor for IDA Python
• [32星][5y] [Python]0xebfe/3dsx-ida-pro-loader IDA PRO Loader for 3DSX files
• [32星][1y] [C++]yifanlu/toshiba-mep-idp IDA Pro module for Toshiba MeP processors
• [28星][4y] [C]gdbinit/teloader A TE executable format loader for IDA
• [27星][3y] [Python]w4kfu/ida_loader loader module 收集
• [25星][2mo] [Python]ghassani/mclf-ida-loader An IDA file loader for Mobicore trustlet and driver binaries
• [23星][1y] [C++]balika011/belf Balika011's PlayStation 4 ELF loader for IDA Pro 7.0/7.1
• [23星][6y] vtsingaras/qcom-mbn-ida-loader IDA loader plugin for Qualcomm Bootloader Stages
• [20星][3y] [C++]patois/ndsldr Nintendo DS ROM loader module for IDA Pro
• [18星][8y] [Python]rpw/flsloader IDA Pro loader module for Infineon/Intel-based iPhone baseband firmwares
• [17星][7mo] [C++]gocha/ida-snes-ldr SNES ROM Cartridge File Loader for IDA (Interactive Disassembler) 6.x
• [16星][10mo] [Python]bnbdr/ida-yara-processor 针对已编译Yara规则文件的Loader&&Processor
  • 重复区段: 工具/签名(FLIRT等)&&比较(Diff)&&匹配/Yara |
• [16星][7mo] [C++]gocha/ida-65816-module SNES 65816 processor plugin for IDA (Interactive Disassembler) 6.x
• [16星][12mo] [Python]lcq2/riscv-ida RISC-V ISA processor module for IDAPro 7.x
• [15星][1y] [Python]ptresearch/nios2 IDA Pro processor module for Altera Nios II Classic/Gen2 microprocessor architecture
• [13星][2y] [Python]patois/necromancer IDA Pro V850 Processor Module Extension
• [13星][1y] [Python]rolfrolles/hiddenbeeloader IDA loader module for Hidden Bee's custom executable file format
• [10星][4y] [C++]areidz/nds_loader Nintendo DS loader module for IDA Pro 6.1
• [10星][6y] [python]cycad/mbn_loader IDA Pro Loader Plugin for Samsung Galaxy S4 ROMs
• [5星][7mo] [C++]gocha/ida-spc700-module SNES SPC700 processor plugin for IDA (Interactive Disassembler)
• [3星][7mo] [C++]gocha/ida-snes_spc-ldr SNES-SPC700 Sound File Loader for IDA (Interactive Disassembler)

PDB

• [61星][3mo] [C++]mixaill/fakepdb 通过IDA数据库生成PDB文件
• [38星][1y] [Python]ax330d/ida_pdb_loader IDA PDB Loader
• [14星][1y] [CMake]gdataadvancedanalytics/bindifflib Automated library compilation and PDB annotation with CMake and IDA Pro
• [2星][4mo] [Python]clarkb7/annotate_lineinfo Annotate IDA with source and line number information from a PDB

---

IDAPython本身

未分类

• [705星][2w] [Python]idapython/src IDAPython源码
• [360星][3w] [Python]tmr232/sark IDAPython的高级抽象
• [80星][4y] idapython/bin IDAPython binaries
• [65星][2y] [Python]alexander-hanel/idapython6to7 None

cheatsheets

• [225星][1mo] [Python]inforion/idapython-cheatsheet Scripts and cheatsheets for IDAPython

---

指令参考&文档

• [490星][11mo] [PLpgSQL]nologic/idaref 指令参考插件.
• [439星][3mo] [C++]alexhude/friend 反汇编显示增强, 文档增强插件
  • 重复区段: 工具/效率&&导航&&快速访问&&图形&&图像&&可视化 /其他 |
• [239星][2y] [Python]gdelugre/ida-arm-system-highlight 用于高亮和解码 ARM 系统指令
• [101星][2w] [Python]neatmonster/amie 针对ARM架构的FRIEND插件, 文档增强
• [45星][8y] [Python]zynamics/msdn-plugin-ida Imports MSDN documentation into IDA Pro

---

辅助脚本编写

• [237星][2w] [Python]eset/ipyida IPython console integration for IDA Pro
• [230星][2y] [Jupyter Notebook]james91b/ida_ipython 嵌入IPython内核
• [173星][3mo] [Python]techbliss/python_editor 脚本编辑界面
• [133星][2mo] [Python]arizvisa/ida-minsc IDA-minsc is a plugin for IDA Pro that assists a user with scripting the IDAPython plugin that is bundled with the disassembler. This plugin groups the different aspects of the IDAPython API into a simpler format which allows a reverse engineer to script aspects of their work with very little investment. Smash that "Star" button if you like this.
• [96星][1mo] [Python]patois/idapyhelper IDAPython脚本编写辅助
• [74星][3mo] [C++]0xeb/ida-qscripts An IDA plugin to increase productivity when developing scripts for IDA
• [5星][1y] [C++]patois/ida_vs2017 IDA 7.x VS 2017 项目模板
• [4星][6mo] inndy/idapython-cheatsheet scripting IDA like a Pro
• [4星][5y] [JavaScript]nihilus/ida-pro-plugin-wizard-for-vs2013 None

---

古老的

• [287星][5y] [Python]aaronportnoy/toolbag 反编译强化插件
• [163星][4y] [Python]isislab/fentanyl 简化打补丁
• [126星][6y] [C++]crowdstrike/crowddetox None
• [83星][6y] [Python]einstein-/hexrays-python Python bindings for the Hexrays Decompiler
• [76星][5y] [PHP]v0s/plus22 Tool to analyze 64-bit binaries with 32-bit Hex-Rays Decompiler
• [59星][5y] [C]nihilus/idastealth None
• [40星][6y] [C++]wirepair/idapinlogger Logs instruction hits to a file which can be fed into IDA Pro to highlight which instructions were called.
• [35星][8y] [Python]zynamics/ida2sql-plugin-ida None
• [27星][4y] [C++]luorui110120/idaplugins 一堆IDA插件，无文档
• [15星][7y] [Python]nihilus/optimice None

---

调试&&动态运行&动态数据

未分类

• [387星][11mo] [C++]cseagle/sk3wldbg 用Unicorn引擎做后端的调试插件
  • 重复区段: 工具/模拟器集成 |
• [182星][5y] [C++]nihilus/scyllahide 用户模式反-反调试
• [102星][4w] [Python]danielplohmann/apiscout 简化导入API恢复。可以从内存中恢复API信息。包含命令行版本和IDA插件。可以处理PE头被抹掉等ImpRec/ImpRec无法处理的情况。
• [81星][4y] [C++]wjp/idados DOSBox调试器插件
  • 重复区段: 工具/针对特定分析目标/未分类 |
• [56星][7y] [Python]cr4sh/ida-vmware-gdb 辅助Windows内核调试
• [38星][2y] [Python]thecjw/ida_android_script 辅助Android调试的IDAPython脚本
  • 重复区段: 工具/Android |
• [13星][5y] [Python]techbliss/free_the_debuggers 自动加载并执行调试器插件？？

DBI数据

• [913星][11mo] [Python]gaasedelen/lighthouse 从DBI中收集代码覆盖情况，在IDA/Binja中映射、浏览、查看
  • coverage-frida 使用Frida收集信息
  • coverage-pin 使用Pin收集覆盖信息
  • 插件 支持IDA和BinNinja
• [128星][3y] [Python]friedappleteam/frapl 在Frida Client和IDA之间建立连接，将运行时信息直接导入IDA，并可直接在IDA中控制Frida
  • IDA插件
  • Frida脚本
• [121星][5y] [C++]zachriggle/ida-splode 使用Pin收集动态运行数据, 导入到IDA中查看
  • IDA插件
  • PinTool
• [116星][2y] [C++]0xphoenix/mazewalker 使用Pin收集数据，导入到IDA中查看
  • mazeui 在IDA中显示界面
  • PyScripts Python脚本，处理收集到的数据
  • PinClient
• [88星][8y] [C]neuroo/runtime-tracer 使用Pin收集运行数据并在IDA中显示
  • PinTool
  • IDA插件
• [51星][10mo] [Python]cisco-talos/dyndataresolver 动态数据解析: 在IDA中控制DyRIO执行程序的指定部分, 记录执行过程后传回数据到IDA
  • DDR 基于DyRIO的Client
  • IDA插件

调试数据

• [379星][3mo] [Python]ynvb/die 使用IDA调试器收集动态运行信息, 辅助静态分析
• [375星][4y] [Python]deresz/funcap 使用IDA调试时记录动态信息, 辅助静态分析
• [103星][3y] [Python]c0demap/codemap Hook IDA，调试命中断点时将寄存器/内存信息保存到数据库，在web浏览器中查看
  • IDA插件
  • Web服务器

---

反编译器

• [1652星][6mo] [C++]yegord/snowman Snowman decompiler
• [463星][4y] [Python]einstein-/decompiler 多后端的反编译器, 支持IDA和Capstone.
• [398星][2mo] [C++]avast-tl/retdec-idaplugin retdec 的 IDA 插件
• [288星][5y] [C++]smartdec/smartdec 反编译器, 带IDA插件(进阶版为: snowman)
  • IDA插件
  • nocode 命令行反编译器
  • smartdec 带GUI界面的反编译器
  • nc 反编译器的核心代码

---

反混淆

• [534星][2y] [Python]anatolikalysch/vmattack 基于虚拟化的壳的分析(静态/动态)与反混淆
  • 重复区段: 工具/针对特定分析目标/未分类 |
• [278星][2mo] [C++]rolfrolles/hexraysdeob 利用Hex-Rays microcode API破解编译器级别的混淆
  • 重复区段: 工具/Microcode |
• [201星][2y] [Python]tkmru/nao 移除死代码(dead code), 基于Unicorn引擎
  • 重复区段: 工具/模拟器集成 |
• [47星][2y] [Python]riscure/drop-ida-plugin Experimental opaque predicate detection for IDA Pro
• [5星][3y] [Python]thngkaiyuan/mynaim Nymaim 家族样本反混淆插件
  • 重复区段: 工具/针对特定分析目标/未分类 |

---

效率&&导航&&快速访问&&图形&&图像&&可视化

其他

• [1303星][1y] [C++]rehints/hexrayscodexplorer 反编译插件, 多功能

• [439星][3mo] [C++]alexhude/friend 反汇编显示增强, 文档增强插件

  • 重复区段: 工具/指令参考&文档 |

• [358星][3w] [Python]l4ys/lazyida 若干快速访问功能, 扫描字符串格式化漏洞

  • 重复区段: 工具/漏洞 |

    查看详情

    功能

    • 快速移除函数返回类型
    • 数据格式(format)快速转换
    • 扫描字符串格式化漏洞
    • 双击跳转vtable函数
    • 快捷键: w/c/v

• [323星][2mo] [Python]pfalcon/scratchabit 交互式反汇编工具, 有与IDAPython兼容的插件API

• [216星][5mo] [Python]patois/dsync 反汇编和反编译窗口同步插件

• [179星][4mo] [Python]hasherezade/ida_ifl 交互式函数列表

• [170星][2w] [Python]danigargu/dereferencing 调试时寄存器和栈显示增强

• [130星][2y] [Python]comsecuris/ida_strcluster 扩展IDA的字符串导航功能

• [97星][1y] [Python]darx0r/stingray 递归查找函数和字符串

• [80星][1y] [Python]ax330d/functions-plus 解析函数名称，按命名空间分组，将分组结果以树的形式展示

• [47星][2mo] [C++]jinmo/ifred IDA command palette & more (Ctrl+Shift+P, Ctrl+P)

• [23星][6y] [C++]cr4sh/ida-ubigraph IDA Pro plug-in and tools for displaying 3D graphs of procedures using UbiGraph

• [5星][2y] [Python]handsomematt/ida_func_ptr 右键菜单中快速拷贝函数指针定义

显示增强

• [200星][3w] [Python]patois/idacyber 交互式数据可视化插件
• [103星][2y] [Python]danigargu/idatropy 使用idapython和matplotlib的功能生成熵和直方图的图表
• [89星][5mo] [Python]patois/hrdevhelper 反编译函数CTree可视化
• [47星][3w] [Python]patois/xray 根据正则表达式对IDA反编译输出的特定内容进行高亮显示
• [5星][3y] [Python]oct0xor/ida_pro_graph_styling call/jump指令高亮显示
• [5星][1y] [C]teppay/ida 指令高亮，黑色主题

图形&&图像

• [2554星][4mo] [Java]google/binnavi 二进制分析IDE, 对反汇编代码的控制流程图和调用图进行探查/导航/编辑/注释.(IDA插件的作用是导出反汇编)
• [229星][2y] [C++]fireeye/simplifygraph 复杂graphs的简化

搜索

• [149星][2y] [Python]ga-ryo/idafuzzy 模糊搜索: 命令/函数/结构体
• [64星][3y] [Python]xorpd/idsearch 搜索工具

---

针对特定CTF

• [129星][2y] [Python]pwning/defcon25-public DEFCON 25 某Talk用到的 反汇编器和 IDA 模块

---

Android

• [220星][2y] [Python]strazzere/android-scripts Android逆向脚本收集
• [158星][3w] [Python]nforest/droidimg Android/Linux vmlinux loader
  • 重复区段: 工具/ELF |工具/针对特定分析目标/Loader&Processor |
• [115星][3y] [Python]cvvt/dumpdex 基于IDA python的Android DEX内存dump工具
• [79星][2y] [Python]zhkl0228/androidattacher IDA debugging plugin for android armv7 so
• [39星][5y] [Python]techbliss/adb_helper_qt_super_version All You Need For Ida Pro And Android Debugging
• [38星][2y] [Python]thecjw/ida_android_script 辅助Android调试的IDAPython脚本
  • 重复区段: 工具/调试&&动态运行&动态数据/未分类 |
• [16星][7y] [C++]strazzere/dalvik-header-plugin Dalvik Header Plugin for IDA Pro

---

iOS&&macOS&&iPhone&&iPad&&iXxx

• [47星][6mo] [C]gdbinit/extractmacho IDA plugin to extract Mach-O binaries located in the disassembly or data
• [18星][2y] aozhimin/ios-monitor-resources 对各厂商的 iOS SDK 性能监控方案的整理和收集后的资源
• [18星][3y] [C]cocoahuke/iosdumpkernelfix This tool will help to fix the Mach-O header of iOS kernel which dump from the memory. So that IDA or function symbol-related tools can loaded function symbols of ios kernel correctly
• [17星][9y] [C++]alexander-pick/patchdiff2_ida6 patched up patchdiff2 to compile and work with IDA 6 on OSX
• [17星][8y] [C]gdbinit/machoplugin IDA plugin to Display Mach-O headers
• [14星][7y] [Standard ML]letsunlockiphone/iphone-baseband-ida-pro-signature-files IDA PRO signature files that can be used in reversing the iPhone baseband. On an iPhone 4 firmware can pickup upto 800 functions when all the sigs applied.
  • 重复区段: 工具/签名(FLIRT等)&&比较(Diff)&&匹配/未分类 |

---

ELF

• [513星][2y] [C]lunixbochs/patchkit 给ELF文件打补丁(命令行+IDA插件)(可编写Python回调,C函数替换等)
  • IDA插件
  • patchkit
• [199星][5y] [C]snare/ida-efiutils 辅助ELF逆向
• [158星][3w] [Python]nforest/droidimg Android/Linux vmlinux loader
  • 重复区段: 工具/Android |工具/针对特定分析目标/Loader&Processor |
• [125星][6mo] [Python]danigargu/syms2elf A plugin for Hex-Ray's IDA Pro and radare2 to export the symbols recognized to the ELF symbol table
  • 重复区段: 工具/导入导出&与其他工具交互/未分类 |
• [90星][2y] [C++]gdbinit/efiswissknife An IDA plugin to improve (U)EFI reversing
• [82星][2mo] [Python]yeggor/uefi_retool 在UEFI固件和UEFI模块分析中查找专有协议的工具
• [44星][2y] [C]aerosoul94/dynlib IDA Pro plugin to aid PS4 user mode ELF reverse engineering.
  • 重复区段: 工具/针对特定分析目标/PS3&&PS4 |
• [44星][4y] [Python]danse-macabre/ida-efitools Some scripts for IDA Pro to assist with reverse engineering EFI binaries
• [42星][4y] [Python]strazzere/idant-wanna ELF header abuse

---

Microcode

• [278星][2mo] [C++]rolfrolles/hexraysdeob 利用Hex-Rays microcode API破解编译器级别的混淆
  • 重复区段: 工具/反混淆 |
• [185星][3mo] [C++]chrisps/hexext 通过操作microcode, 优化反编译器的数据
• [56星][3mo] [Python]patois/genmc 显示Hex-Rays 反编译器的Microcode，辅助开发Microcode插件
• [42星][3w] [Python]idapython/pyhexraysdeob 工具 RolfRolles/HexRaysDeob 的Python版本
• [18星][8mo] [Python]neatmonster/mcexplorer 工具 RolfRolles/HexRaysDeob 的 Python 版本

---

模拟器集成

• [472星][11mo] [Python]alexhude/uemu 基于Unicorn的模拟器插件
• [387星][11mo] [C++]cseagle/sk3wldbg 用Unicorn引擎做后端的调试插件
  • 重复区段: 工具/调试&&动态运行&动态数据/未分类 |
• [381星][3y] [Python]36hours/idaemu 基于Unicorn引擎的代码模拟插件
  • 重复区段: 工具/未分类 |
• [261星][1mo] [Python]fireeye/flare-emu 结合Unicorn引擎, 简化模拟脚本的编写
  • 重复区段: 工具/未分类 |
• [201星][2y] [Python]tkmru/nao 移除死代码(dead code), 基于Unicorn引擎
  • 重复区段: 工具/反混淆 |
• [124星][2y] [Python]codypierce/pyemu 在IDA中使用x86模拟器

---

作为辅助&&构成其他的一环

• [1497星][2w] [Python]trailofbits/mcsema 将x86, amd64, aarch64二进制文件转换成LLVM字节码
  • IDA7插件 用于反汇编二进制文件并生成控制流程图
  • IDA插件 用于反汇编二进制文件并生成控制流程图
  • Binja插件 用于反汇编二进制文件并生成控制流程图
  • mcsema
• [413星][3w] [C]mcgill-dmas/kam1n0-plugin-ida-pro 汇编代码管理与分析平台(独立工具+IDA插件)
  • 重复区段: 工具/签名(FLIRT等)&&比较(Diff)&&匹配/未分类 |
  • IDA插件
  • kam1n0

---

漏洞

• [482星][5mo] [Python]danigargu/heap-viewer 查看glibc堆, 主要用于漏洞开发

• [375星][2y] [Python]1111joe1111/ida_ea 用于辅助漏洞开发和逆向

• [358星][3w] [Python]l4ys/lazyida 若干快速访问功能, 扫描字符串格式化漏洞

  • 重复区段: 工具/效率&&导航&&快速访问&&图形&&图像&&可视化 /其他 |

    查看详情

    功能

    • 快速移除函数返回类型
    • 数据格式(format)快速转换
    • 扫描字符串格式化漏洞
    • 双击跳转vtable函数
    • 快捷键: w/c/v

• [136星][6mo] [Python]iphelix/ida-sploiter 辅助漏洞研究

• [32星][6y] [Python]coldheat/quicksec IDAPython script for quick vulnerability analysis

• [19星][1y] [Python]lucasg/idarop 列举并存储ROP gadgets

---

补丁&&Patch

• [704星][11mo] [Python]keystone-engine/keypatch 汇编/补丁插件, 支持多架构, 基于Keystone引擎
• [88星][5y] [Python]iphelix/ida-patcher 二进制文件和内存补丁
• [42星][3y] [C++]mrexodia/idapatch IDA plugin to patch IDA Pro in memory.
• [29星][2mo] [Python]scottmudge/debugautopatch Patching system improvement plugin for IDA.
• [15星][8y] [C++]jkoppel/reprogram Patch binaries at load-time

---

其他

• [122星][2y] [Shell]feicong/ida_for_mac_green IDAPro 绿化增强版 （macOS）
• [25星][4mo] angelkitty/ida7.0
• [15星][2y] jas502n/ida7.0-pro IDA7.0 下载

---

Qt

• [25星][11mo] techbliss/ida_pro_ultimate_qt_build_guide Ida Pro Ultimate Qt Build Guide
• [13星][1mo] [Python]tmr232/cute 在IDAPython中兼容QT4/QT5
• [9星][3y] [Python]techbliss/ida_pro_screen_recorder PyQt plugin for Ida Pro for Screen recording.

TODO

• 对工具进行更细致的分类
• 为工具添加详细的中文描述，包括其内部实现原理和使用方式
• 添加非Github repo
• 添加文章

文章

贡献

内容为系统自动导出, 有任何问题请提issue