mentebinaria / retoolkit Goto Github PK
View Code? Open in Web Editor NEWReverse Engineer's Toolkit
License: Apache License 2.0
Reverse Engineer's Toolkit
License: Apache License 2.0
A nice freeware tool to navigate and edit PE files
I've been trying to add a few tools to the right-click menu on Windows but without success. It works for single entries, but I wanted to have them under a retoolkit
sub-menu. The later only worked with admin rights. 😢
Recent x64dbg versions provide a way to disable memory randomization at Options -> Preferences -> Engine -> Disable ASLR, thus the ASLR Removal plugin can be removed.
pe_unmapper is a simple but useful tool that works with PE alignments to map/unmap files.
Salve, Mercês. Obrigado pelo pacote disponibilizado neste repositório.
Apenas uma sugestão para que fosse possível "Reproducible builds":
Uma vez que temos o seu fonte do instalador, o ideal era que você também disponibilizasse a origem ou pelo menos a hash das ferramentas que você utiliza em cada release do retoolkit para que tivéssemos a plena certeza de que o instalador esteja de acordo com as fontes.
Até pelo aviso que você colocou, eu entendo que não tem como colocar exatamente a origem de certas ferramentas que você inclui. Mas o que estou sugerindo é que nesses casos extremos a hash sirva para quem deseja fazer a verificação (ou o "reproducible build").
Quem me garante que um dia você (conscientemente ou não) resolva colocar um spyware no meio da release? =) Justamente para evitar a confiança cega, sugiro essa mudança. Na minha opinião, você tem uma excelente reputação e eu confio que você não faria algo do tipo. Mas vai que? E se um dia tua conta aqui do Github é invadida e lançam sorrateiramente uma nova release com um malware?
Mais uma vez, eu sei que você avisou que talvez não seja seguro usar essas ferramentas mesmo que numa VM temporária. Mas o que estou sugerindo é uma forma de pegarmos seus fontes + arquivos das ferramentas = instalador "limpo" criado pelo usuário, tirando da equação a confiança em uma pessoa.
Obrigado
FileInsight-plugins: decoding toolbox of McAfee FileInsight hex editor for malware analysis
https://github.com/nmantani/FileInsight-plugins
Nice cli to work with OLE files https://github.com/decalage2/oletools
Originally posted by @AandersonL in https://github.com/mentebinaria/retoolkit/discussions/30
I wrote this tool a couple time ago, I've been using to download malware samples inside Windows. Maybe can be useful :)
Fakenet is a very useful tool for C2 emulation, it allows write custom Python scripts and dump packets, it's suspended for it's development but still works pretty well!
It would be nice to see ExtremeDumper as part of the toolkit. By far the easiest way to dump .NET assemblies from memory while they are running. As far as I know, none of the current tools are capable of doing that.
Immunity Debugger is a powerful new way to write exploits, analyze malware, and reverse engineer binary files. It builds on a solid user interface with function graphing, the industry's first heap analysis tool built specifically for heap creation, and a large and well supported Python API for easy extensibility.
https://www.immunityinc.com/products/debugger/
OllyDbg is a 32-bit assembler level analysing debugger for Microsoft® Windows®. Emphasis on binary code analysis makes it particularly useful in cases where source is unavailable.
https://www.ollydbg.de/
- Wireshark is the world's foremost network protocol analyzer. It lets you see what's happening on your network at a microscopic level. It is the de facto (and often de jure) standard across many industries and educational institutions.
- nmap is a free and open source utility for network discovery and security auditing. https://nmap.org/
- IDA Freeware: https://hex-rays.com/ida-free/
Only binaries are included in the current release. License and readme file are needed.
I can not open it with window 64bit.
Wireshark (network analysis and capture tool + USB capture) is GPL2. There should be no barrier to redistribution. The protocol analyzers are quite nice. Blah blah blah, everyone knows about Wireshark.
This is a tentative suggestion for a tool addition, because I do not know whether it fits the scope.
However, I can firmly recommend the Rohitab API Monitor as one of the best Windows API tracing tools I have ever used:
dll_to_exe is a simple and useful tool to convert a "dll" into an "exe":
The current version does not add Python to the PATH variable, also if one types only python.exe a MS store pop-up will open, so it's good to remove the python.exe wrapper that MS uses to open the store.
del %localappdata%\Microsoft\WindowsApps\python.exe
The same also happen if type python3.exe and python3.7.
The OllyDumpEx plugin supports x64dbg and is a fantastic plugin to dump payloads from memory:
https://low-priority.appspot.com/ollydumpex/#download
I feel like this would be very useful to include this with the x64dbg that comes with retoolkit.
OllyDumpEx can be downloaded from the following location:
4n4lDetector is an analysis tool for Microsoft Windows executable files, libraries, drivers and mdumps for x86 and x64. As of v1.8 an extended use for analyzing anomalies in Linux ELF executables was also included. Its main objective is to collect the necessary information to facilitate the identification of malicious code inside the analyzed files. This tool analyzes, among other things, the PE header and its structure, the content of the sections, the different types of strings, among many other things. It also incorporates a multitude of its own ideas to recognize anomalies in the construction of files and the detection of mechanisms used by current malware.
https://www.enelpc.com/p/4n4ldetector.html
https://github.com/4n0nym0us/4n4lDetector
Some of these are not open source but he is okay with sharing them and you can see the code with dnspy, they are not obfuscated.
https://github.com/CodeCracker-Tools
https://github.com/CodeCrackerSND
https://gitlab.com/CodeCracker
and here is a list of a lot .Net Tools for reverse engineering
https://github.com/NotPrab/.NET-Deobfuscator
I also have more tools on my repo which can be found here, however I don't have the source code : https://github.com/InstinctEx/deobfuscatetools/
I'm not asking for every single bit of those tools to get added but some of them are really useful.
Making this issue so you can check them out.
I want to add some other tools in retoolkit and build my own version. But I don't know how to. Where can I download the programs so that I can build retoolkit.exe by myself? Thanks.
VBDec is a amazing tool for Visual Basic P-Code disassembling and debugging, it's free and very powerful!
Add entropy for fast entropy calculation.
xntsv is a nice utility tool to inspect process structures such as PEB, TEB, etc using a nice GUI:
GoReSym is a Golang symbol recovery tool, it's useful against obfuscated Golang samples:
Currently Cutter debugger is on Beta and is not considered stable enough like x64dbg, so it's fit better in the decompiler/disassembler section as this is his main purpose.
The current software management solution is not very aesthetically pleasing and can be optimised by using similar software as in the example below
Website:
https://dawnlauncher.com/
https://github.com/fanchenio/Dawn-Launcher
Advantages: Can create subcategories (this allows for better classification)
Note: The international UI needs to be improved
wouldn't it be better to just add the retoolkit in the first context menu? it's annoying to have to right click and then click send to everytime
Since 2022-10-10 the minidump
command was added so you can remove that plugin as well.
After installing it installs a bunch of applications including 7-zip i believe. But after uninstalling the applications go away except 7-Zip.
Why?
Because the current README.md is described in English, this translation was done to facilitate the replacement of non-English users to understand the tool set retoolkit. I hope it can be adopted and improved.
中文简体 (Chinese Simplified):
Please see the uploaded attachment
README_zh_CN.md
gftrace is a tool I created some time ago. It's a Windows API tracing tool for Golang programs that abuses the Golang runtime to perform the tracing and ignores most part of the Golang runtime noise. It's useful for dynamic analysis of obfuscated and/or trojanized Golang samples:
Tool Request
Can you add PEiD, please?
For malware analysis, peid and its plugin Kanal are very useful
Thanks in advance!
The project is currently missing the issue templates which might help the users to submit category-based issues. If you would like to add them, then I would like to submit a Pull Request with some relevant issue templates.
Thanks.
XOpcodeCalc is a nice utility tool for opcode calculation. It's useful as a fast assembly reference during RE:
Adicione o IDA Pro
Hi,
Thanks for your great work of gathering these amazing tools together!
Yesterday, we released the first version (v0.1) of the HyperDbg debugger along with its compiled binaries. It would be a pleasure to be in RE Toolkit again.
Thanks,
mal_unpack is a dynamic unpacker based on PE-sieve. It's very useful for automated malware unpacking:
Please consider adding Jadx (https://github.com/skylot/jadx) to the list of decompilers as well.
ref: https://twitter.com/ThatAndroidUser/status/1379244013308502017
WinObjEx64 is a tool that allows you to inspect the Windows Object Manager namespace and information such as list of deployed drivers, process information, callbacks information, etc:
dumpulator is an amazing tool that emulates process dumps. It's very useful for string decryption, desobfuscation, etc:
hollows_hunter is a process analysis tool that can be used to recognize and dump malicious implants such as shellcodes, hooks, etc:
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.