A collection of Python resources for Debugging and reverse engineering – these may assist your pentesting or security research
PaiMei, is a reverse engineering framework consisting of multiple extensible components. The framework can essentially be thought of as a reverse engineer’s swiss army knife and has already been proven effective for a wide range of both static and dynamic tasks such as fuzzer assistance, code coverage tracking, data flow tracking and more. The package includes includes PyDBG, PIDA, pGRAPH
IDAPython is an IDA plugin which makes it possible to write scripts for IDA in the Python programming language. IDAPython provides full access to both the IDA API and any installed Python module. there are several example scripts provided in the repository.
Immunity Debugger is a powerful new way to write exploits, analyze malware, and reverse engineer binary files. It builds on a solid user interface with function graphing, the industry’s first heap analysis tool built specifically for heap creation, and a large and well supported Python API for easy extensibility. Yo9u can read more about the debugger and see more features at http://immunityinc.com/products/debugger/index.html
pefile is a multi-platform Python module to parse and work with Portable Executable (aka PE) files. Most of the information contained in the PE headers is accessible as well as all sections’ details and their data.
Microsoft releases free and powerfull debugging tools for Windows. The packadge includes the well known ‘WinDbg’ debugger, which, at its core, runs on top the Windows debugging engine – dbgeng.dll. PyDbgEng is a Python Wrapper For Microsoft Debug Engine.
Now that you have a scriptable debugger, here are some of the things you can do:
Automatic Executable Unpacking
Powerful Disassembler Library For x86/AMD64. diStorm3 is really a decomposer, which means it takes an instruction and returns a binary structure which describes it rather than static text, which is great for advanced binary code analysis.
python-ptrace is a debugger using ptrace (Linux, BSD and Darwin system call to trace processes) written in Python. Docs are at https://python-ptrace.readthedocs.io/en/latest/
High level Python object API : PtraceDebugger and PtraceProcess
Able to control multiple processes: catch fork events on Linux
Read/write bytes to arbitrary address: take care of memory alignment and split bytes to cpu word
Execution step by step using ptrace_singlestep() or hardware interruption 3
Can use distorm disassembler
Dump registers, memory mappings, stack, etc.
Syscall tracer and parser (strace.py command)
Androguard is a full python tool to reverse engineer and analyse of Android applications. you can read the documentation at https://androguard.readthedocs.io/en/latest/
Android’s binary xml
Disassemble DEX/ODEX bytecodes
Decompiler for DEX/ODEX files
Capstone is a lightweight multi-platform, multi-architecture disassembly framework.
Our target is to make Capstone the ultimate disassembly engine for binary analysis and reversing in the security community.
lightweight multi-platform, multi-architecture assembler framework with Python bindings.
A Python interface to the GNU Binary File Descriptor (BFD) library.
It’s a complete (or at least tries to be) wrapper around the low level functionality provided by GNU Binutils libopcodes and libbfd. This allows the user to manipulate all the supported architectures and file formats that Binutils tools does.
CHIPSEC is a framework for analyzing the security of PC platforms including hardware, system firmware (BIOS/UEFI), and platform components. It includes a security test suite, tools for accessing various low level interfaces, and forensic capabilities. It can be run on Windows, Linux, Mac OS X and UEFI shell. Instructions for installing and using CHIPSEC can be found in the manual.
PyCommand for Immunity Debugger that replaces and improves on pvefindaddr
The Universal Hooker is a tool to intercept execution of programs. It enables the user to intercept calls to API calls inside DLLs, and also arbitrary addresses within the executable file in memory. The Universal Hooker tries to create very simple abstractions that allow a user of the tool to write hooks for different API and non-API functions using an interpreted language (python), without the need to compile anything, and with the possibility of changing the code that gets executed when the hooked function is called in run-time.
HAve we missed any tools, do you know of or have a script that you feel should be listed. Leave us a comment and we will take a look