Vulnerability Research Tools

In this post I compiled all the popular vulnerability research tools. In each category I first listed the tool(s) I personally use, and then followed with alternatives. I do not encourage pirating but all of the payed programs can be found on pirate websites.

Disassemblers and Reverse Engineering Tools

Disassemblers decode machine instructions in binary into their readable assembly representation. The following programs have evolved beyond simple disassembly to become full platforms for reverse engineering with features such as custom symbol naming, graphically viewing code flow, and listing references in the assembly to functions and data. The more advanced tools also support decompilation which is the process of converting the assembly into higher level code such as C or C++.
  • IDA Pro

    ida pro reverse engineering tool
    • Costs around $2000 for a license with multiple decompilers (free trial available) 
    • A limited feature freeware version is available here.
    • Supports decompiling
    • ~170 community sourced plugins here
    • My personal favorite and the most popular among the global security community
    • Available for MAC, Linux, and Windows
  • Radare2 

    radare2 reverse engineering tool
    • Free opensource software ๐Ÿ™‚ available for download here
    • Supports decompiling
    • ~40 community plugins available here
    • Available for MAC, Linux, and Windows
  • Binary Ninja

    binary ninja reverse engineering tool
    •  $150 personal license
    • A feature limited demo version is available here
    • Supports decompiling
    • ~70 community plugins available here
    • Available for MAC, Linux, and Windows
  • Ghidra
    ghidra reverse engineering tool

    • Originally developed by the NSA but is now free opensource software ๐Ÿ™‚ available for download here 
    • Supports decompiling
    •  ~10 community plugins available here
    • Available for MAC, Linux, and Windows
  • JEB Pro

    • Costs $1800 for a license (free trial available)
    • A limited feature demo version is available here
    • Supports decompiling
    •  ~20 plugins available here
    • Available for MAC, Linux, and Windows

Debuggers

Debuggers are very helpful in dynamically analyzing the flow of a program, and equally helpful in debugging an exploit.
  • WinDbg

    windbg logo
    • Free but closed source. Can be download from the Microsoft Store or with the Windows SDK
    • By far the most powerful windows debugger on the list. 
    • Very steep learning curve
    • I recommend this theme (there is no easy way to import themes except .reg files)
    • My personal favorite Windows debugger
    • Available for Windows
  • GDB

    gnu gdb fish logo
    • Free and opensource ๐Ÿ™‚ . Can be downloaded with "apt-get install gdb"
    • Relatively steep learning curve because of command line interface
    • I recommend downloading the pwndbg extension to have better colors and more features
    • My personal favorite Linux debugger
    • Available for MAC, Linux and Windows
  • OllyDbg

    olydbg logo
    • Free and opensource ๐Ÿ™‚. Can be downloaded here
    • The most gradual learning curve
    • Available for Windows

Executable Analysis Tools

The following tools are helpful to get a glimpse on executable internals, when opening a full reverse engineering platform such as IDA would be overkill.
  • CFF Explorer

    cff explorer logo
    • Free and opensource ๐Ÿ™‚. Can be downloaded from here
    • Easy to use GUI
    • Available for Windows
  • GNU ELF utils

    gnu elf utils logo
    • Free and opensource๐Ÿ™‚. Can be download with "apt-get install elfutils"
    • Command Line Interface
    • Available for MAC, Linux and Windows

Windows Specific Research Tools

  • Sysinternals Suite
    sysinternals suite logo

    • Free. Can be downloaded here
    • Most diverse and useful set of windows tools  in one package.
    • Powerful programs for example "procmon" that allows you to view all file operations a program is making
    • Easy to use GUI
    • Available for Windows
  • Resource Hacker
    resource hacker logo

    • Free. Can be downloaded here
    • Allows viewing and editing executable file resources
    • Especially useful when program use a lot of strings from their resource table via LoadStringA() winapi call 
    • Easy to use GUI
    • Available for Windows

Hex Editor Tools

  • 010 Editor
    sweetscape 010 logo

    • 50$ License for home users
    • Free trial available on any download from here
    • Features common file type parsers and you can easily add your own
    • Features helpful scripts that can be applied on selected parts of the file such as hash operations
    • My go-to hex editor
    • Easy to use GUI
    • Available for MAC, Linux and Windows
  • HxD
    hxd editor logo

    • Free. Can be downloaded here
    • Easy to use GUI
    • Available for Windows

Source Code Analysis Tools

For hunting for vulnerabilities in source code.
  • Source Insight

    source insight logo
    • $239 for home license
    • Free trial available here
    • My favorite source code viewer
    • Easy to use GUI
    • packed with features 
    • Available for Windows
  • Visual Studio Code

    source insight logo
    • Free and opensource๐Ÿ™‚ . Download here
    • Great when looking for a lightweight interface 
    • Available for MAC, Linux and Windows

Documentation 

This is sometimes overlooked, but it's so important. For example do you remember how snprintf behaves on windows when input is too long? does_snprintf behave the same way? The answer is that it doesn't and that's why it's handy to have documentation around.
  • MSDN 

    msdn logo
    • For everything Microsoft related
  • Linux MAN pages
    manpage for man

    • For everything UNIX related 

As usual, if I missed anything let me know :P

Comments

  1. There are so many conditions of reverse engineering. One of the most important condition is the original manufacturer of the product is no longer producing the product. Otherwise reverse engineering is not possible. Reverse engineering Grand Prairie, Alberta

    ReplyDelete
    Replies
    1. That is simply not true. It is possible to reverse engineer a product even if it's actively being developed. See this post for an example.

      Delete

Post a Comment

Popular posts from this blog

CVE-2019-12181 Serv-U Exploit Writeup

What Value Is Stored In Uninitialized Variables?