"%" means not tested by me personally.
- syscall.sh: Linux ARMv7/AArch64/x86/x86_64 ABI and syscall tables
- %C8051F34x_Glitch: silicon glitching tutorial
- Binary Ninja: interactive native code disassembler, decompiler, and debugger
- BinExport: companion tool for BinDiff
- when building, replace the BN SDK it downloads with a path to BN API library
- SENinja: symbolic execution engine for BN with a debugger-like API, based on Z3
- hexfiles: Intel HEX / Motorola SREC / TI-TXT file loader
- %binja-8051: 8051 architecture
- binja-avnera: Avnera architecture
- binja-m16c: Renesas M16C architecture
- cryptoscan: detector of common cryptographic algorithms
- Rust string slicer: detect Rust strings in code and data
- blob extractor: frontend for unblob
- %mole: static backward slicing through MLIL
- BinExport: companion tool for BinDiff
- %binsync: cross-decompiler (Binary Ninja / Ghidra / IDA) collaboration tool
- BinDiff: comparison tool operating on control flow graphs
- %ReGenny: interactive C/C++ structure reconstruction tool and SDK generator
- %UE4Genny: late Unreal Engine 4 and Unreal Engine 5 SDK generator
- %Source2Gen: Source 2 SDK generator
- dnSpyEx: interactive CLR decompiler and debugger
- %hal: interactive netlist analysis and manipulation tool
- %Pylingual: Python bytecode decompiler and patcher
- WinDbg: Windows kernel and user-mode debugger
- x64dbg: OllyDbg if it was maintained; Windows user-mode x86/x64 debugger
- %BugChecker: SoftICE if it was maintained; preemptive Windows kernel and user-mode debugger; requires PS/2 keyboard and linear framebuffer
- %libdebug: GDB if it had an API; Python interface to GDB with a CTF/RE focus
- rr: deterministic record/replay debugger for Linux x86/x64/arm64
- Unicorn: CPU emulator with fine-grained instrumentation, hooks for memory accesses, Python API, ...
- %PANDA: fork of QEMU with support for whole system record/replay and a plugin system for taint analysis, callgraph tracing, ...
- %Pydgin: Python DSL for generating instruction set simulators
- %usersim: implementation of Windows kernel APIs on top of Windows user-mode APIs, for KMDF driver testing, fuzzing, ...
- %Qiling: emulator for Windows, Linux, macOS, Android, BSD, UEFI, ... kernel and user-mode APIs based on Unicorn
- %Limbo: XNU (Darwin) userspace syscall emulator for Linux
- ExtremeDumper: online .NET assembly dumper
- %Triton: dynamic symbolic execution and LLVM/SMT lifting; "like doing heart surgery with a blender"
- %Shiva: ELF dynamic linker that performs just-in-time symbol (function, data) interposition; AArch64 only
- %wsh: loads ET_DYN ELF files and makes API available for scripting
- %mesos: basic block coverage collector for unmodified Windows user-mode binaries; requires IDA
- NtLua: Windows kernel mode driver with a Lua interpreter, including ntoskrnl exports and x86 intrinsics
- Detours: Windows user-mode API hooking library
- %Frida: Windows/macOS/Linux/Android API tracing and instrumentation tool
- %Avatar2: toplevel runner for other tools (qemu, angr, openocd, ...), primarily for embedded system analysis, debugging, record/replay, ...
- CSharpRepl: C# REPL
- readpe: PE file reader, like
objdump -pbut works better on malware - %wld: transforms ELF executables into ELF shared libraries; arch-independent
- %wcc: transforms ELF/PE/COFF binaries into ELF relocatable object files (unlinker)
- superlinker: combines ET_DYN ELF files with each other and the program interpreter
- %dll-merger: merges PE libraries into executables
- ApplyDeltaB: applies forward/reverse delta patches from Windows Update .msu files or WinSxS
- Detect it Easy: Windows/Linux/macOS/Android/DOS/... executable and archive analysis tool with a focus on malware analysis and protection/compression/... detection
- %Microwalk: static/dynamic microarchitectural leakage detection framework
- %GoReSym: Go symbol recovery based on Go compiler internals
- %Zydis: x86/x64 disassembler with no dependencies or allocations
- %LIEF: ELF/PE/MachO parsing and modification library
- pefile: PE parsing library for Python
- %seer: byte histogram based CPU architecture recognition tool
- cpu_rec: Markov chain based CPU architecture recognition tool
- %allyourbase: fast, FFT-based firmware base address detection tool
- %at51: 8051 firmware reverse engineering tools with a focus on Keil C51
- bingrep: ELF/PE/MachO binary printer, like colorful
objdumpthat works well with PE/MachO; not a search tool! - %miasm: disassembly, lifting, symbolic and dynamic execution library
- %angr: disassembly, lifting, and symbolic execution library
- %IAT patcher: replaces an imported function in a PE file with exports from another file
- PE-bear: interactive PE file viewer and editor
- FLOSS:
stringsif it was good and not based on libbfd; searches for C/Rust/Go strings in read-only data sections, stack-allocated strings, strings in vector registers; PE-only - revng: tool to convert machine code fragments into equivalent compilable C code; made by crackheads??
- %angrop: automated ROP gadget search and chain construction
- %Ropper: ROP gadget search and display tool
- apktool: Android application decompiler/recompiler; emits/consumes smali
- jadx: Android application decompiler; emits Java
- de4js: JavaScript deobfuscator and unpacker
- %unpac.me: automated malware unpacking
- binwalk: firmware/filesystem/archive/executable/... analysis tool with an emphasis on semi-unstructured vendor blobs
- unblob: filesystem/archive analysis tool
- %UEFITool: UEFI firmware viewer and editor
- fiedka: SoC firmware viewer (UEFI FFS, coreboot CBFS, AMD PSP/ASP)
- UBI Reader: Python library for Linux UBI/UBIFS extraction and analysis
- %lessmsi: MSI interactive viewer and batch extractor
- %innoextract: Inno Setup installer extractor
- jefferson: Python JFFS2 extractor
- %pyinstxtractor-ng: PyInstaller extractor (has a web version)
- %diffoscope: recursive diff tool for archives (developed for debugging reproducible builds)
- delsum: checksum (modular, Fletcher, and CRC) reverse engineering tools
- biodiff: alignment based file comparison tool
- %yabo: functional heapless binary parser language
- %bgrep: search binary files for data with mask specified as hex
- %MultiRipper: game data archive extraction tool
- %vgmstream: game music playback tool
- %binxelview: tool for extracting pixel arrays from binary files
- %polyfile: libmagic/
filereplacement tailored for polyglot and recursive files
- Wireshark: network protocol analyzer
- %Modlishka: HTTP reverse proxy capable of intercepting TLS
- Universal Radio Hacker: RF demodulation and protocol analysis tool
- %Signalspec: composable digital/analog/radio signal analysis framework
- %bettercap: WiFi/Ethernet/BLE/CAN recoinassance and attack tool
- %DecodeWheaRecord: Windows Hardware Error Architecture (WHEA) record decoder (PCIe errors, firmware errors, machine check errors, ...)
- %ply: Linux kprobe/tracepoint tracer with a custom language and compiler (not dependent on LLVM/BCC)
- System Informer: Windows Task Manager if it was good; displays modules (+ a PE viewer), threads (+ stack trace symbolication), security tokens, environment, memory regions (+ hex dump), handles, named pipes, win32k windows, services and drivers, NT objects, NT memory pools, UEFI/SMBIOS tables, ...
- API Monitor: interactive Windows API tracing tool
- %UIforETW: captures ETW logs without making you remember
tracelogincantations
- %usbrply: converter from USB
.pcappacket captures to Python libusb calls - %hgdb: waveform trace based reversible debugger
- %zorrom: physical <> logical mask ROM layout converter
- %rompar: mask ROM optical extraction tool
- %maskromtool: mask ROM optical extraction tool and layout converter
You might like diffoscope: https://diffoscope.org/
It's made first and foremost for reproducible build analysis, but I've found it really useful for e.g. quickly diffing updates of packaged electron apps, android stuff or embedded rootfs images as well.