awesome-python-re

A curated list of awesome Python reverse engineering libraries, tools and resources
https://github.com/Svenskithesource/awesome-python-re

Last synced: 3 days ago
JSON representation

Resources
- Manual analysis
Decompilers
- decompile3 - A Python decompiler aiming to support versions 3.7 - 3.8.
- uncompyle6 - A Python decompiler aiming to support versions 1.0 - 3.8 (including Dropbox's Python 2.5 bytecode and some PyPy bytecodes).
- pycdc (snippet decompiler) - This tool decompiles individual snippets of Python bytecode as opposed to entire binary files, aiming to help manual decompilation of binaries that are unsupported by state-of-the-art Python decompilers.
- unpyc3.7-3.10 - A fork of a decompiler which aims to support versions 3.7 - 3.10.
- pycdc - A disassembler and decompiler written in C++ aiming to support all Python versions. This decompiler is known to be unstable.
- pylingual - An AI decompiler for multiple, more recent, Python versions. Has built-in output checking and is in general one of the better decompilers out there.
Bytecode
- Editors
  - pySpy - This tool aims to make viewing and editing bytecode easier. Only works properly for version 3.9.
  - xdis - A Python cross-version bytecode library and disassembler. This library allows you to modify bytecode programmatically.
- Manual analysis
  - PyInjector - An injector for Windows that allows you to inject Python code into any Python process. It can be useful to expose variables, functions, grab code objects and many other things.
  - PythonForWindows - This library allows you to interact with windows but also lets you inject Python code into another Python process without needing to inject a dll yourself.
  - x-python - A Python implementation of the C interpreter. It can be useful to run bytecode instruction by instruction.
  - hypno - A cross-platform tool/library allowing to inject python code into a running python process. Can be installed through `pip`.
  - PyInjecto - Acts as an interactive CLI tool for injecting/analyzing Python processes. Allows you to start an exe and suspend it to inject Python code without being detected by some anti-debug protection. Allows you to use DLL injection or Hypno (see above).
Python internals
- Manual analysis
  - CPython - The CPython source code itself can often times be very useful to modify or trace.
  - inspect - A built-in library to inspect live objects. It gives information about objects like modules, classes, methods, functions, tracebacks, frame objects, and code objects. (Can be used along with [Python injectors](#manual-analysis))
Extractors
- Manual analysis
  - pyinstxtractor - pyinstxtractor is the most popular extractor for PyInstaller. It supports almost all versions of PyInstaller. ([pyinstxtractor-ng](https://github.com/pyinstxtractor/pyinstxtractor-ng) and [pyinstxtractor-go](https://github.com/pyinstxtractor/pyinstxtractor-go) might be worth checking out aswell.)
  - unpy2exe - unpy2exe is an extractor for py2exe but is not maintained anymore and likely will fail on newer versions of py2exe.
  - nuitka-extractor - An extractor for nuitka. This basically does the same thing as looking in the `temp` folder, but without actually running the executable.
Obfuscators
- Manual analysis
  - Pyarmor - This is by far the most popular Python obfuscator. It supports Python 2 and 3 on Windows, Linux and MacOS X.
  - Hyperion - This obfuscator is unique since it's one of the only ones that actually transforms your Python code. Since it returns plain Python source code it can be used on any platform that has Python available.
  - Specter
  - Kramer
  - Berserker
  - Anubis
  - pyobfuscate
  - pyobfuscate
  - development tools's obfuscator
  - Nuitka - Nuitka isn't officially seen as an obfuscator but because it compiles Python code to C code it definitely helps with making the code harder to understand. The [commercial version](https://nuitka.net/doc/commercial.html) does have some extra protection features.
  - Cython - Cython isn't officially seen as an obfuscator but because it compiles Python code to C code it definitely helps with making the code harder to understand.
  - DIY PyArmor RFT - A Python source code renamer. This will attempt to rename as many names as it can without breaking the code. The project name comes from the PyArmor RFT mode, which also renames your code.
Deobfuscators
- Manual analysis
  - PyArmor-Unpacker - The most popular deobfuscator for the obfuscator Pyarmor. It only supports the free version of Pyarmor.
  - bonedensity - A deobfuscator for the obfuscator PyArmor. Supports both the free and the paid Super mode.
  - Hyperion-deobfuscator - A deobfuscator for the obfuscator Hyperion.
  - Pyarmor-Static-Unpack-1shot - A deobfuscator for the obfuscator Pyarmor 8.0 and above. Supports both free and pro versions.
  - nuitka-helper - Not a deobfuscator but a tool that does symbol recovery for Nuitka samples. Read the blog post linked in the README.
Disassemblers
- dis - The built-in Python disassembler.
Debuggers
- pdb - The built-in Python interactive source debugger.
- PyCharm's debugger - PyCharm has its own debugger which is considered to be one of the best.
Packers
- Manual analysis
  - py2exe - py2exe can package Python projects to an executable for Windows.

Programming Languages

Python 24 C++ 2 Go 2

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Awesome

awesome-python-re

Resources

Manual analysis

Decompilers

Bytecode

Editors

Manual analysis

Python internals

Manual analysis

Extractors

Manual analysis

Obfuscators

Manual analysis

Deobfuscators

Manual analysis

Disassemblers

Debuggers

Packers

Manual analysis