awesome-python-re

A curated list of awesome Python reverse engineering libraries, tools and resources
https://github.com/Svenskithesource/awesome-python-re

Last synced: 4 days ago
JSON representation

Debuggers
- PyCharm's debugger - PyCharm has its own debugger which is considered to be one of the best.
- pdb - The built-in Python interactive source debugger.
Obfuscators
- Manual analysis
  - Cython - Cython isn't officially seen as an obfuscator but because it compiles Python code to C code it definitely helps with making the code harder to understand.
  - pyobfuscate
  - development tools's obfuscator
  - Nuitka - Nuitka isn't officially seen as an obfuscator but because it compiles Python code to C code it definitely helps with making the code harder to understand. The [commercial version](https://nuitka.net/doc/commercial.html) does have some extra protection features.
  - Pyarmor - This is by far the most popular Python obfuscator. It supports Python 2 and 3 on Windows, Linux and MacOS X.
  - Hyperion - This obfuscator is unique since it's one of the only ones that actually transforms your Python code. Since it returns plain Python source code it can be used on any platform that has Python available.
  - Specter
  - Kramer
  - Berserker
  - Anubis
  - DIY PyArmor RFT - A Python source code renamer. This will attempt to rename as many names as it can without breaking the code. The project name comes from the PyArmor RFT mode, which also renames your code.
  - pyobfuscate
Disassemblers
- dis - The built-in Python disassembler.
- pyfalcon - A cross-version Python disassembler written in Rust. Has a [web version](https://pyfalcon.svenskithesource.be).
Python internals
- Manual analysis
  - inspect - A built-in library to inspect live objects. It gives information about objects like modules, classes, methods, functions, tracebacks, frame objects, and code objects. (Can be used along with [Python injectors](#manual-analysis))
  - CPython - The CPython source code itself can often times be very useful to modify or trace.
Packers
- Manual analysis
  - py2exe - py2exe can package Python projects to an executable for Windows.
Resources
- Manual analysis
Bytecode
- Manual analysis
  - PythonForWindows - This library allows you to interact with windows but also lets you inject Python code into another Python process without needing to inject a dll yourself.
  - PyInjector - An injector for Windows that allows you to inject Python code into any Python process. It can be useful to expose variables, functions, grab code objects and many other things.
  - x-python - A Python implementation of the C interpreter. It can be useful to run bytecode instruction by instruction.
  - hypno - A cross-platform tool/library allowing to inject python code into a running python process. Can be installed through `pip`.
  - PyInjecto - Acts as an interactive CLI tool for injecting/analyzing Python processes. Allows you to start an exe and suspend it to inject Python code without being detected by some anti-debug protection. Allows you to use DLL injection or Hypno (see above).
- Editors
  - xdis - A Python cross-version bytecode library and disassembler. This library allows you to modify bytecode programmatically.
  - pySpy - This tool aims to make viewing and editing bytecode easier. Only works properly for version 3.9.
Decompilers
- pycdc - A disassembler and decompiler written in C++ aiming to support all Python versions. This decompiler is known to be unstable.
- uncompyle6 - A Python decompiler aiming to support versions 1.0 - 3.8 (including Dropbox's Python 2.5 bytecode and some PyPy bytecodes).
- decompile3 - A Python decompiler aiming to support versions 3.7 - 3.8.
- pycdc (snippet decompiler) - This tool decompiles individual snippets of Python bytecode as opposed to entire binary files, aiming to help manual decompilation of binaries that are unsupported by state-of-the-art Python decompilers.
- unpyc3.7-3.10 - A fork of a decompiler which aims to support versions 3.7 - 3.10.
- pylingual - An AI decompiler for multiple, more recent, Python versions. Has built-in output checking and is in general one of the better decompilers out there.
Extractors
- Manual analysis
  - pyinstxtractor - pyinstxtractor is the most popular extractor for PyInstaller. It supports almost all versions of PyInstaller. ([pyinstxtractor-ng](https://github.com/pyinstxtractor/pyinstxtractor-ng) and [pyinstxtractor-go](https://github.com/pyinstxtractor/pyinstxtractor-go) might be worth checking out aswell.)
  - unpy2exe - unpy2exe is an extractor for py2exe but is not maintained anymore and likely will fail on newer versions of py2exe.
  - nuitka-extractor - An extractor for nuitka. This basically does the same thing as looking in the `temp` folder, but without actually running the executable.
Deobfuscators
- Manual analysis
  - PyArmor-Unpacker - The most popular deobfuscator for the obfuscator Pyarmor. It only supports the free version of Pyarmor.
  - bonedensity - A deobfuscator for the obfuscator PyArmor. Supports both the free and the paid Super mode.
  - Hyperion-deobfuscator - A deobfuscator for the obfuscator Hyperion.
  - nuitka-helper - Not a deobfuscator but a tool that does symbol recovery for Nuitka samples. Read the blog post linked in the README.
  - Pyarmor-Static-Unpack-1shot - A deobfuscator for the obfuscator Pyarmor 8.0 and above. Supports both free and pro versions.

Programming Languages

Python 24 Go 2 C++ 2

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Awesome

awesome-python-re

Debuggers

Obfuscators

Manual analysis

Disassemblers

Python internals

Manual analysis

Packers

Manual analysis

Resources

Manual analysis

Bytecode

Manual analysis

Editors

Decompilers

Extractors

Manual analysis

Deobfuscators

Manual analysis