https://github.com/chasebryan/kaiju
monster-class binary analysis. rust first. headless first.
https://github.com/chasebryan/kaiju
binary-analysis cfg cli disassembler elf intermediate-representation macho pe reverse-engineering rust static-analysis
Last synced: 1 day ago
JSON representation
monster-class binary analysis. rust first. headless first.
- Host: GitHub
- URL: https://github.com/chasebryan/kaiju
- Owner: chasebryan
- License: apache-2.0
- Created: 2026-06-19T03:36:14.000Z (13 days ago)
- Default Branch: main
- Last Pushed: 2026-06-19T05:45:06.000Z (13 days ago)
- Last Synced: 2026-06-19T06:19:08.689Z (13 days ago)
- Topics: binary-analysis, cfg, cli, disassembler, elf, intermediate-representation, macho, pe, reverse-engineering, rust, static-analysis
- Language: Rust
- Size: 29.3 KB
- Stars: 0
- Watchers: 0
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
- Code of conduct: CODE_OF_CONDUCT.md
- Security: SECURITY.md
- Roadmap: docs/roadmap.md
- Notice: NOTICE
Awesome Lists containing this project
README

# Kaiju RE
monster-class binary analysis.
rust first. headless first. no fake decompiler magic.
kaiju is the beginning of a reverse-engineering workbench:
load bytes, name the format, map memory, pull strings, decode a little code,
draw a small CFG, and save the facts in a plain project snapshot.
it is early.
what works:
- raw loading
- ELF / PE / Mach-O sniffing
- limited ELF, PE, and Mach-O metadata
- memory maps
- Mach-O segment maps
- Mach-O universal/fat member selection
- ELF symbol tables
- ELF shared-library dependencies
- ELF dynamic imports
- ELF relocation tables
- PE COFF symbols
- PE import DLL dependencies
- PE import tables
- PE export tables
- PE base relocations
- Mach-O symbol tables
- Mach-O dylib dependencies
- Mach-O undefined-symbol imports
- Mach-O section relocation tables
- strings
- network evidence topology
- classic PCAP topology and payload inspection
- explicit TCP probes and port scans
- loader diagnostics
- small x86-64 disassembly
- direct-branch CFGs
- conservative function discovery from entrypoints, loader metadata, and direct
call targets
- bounded direct-call CFG expansion for x86-64 functions
- conservative RIP-relative data and string cross-references from decoded
x86-64 basic blocks
- bounded IR summaries for discovered x86-64 CFG blocks
- project JSON export
- safe `.kaiju` project package snapshots
- read-only `.kaiju` project package inspection
- native Rust GUI workbench with binary/package open, package save,
diagnostics, logs, and synchronized function/address navigation
try:
```bash
cargo test --workspace
cargo run -p kaiju-cli -- info tests/fixtures/raw.bin
cargo run -p kaiju-cli -- map tests/fixtures/raw.bin
cargo run -p kaiju-cli -- diagnostics tests/fixtures/raw.bin
cargo run -p kaiju-cli -- symbols tests/fixtures/raw.bin
cargo run -p kaiju-cli -- dependencies tests/fixtures/raw.bin
cargo run -p kaiju-cli -- imports tests/fixtures/raw.bin
cargo run -p kaiju-cli -- exports tests/fixtures/raw.bin
cargo run -p kaiju-cli -- relocations tests/fixtures/raw.bin
cargo run -p kaiju-cli -- analyze tests/fixtures/raw.bin
cargo run -p kaiju-cli -- export tests/fixtures/raw.bin
KAIJU_SAVE_DIR=$(mktemp -d /tmp/kaiju-raw.XXXXXX.kaiju)
cargo run -p kaiju-cli -- save tests/fixtures/raw.bin --out "$KAIJU_SAVE_DIR"
cargo run -p kaiju-cli -- package "$KAIJU_SAVE_DIR"
cargo run -p kaiju-cli -- functions tests/fixtures/raw.bin
cargo run -p kaiju-cli -- ir tests/fixtures/raw.bin
cargo run -p kaiju-cli -- xrefs tests/fixtures/raw.bin
cargo run -p kaiju-cli -- network tests/fixtures/network-evidence.txt
cargo run -p kaiju-workbench -- tests/fixtures/raw.bin
scripts/package-kaiju-workbench-linux.sh
```
not yet:
- privileged live interface capture backend
- full parsers
- full disassembly
- lifting worth bragging about
- decompiler
- plugin runtime
the rule: build the foundation before the monster suit.
Apache-2.0.