Skip to content

Latest commit

 

History

History
206 lines (105 loc) · 10.2 KB

showcase.md

File metadata and controls

206 lines (105 loc) · 10.2 KB
Raw
layout title permalink
default
Showcases
/showcase/

Showcase

In our knowledge, Keystone has been used by 93 following products (listed in no particular order).

  • Keypatch: IDA Pro plugin for code assembling & binary patching.

  • Qiling: Cross-platform & multi-architecture lightweight sandbox.

  • Radare2: Unix-like reverse engineering framework and commandline tools.

  • GEF: GDB Enhanced Features.

  • Ropper: Rop gadget and binary information tool.

  • Cemu: Cheap EMUlator based on Keystone and Unicorn engines.

  • Pwnypack: Certified Edible Dinosaurs official CTF toolkit.

  • Keystone.JS: Emscripten-port of Keystone for JavaScript.

  • Usercorn: Versatile kernel+system+userspace emulator.

  • x64dbg: An open-source x64/x32 debugger for windows.

  • Liberation: a next generation code injection library for iOS cheaters everywhere.

  • Strongdb: GDB plugin for Android debugging.

  • AssemblyBot: Telegram bot for assembling and disassembling on-the-go.

  • demovfuscator: Deobfuscator for movfuscated binaries.

  • Dash: A simple web based tool for working with assembly language.

  • ARMSCGen: ARM Shellcode Generator.

  • Asm_Ops: Assembler for IDA Pro (IDA Plugin).

  • Binch: A lightweight ELF binary patch tool.

  • Metame: Metamorphic code engine for arbitrary executables.

  • Patchkit: A powerful binary patching toolkit.

  • Pymetamorph: Metamorphic engine in Python for Windows executables.

  • Ropstone: A basic ROP/gadget finder.

  • asm_buddy: Small script to assemble/disassemble from CLI.

  • Nemezisv3: A GUI tool to convert hex-string to assembly and vice versa.

  • Stoneb0t: IRC bot providing assemble / disassemble for various architectures.

  • GCTF-Challenges: An assembly based puzzle at GryphonCTF 2016.

  • VulcanoIO: Open Source Cluster IOTs for Reverse Engineering Malware.

  • Proctal: Manipulates the address space of a running program on Linux.

  • Plasma: Interactive disassembler for x86/ARM/MIPS, and generates pseudo-code with colored syntax.

  • Alfredworkflow-Capkeystone: Alfred Workflow to convert hex string to assembly and vice versa.

  • Trace: System tracer implementation in Rust.

  • Chiasm-shell: Python-based interactive assembler/disassembler CLI.

  • Dispatch: Programmatic disassembly and patching.

  • PEDetour: Modify Portable Executable file to hook its export functions

  • Stonesh: Command interpreter for Keystone and Capstone designed to be an alternative to ks/cstool.

  • Ratone: A console for assemble/disassemble code using Capstone/Keystone.

  • Unicorn.JS demo: Demo of Unicorn emulator in JavaScript.

  • SECCON2016 CTF: Online CTF game (Binary 400, Ropsynth).

  • AsmBot: Slack bot to assemble and disassemble using Capstone and Keystone.

  • Kcapys: Patch all calls to a function ELF file with NOPs.

  • Asrepl: x86-64 assembly REPL.

  • cgPwn: Cyber Grand Pwnage Box.

  • inVtero.net: Find/Extract processes, hypervisors in memory dumps using microarchitechture independent Virtual Machiene Introspection techniques.

  • Pwning-tools: A small library that help CTFer quickly write payload.

  • kcshell: Interactive assembly/disassembly shell for various architectures.

  • Botox: SIGSTOPing ELF binaries since 0x7E1.

  • AsmHelper: A MacOS tool to help convert machine code to assembly and vice versa.

  • Manticore: Dynamic binary analysis tool.

  • JSRT: Javascript Runtime for Windows, based on Chakra.

  • Fido: Teaching old shellcode new tricks.

  • Online Assembler & Disassembler: Online Assembler and Disassembler.

  • WinREPL: x86 and x64 assembly "read-eval-print loop" for Windows.

  • Rassembler: Assembly REPL written in Ruby

  • Asemu: 32-bit x86 emulator using ncurses and Capstone/Keystone/Unicorn.

  • Pwntools-Ruby: Pwntools on Ruby.

  • Sam-RS: Rust compiler plugin for compile time instruction assembling.

  • Resonance: A C polymorphic and metamorphic engine.

  • Shellen: Interactive shellcoding environment to easily craft shellcodes.

  • Capstone2LLVMIR: Library for Capstone instruction to LLVM IR translation.

  • Capstone-Dumper: Utility for dumping all the information Capstone has on given instructions.

  • PEPatch: A hacky tool to patch PE binaries.

  • PE-EP-Intercept: Experimental binary patching on executables.

  • Mutator: Suite of tools aimed at analysis and automation of C/C++ code development.

  • Ecos_gdb: A debugger written in assembly to allow serial and tcp based debugging of ECOS firmware.

  • Mega: ELF binary obfuscator.

  • LLDBinit: A gdbinit clone for LLDB.

  • Crave: Framework to automatically test and explore the capabilities of generic AV engines.

  • Avatar2: Python core of Avatar2.

  • Xiaomi M365 Firmware Patcher: Automatize patching of Xiaomi Mijia M365 electric scooter firmware.

  • Haxm: Intel® Hardware Accelerated Execution Manager (Intel® HAXM).

  • PwIN: Security Evaluation of Dynamic Binary Instrumentation Engines.

  • iLo4 toolbox: Toolbox for HPE iLO4 analysis.

  • DBGHider: An IDA plugin to hide debugger from processes.

  • Binja secret: Binary Ninja plugin that encapsulate Frida, Unicorn, Capstone and Keystone.

  • Deen: Generic data encoding/decoding application built with PyQt5.

  • Dbghlpr: API for analyzing processes.

  • Invade: A library for interacting with Windows process memory.

  • Xiaomi Mijia M365 Custom Firmware Toolkit: Automatize patching of Xiaomi Mijia M365 electric scooter firmware.

  • REBot: A Discord bot for reverse engineers and exploit developers.

  • Hyara: Yara rule making tool (IDA Plugin).

  • ShellcodeCompiler: Shellcode compiler.

  • Zephyrus: A sophisticated memory library used to dynamically hook and edit memory, allowing pre-compiled code to be rewritten.

  • xdvre: A disassembler/debugger that works based on the extension plugin.

  • Memory-Analyzer: A loadable dll intended to track memory changes and dynamically emplaced "JMP" in the host executable.

  • DJI firmware tools: Tools for handling firmwares of DJI products, with focus on quadcopters.

  • AssemblyPlayground: A playground for x86 and ARM Assembly.

  • ARMStrong: A fast and simple ARM Simulator made for education.

  • DeSW: Just a simple De-switcher.

  • PyASM: Fiddle with x86 and x64 asm from Python.

  • TriggerBug: Fast-Symbolic-Emulation-Engine.

  • Pegasus: Windbg emulation plugin.

  • elf-mlsploit: Mlsploit module for perturbing ELF binary (direct call to indirect call).

  • xdvre: Disassembler or debugger that works based on the extension plugin.

Please let us know, so we can put you in the list above, if you are also using Keystone, either:

  • for your products.

  • for your training classes.

  • for your works.