A Radare2 based Python module for Binary Analysis and Reverse Engineering.

Last update: Aug 25, 2022

Overview

Zepu1chr3

A Radare2 based Python module for Binary Analysis and Reverse Engineering.

Installation

You can simply run this command.

pip3 install zepu1chr3

How to Use

Specifying a target binary

Description: You can specify any binary file to analysis you want. It returns a handler for target file.

import zepu1chr3

zep = zepu1chr3.Binary()
target = zep.File("WannaCry.exe")

Getting symbols from target binary

Description: This method will give you what symbols are inside of the target file. It returns an array of symbol information.

import zepu1chr3

zep = zepu1chr3.Binary()
target zep.File("WannaCry.exe")
symbols = zep.GetSymbols(target)

Getting imports from target binary

Description: This method will give you what imports are inside of the target file. It returns an array of import information.

import zepu1chr3

zep = zepu1chr3.Binary()
target = zep.File("WannaCry.exe")
imports = zep.GetImports(target)

Getting functions from target binary

Description: This method will give you what functions are inside of the target file. It returns an array of function information.

import zepu1chr3

zep = zepu1chr3.Binary()
target = zep.File("WannaCry.exe")
functions = zep.GetFunctions(target)

Getting sections from target binary

Description: This method will give you what sections are inside of the target file. It returns an array of section information.

import zepu1chr3

zep = zepu1chr3.Binary()
target = zep.File("WannaCry.exe")
sections = zep.GetSections(target)

Disassembling functions or somethings contained in offsets

Getting informations about only machine code

Description: This method will give you disassembled function codes if only_codes parameter set to True

import zepu1chr3

zep = zepu1chr3.Binary()
target = zep.File("WannaCry.exe")
disas = zep.DisassembleFunction(target, given_function="entry0", only_codes=True)
second = zep.DisassembleFunction(target, given_function="0x401000", only_codes=True) # You can use offsets to!!

Getting every information about machine code (verbose!!)

Description: If you set only_codes parameter as False you will get more verbose output.

import zepu1chr3

zep = zepu1chr3.Binary()
target = zep.File("WannaCry.exe")
disas = zep.DisassembleFunction(target, given_function="entry0", only_codes=False)

Other functionalities are coming soon!!

Midas ELF64 Injector is a tool that will help you inject a C program from source code into an ELF64 binary.

Midas ELF64 Injector Description Midas ELF64 Injector is a tool that will help you inject a C program from source code into an ELF64 binary. All you n

20 Dec 24, 2022

IDA2Obj is a tool to implement SBI (Static Binary Instrumentation).

IDA2Obj IDA2Obj is a tool to implement SBI (Static Binary Instrumentation). The working flow is simple: Dump object files (COFF) directly from one exe

94 Dec 13, 2022

neo Tool is great one in binary exploitation topic

neo Tool is great one in binary exploitation topic. instead of doing several missions by many tools and windows, you can now automate this in one tool in one session.. Enjoy it

4 Oct 10, 2022

A blind SQL injection script that uses binary search aka bisection method to dump datas from database.

Blind SQL Injection I wrote this script to solve PortSwigger Web Security Academy's particular Blind SQL injection with conditional responses lab. Bec

2 Oct 29, 2022

Patching - Interactive Binary Patching for IDA Pro

Patching - Interactive Binary Patching for IDA Pro Overview Patching assembly code to change the behavior of an existing program is not uncommon in ma

589 Dec 30, 2022

DLLirant is a tool to automatize the DLL Hijacking researches on a specified binary.

DLLirant DLLirant is a tool to automatize the DLL Hijacking researches on a specified binary. Live Demo How to install You need to install Visual Stud

314 Dec 30, 2022

Malware-analysis-writeups - Some of my Malware Analysis writeups

About This repo contains some malware analysis writeups i've created over time m

14 Jun 22, 2022

WinRemoteEnum is a module-based collection of operations achievable by a low-privileged domain user.

WinRemoteEnum WinRemoteEnum is a module-based collection of operations achievable by a low-privileged domain user, sharing the goal of remotely gather

9 Nov 9, 2022

A cross-platform Python module that displays **** for password input. Works on Windows, unlike getpass. Formerly called stdiomask.

PWInput A cross-platform Python module that displays **** for password input. Works on Windows, unlike getpass. Formerly called stdiomask. Installatio

26 Sep 4, 2022

A Radare2 based Python module for Binary Analysis and Reverse Engineering.

Related tags

Overview

Zepu1chr3

Installation

How to Use

Specifying a target binary

Getting symbols from target binary

Getting imports from target binary

Getting functions from target binary

Getting sections from target binary

Disassembling functions or somethings contained in offsets

Getting informations about only machine code

Getting every information about machine code (verbose!!)

Other functionalities are coming soon!!

You might also like...

Midas ELF64 Injector is a tool that will help you inject a C program from source code into an ELF64 binary.

IDA2Obj is a tool to implement SBI (Static Binary Instrumentation).

neo Tool is great one in binary exploitation topic

A blind SQL injection script that uses binary search aka bisection method to dump datas from database.

Patching - Interactive Binary Patching for IDA Pro

DLLirant is a tool to automatize the DLL Hijacking researches on a specified binary.

Malware-analysis-writeups - Some of my Malware Analysis writeups

WinRemoteEnum is a module-based collection of operations achievable by a low-privileged domain user.

A cross-platform Python module that displays **** for password input. Works on Windows, unlike getpass. Formerly called stdiomask.

Releases(first)

first(Feb 7, 2022)

Owner

Mehmet Ali KERİMOĞLU

Hadoop Yan RPC unauthorized RCE

Cobalt Strike Beacon configuration extractor and parser.

Get related domains / subdomains by looking at Google Analytics IDs

The disassembler parses evm bytecode from the command line or from a file.

This a simple tool XSS Detection Suite for CTFs games

Hubble is a modular, open-source security compliance framework. The project provides on-demand profile-based auditing, real-time security event notifications, alerting, and reporting. HubbleStack is a free and open source project made possible by Adobe. https://github.com/adobe

A quick script to spot the usage of Unicode Bidi (bidirectional) characters that could lead to an Invisible Backdoor

This is python script that will extract the functions call in all used DLL in an executable and then provide a mapping of those functions to the attack classes defined and curated malapi.io.

利用NTLM Hash读取Exchange邮件

Workshop Material on VM-based Deobfuscation

IDA scripts for hypervisor (Hyper-v) analysis and reverse engineering automation

Evil-stalker - A simple tool written in python, it is so simple that it is based on google dorks

HashDB API hash lookup plugin for IDA Pro

Hikvision 流媒体管理服务器敏感信息泄漏

Python script to tamper with pages to test for Log4J Shell vulnerability.

This python script will automate the testing for the Log4J vulnerability for HTTP and HTTPS connections.

RCE 0-day for GhostScript 9.50 - Payload generator

Discord-keylogger - Discord keylogger With Python

Acc-Data-Gen - Allows you to generate a password, e-mail & token for your Minecraft Account

Provides script to download and format public IP lists related to the Log4j exploit.