sashs / Filebytes
Licence: bsd-3-clause
Library to read and edit files in the following formats: Executable and Linking Format (ELF), Portable Executable (PE), MachO and OAT (Android Runtime)
Stars: ✭ 105
Programming Languages
python
139335 projects - #7 most used programming language
Projects that are alternatives of or similar to Filebytes
Cave miner
Search for code cave in all binaries
Stars: ✭ 218 (+107.62%)
Mutual labels: mach-o, elf, pe
machomachomangler
Tools for mangling Mach-O and PE binaries
Stars: ✭ 39 (-62.86%)
Mutual labels: mach-o, pe
The Backdoor Factory
Patch PE, ELF, Mach-O binaries with shellcode new version in development, available only to sponsors
Stars: ✭ 2,904 (+2665.71%)
Mutual labels: elf, pe
Checksec.py
Checksec tool in Python, Rich output. Based on LIEF
Stars: ✭ 188 (+79.05%)
Mutual labels: elf, pe
Detect It Easy
Program for determining types of files for Windows, Linux and MacOS.
Stars: ✭ 2,982 (+2740%)
Mutual labels: elf, mach-o
Dissection
The dissection of a simple "hello world" ELF binary.
Stars: ✭ 427 (+306.67%)
Mutual labels: elf, pe
symbol-collector
Clients and Server to collect system symbols.
Stars: ✭ 20 (-80.95%)
Mutual labels: mach-o, elf
Automated-Malware-Analysis-List
My personal Automated Malware Analysis Sandboxes and Services
Stars: ✭ 20 (-80.95%)
Mutual labels: elf, pe
checksec.rs
Fast multi-platform (ELF/PE/MachO) binary checksec written in Rust.
Stars: ✭ 71 (-32.38%)
Mutual labels: elf, pe
Goblin
An impish, cross-platform binary parsing crate, written in Rust
Stars: ✭ 591 (+462.86%)
Mutual labels: elf, pe
HatVenom
HatVenom is a HatSploit native powerful payload generation tool that provides support for all common platforms and architectures.
Stars: ✭ 84 (-20%)
Mutual labels: elf, pe
Elf Parser
Identifying/Extracting various sections of an ELF file
Stars: ✭ 88 (-16.19%)
Mutual labels: elf
Machdump
A very basic C Mach-O Header Dump tool written for practicing purposes. Works With x86 and x86_64 binaries
Stars: ✭ 25 (-76.19%)
Mutual labels: mach-o
Floodgate
Hybrid mode plugin to allow for connections from Geyser to join online mode servers.
Stars: ✭ 101 (-3.81%)
Mutual labels: pe
FileBytes
Classes/Types to read and edit the following file formats:
- Executable and Linking Format (ELF),
- Portable Executable (PE) and
- MachO
- OAT (Android Runtime)
Install
Install FileBytes
$ python setup.py install
Or install with PyPi
$ pip install filebytes
Samples
Parsing ELF file
from filebytes.elf import *
elf_file = ELF('test-binaries/ls-x86')
elf_header = elf_file.elfHeader
sections = elf_file.sections
segments = elf_file.segments # elf_file.programHeaders does the same
Parsing PE file
from filebytes.pe import *
pe_file = PE('test-binaries/cmd-x86.exe')
image_dos_header = pe_file.imageDosHeader
image_nt_headers = pe_file.imageNtHeaders
sections = pe_file.sections
data_directory = pe_file.dataDirectory
import_directory = data_directory[ImageDirectoryEntry.IMPORT]
export_directory = data_directory[ImageDirectoryEntry.EXPORT]
Parsing MachO file
from filebytes.mach_o import *
macho_file = MachO('test-binaries/ls-macho-x86_64')
mach_header = macho_file.machHeader
load_commands = macho_file.loadCommands
Parsing OAT file, read DEX files and save them
from filebytes.oat import *
oat = OAT('test-binaries/boot.oat')
for odh in oat.oatDexHeader:
name = odh.name.split('/')[-1]
with open(name, 'wb') as dex:
dex.write(odh.dexBytes)
For further samples look at the sample folder.
Contributions
If you would like contribute, here some ideas:
- Implementation of parsing of missing LoadCommand types for MachO files
- Implementation of parsing of the missing section types for ELF files
- Implementation of parsing of the missing data directory fields for PE files
But any kind of contribution is welcome. :)
Project page & Examples
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].