GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → knight0x07 → pyc2bytecode

knight0x07 / pyc2bytecode

Licence: other
A Python Bytecode Disassembler helping reverse engineers in dissecting Python binaries by disassembling and analyzing the compiled python byte-code(.pyc) files across all python versions (including Python 3.10.*)

Programming Languages

python
139335 projects - #7 most used programming language

Labels

static-analysisreverse-engineeringdisassemblercybersecurityinfosecmalware-analysismalware-researchblueteamsecurity-toolsthreat-intelligenceinfosectools

Projects that are alternatives of or similar to pyc2bytecode

Malware Feed
Bringing you the best of the worst files on the Internet.
Stars: ✭ 69 (-1.43%)
Mutual labels:  cybersecurity, infosec, malware-analysis, malware-research, threat-intelligence
Malware-Sample-Sources
Malware Sample Sources
Stars: ✭ 214 (+205.71%)
Mutual labels:  cybersecurity, infosec, malware-analysis, malware-research, threat-intelligence
Detect It Easy
Program for determining types of files for Windows, Linux and MacOS.
Stars: ✭ 2,982 (+4160%)
Mutual labels:  static-analysis, disassembler, malware-analysis, malware-research
Freki
🐺 Malware analysis platform
Stars: ✭ 285 (+307.14%)
Mutual labels:  static-analysis, malware-analysis, malware-research, threat-intelligence
freki
🐺 Malware analysis platform
Stars: ✭ 327 (+367.14%)
Mutual labels:  static-analysis, malware-analysis, malware-research, threat-intelligence
Malice
VirusTotal Wanna Be - Now with 100% more Hipster
Stars: ✭ 1,253 (+1690%)
Mutual labels:  cybersecurity, infosec, malware-analysis, malware-research
Analyst Arsenal
A toolkit for Security Researchers
Stars: ✭ 112 (+60%)
Mutual labels:  cybersecurity, infosec, malware-analysis, threat-intelligence
awesome-malware-analysis
Defund the Police.
Stars: ✭ 9,181 (+13015.71%)
Mutual labels:  static-analysis, malware-analysis, malware-research, threat-intelligence
MurMurHash
This little tool is to calculate a MurmurHash value of a favicon to hunt phishing websites on the Shodan platform.
Stars: ✭ 79 (+12.86%)
Mutual labels:  cybersecurity, infosec, blueteam, threat-intelligence
Malwarelab vm Setup
Setup scripts for my Malware Analysis VMs
Stars: ✭ 126 (+80%)
Mutual labels:  static-analysis, malware-analysis, malware-research
AutonomousThreatSweep
Threat Hunting queries for various attacks
Stars: ✭ 70 (+0%)
Mutual labels:  cybersecurity, infosec, threat-intelligence
Owlyshield
Owlyshield is an EDR framework designed to safeguard vulnerable applications from potential exploitation (C&C, exfiltration and impact))..
Stars: ✭ 281 (+301.43%)
Mutual labels:  cybersecurity, malware-analysis, malware-research
Analyzer
🔍 Offline Analyzer for extracting features, artifacts and IoCs from Windows, Linux, Android, iPhone, Blackberry, macOS binaries, emails and more
Stars: ✭ 108 (+54.29%)
Mutual labels:  static-analysis, malware-analysis, threat-intelligence
NIST-to-Tech
An open-source listing of cybersecurity technology mapped to the NIST Cybersecurity Framework (CSF)
Stars: ✭ 61 (-12.86%)
Mutual labels:  cybersecurity, infosec, blueteam
rair-core
RAIR: RAdare In Rust
Stars: ✭ 63 (-10%)
Mutual labels:  static-analysis, disassembler, malware-analysis
github-watchman
Monitoring GitHub for sensitive data shared publicly
Stars: ✭ 60 (-14.29%)
Mutual labels:  cybersecurity, infosec, blueteam
awesome-executable-packing
A curated list of awesome resources related to executable packing
Stars: ✭ 720 (+928.57%)
Mutual labels:  cybersecurity, malware-analysis, malware-research
Malware-Zoo
Hashes of infamous malware
Stars: ✭ 18 (-74.29%)
Mutual labels:  cybersecurity, malware-analysis, malware-research
SuperLibrary
Information Security Library
Stars: ✭ 60 (-14.29%)
Mutual labels:  cybersecurity, infosec, malware-analysis
Slack Watchman
Monitoring your Slack workspaces for sensitive information
Stars: ✭ 159 (+127.14%)
Mutual labels:  cybersecurity, infosec, blueteam
View All Similar Projects ➔

pyc2bytecode:

A Python Bytecode Disassembler helping reverse engineers in dissecting Python binaries by disassembling and analyzing the compiled python byte-code(.pyc) files across all python versions (including Python 3.10.*)

Usage:

To run pyc2bytecode:

> Console Disassembled Output: python pyc2bytecode.py -p <pyc_file_path>
> Save Disassembled Output to a file: python pyc2bytecode.py -p <pyc_file_path> -o <output_file_path>

Demonstration:

pyc2bytecode can be used by researchers for reverse engineering Malicious Python Binaries and tear them apart in order to understand the inner workings of the binary statically.

We execute pyc2bytecode.py against onlyfans.pyc which is extracted from a recent Python ransomware sample masquerading as an OnlyFans executable in the wild using pyinstxtractor.py

Following are the analysis results extracted post execution of pyc2bytecode:

2

3

7

8

9

Extract the Disassembled output into a text file

output-file

10

Future Development:

  • Develop Python decompiler for recent python versions by using pyc2bytecode (Need to DIS it up :p)

Credits & References:

i) https://github.com/google/pytype/blob/main/pytype/pyc/magic.py - Magic Numbers
ii) https://nedbatchelder.com/blog/200804/the_structure_of_pyc_files.html - PYC structure
iii) https://docs.python.org/3/library/dis.html - DIS
iv) https://docs.python.org/3/library/marshal.html- Marshal

Thankyou, Feedback would be greatly appreciated! hope you like the tool :) - knight!

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].