3rd-party lists
- onethawt/idaplugins-list: a list of IDA plugins
- duo-labs/idapython - Duo Labs IDAPython Repository
- usualsuspect/ida_stuff
- xrkk/awesome-ida - 跟IDA Pro有关的资源收集。当前包括的工具个数450左右,并根据功能进行了粗糙的分类。部分工具添加了中文描述
- repnz/ida-plugins - 现在就一个插件
- RolfRolles/Miscellaneous
IDA scripts
- eset/ipyida - IPython console integration for IDA Pro
- gist: IDAPython - Change Function Names in IDA According to their corresponding debug prints
- ioncodes/idacode - An integration for IDA and VS Code which connects both to easily execute and debug IDAPython scripts
- inforion/idapython-cheatsheet - Scripts and cheatsheets for IDAPython
- 0xeb/ida-qscripts - increase productivity when developing scripts for IDA - 自动重新加载脚本
- 0xeb/ida-climacros - Create and use macros in IDA's CLIs
- nirizr/idasix - IDAPython compatibility library, aims to create a smooth ida development process and allow a single codebase to function with multiple IDA/IDAPython versions - 2018停更
- gist: IDAPYTHON script for patching bytes that match a regex pattern with NOPs
Debugger
C/C++
- 0xgalz/Virtuailor - IDAPython tool for creating automatic C++ virtual tables in IDA Pro - 需要执行一次才能完成vtable解析
- murx-/devi - Devirtualize Virtual Calls
- fboldewin/COM-Code-Helper - Two IDAPython Scripts help you to reconstruct Microsoft COM (Component Object Model) Code
- nccgroup/SusanRTTI - Another RTTI Parsing IDA plugin
- patois/mrspicky - An IDAPython decompiler script that helps auditing calls to the memcpy() and memmove() functions - 2019停更
ObjC
Golang
- SentineLabs/AlphaGolang - IDApython Scripts for Analyzing Golang Binaries - 4.string_cast.py可以解决golang大段字符串的问题
- sibears/IDAGolangHelper - Set of IDA Pro scripts for parsing GoLang types information stored in compiled binary
- 0xjiayu/go_parser - Yet Another Golang binary parser for IDAPro
- strazzere/golang_loader_assist - Making GO reversing easier in IDA Pro
Windows driver
Code coverage
Decompiler
- patois/HRDevHelper - Context-sensitive HexRays decompiler plugin that visualizes the ctree of decompiled functions
- airbus-cert/Yagi - Yet Another Ghidra Integration for IDA
- REhints/HexRaysCodeXplorer - Hex-Rays Decompiler plugin for better code navigation
- chrisps/Hexext - a plugin to improve the output of the hexrays decompiler through microcode manipulation - 仅支持IDA 7.0,2019停更
- Cisco-Talos/GhIDA - Ghidra Decompiler for IDA Pro
- RevSpBird/HightLight - a plugin for ida of version 7.2 to help know F5 window codes better
- fireeye/FIDL - A sane API for IDA Pro's decompiler. Useful for malware RE and vulnerability research
- patois/abyss - IDAPython Plugin for Postprocessing of Hexrays Decompiler Output
- alexhude/FRIEND - Flexible Register/Instruction Extender aNd Documentation
- eshard/d810 - an IDA Pro plugin which can be used to deobfuscate code at decompilation time by modifying IDA Pro microcode
Diff / Patch
- gaasedelen/patching - An Interactive Binary Patching Plugin for IDA Pro - 比keypatch好用,但是也是一堆问题,成熟度很低;他这个也是用keystone-engine,但是需要用它改过的版本,必须得用releases里的版本
- keypatch0 - A replacement of the internal IDA assembler - IDA内置的汇编工具不支持64位操作,也不支持批量填充,只能用这个插件
- joxeankoret/diaphora - the most advanced Free and Open Source program diffing tool - 1.8K star,将IDB导出为sqlite后进行对比,非常好用
- gist: ida_patcher.c - 读取 Create DIF File 产出的结果,并给二进制打补丁
- google/binnavi - a binary analysis IDE that allows to inspect, navigate, edit and annotate control flow graphs and call graphs of disassembled code
- McGill-DMaS/Kam1n0-Plugin-IDA-Pro - The Kam1n0 Assembly Clone Search Engine
- ohjeongwook/DarunGrim - A Binary Diffing and Patch Analysis Tool (v3) http://darungrim.org
- debasishm89/MassDiffer - Large Scale Cumulative Binary Diffing Script
Signature matching
- OALabs/hashdb-ida - HashDB API hash lookup plugin for IDA Pro - 需要调用API,不是本地
- Maktm/FLIRTDB - A community driven collection of IDA FLIRT signature files - 1.1K star
- polymorf/findcrypt-yara - IDA pro plugin to find crypto constants (and more)
- L4ys/IDASignsrch - IDAPython Plugin for searching signatures, use xml signature database from IDA_Signsrch
- secrary/idenLib - Library Function Identification
- CheckPointSW/Karta - source code assisted fast binary matching plugin for IDA
- patois/HexraysToolbox - Find code patterns within the Hexrays AST
UEFI
- kyurchenko/IDAPython-scripts-for-UEFI-analisys: Analysis of the disassembled UEFI image
- gdbinit/EFISwissKnife - An IDA plugin to improve (U)EFI reversing
- binarly-io/efiXplorer - IDA plugin for UEFI firmware analysis and reverse engineering automation
CPU loader
- gamozolabs/proc_mem_ida_loader - A /proc/mem IDA loader to snapshot a running process
- RolfRolles/HiddenBeeLoader - IDA loader module for Hidden Bee's custom executable file format
- fireeye/idawasm - IDA Pro loader and processor modules for WebAssembly
- matteyeux/srom64helper - IDA loader for Apple SecureROM
- trailofbits/ida-evm - IDA Processor Module for the Ethereum Virtual Machine (EVM)
- JeremyWildsmith/x86devirt - automatically devirtualize code that has been virtualized using x86virt
- mefistotelis/ida-pro-loadmap - Plugin for IDA Pro disassembler which allows loading .map files
- nforest/droidimg - Android/Linux vmlinux loader
Symbol
- KasperskyLab/Apihashes - IDA Pro plugin for recognizing known hashes of API function names
- a1ext/auto_re - IDA PRO auto-renaming plugin with tagging support
- joxeankoret/idamagicstrings - An IDA Python script to extract information from string constants
- danigargu/deREferencing - implements more user-friendly register and stack views - 在stack view里增加字符串展示,很有用
- ida-arm-system-highlight - Decoding ARM system instructions
- oct0xor/highlight2 - changes color of call instructions and works with all architectures
- dayzerosec/IDA-Android-Kernel-Symbolizer - An IDA plugin that allows you to use /proc/kallsyms output to import function and data labels into an extracted Android kernel image
- TakahiroHaruyama/ida_haru - stackstring_static.py - IDAPython script statically-recovering strings constructed in stack
Emulation
- fireeye/flare-floss - FireEye Labs Obfuscated String Solver - Automatically extract obfuscated strings from malware - 1.9K star
- bkerler/uEmu - a tiny cute emulator plugin for IDA based on unicorn engine
- Brandon-Everhart/AngryIDA - Python based angr plug in for IDA Pro
Synchronization
- x64dbg/x64dbgida - Official x64dbg plugin for IDA Pro
- a1ext/labeless - Labels/Comments synchronization between IDA PRO and dbg backend (OllyDbg1.10, OllyDbg 2.01, x64dbg), Remote memory dumping tool (including x64-bit), Python scripting tool
- comsecuris/gdbida: a visual bridge between a GDB session and IDA Pro's disassembler
- Mixaill/FakePDB - Tool for PDB generation from IDA Pro database - 可以导给 WinDBG 用
- IDArlingTeam/IDArling - Collaborative Reverse Engineering plugin for IDA Pro & Hex-Rays
Unpacking
- DavidKorczynski/RePEconstruct - a tool for automatically unpacking binaries and rebuild the binaries in a manner well-suited for further analysis, specially focused on further manual analysis in IDA pro.
- danielplohmann/apiscout - simplifying Windows API import recovery on arbitrary memory dumps
Plugin development
- 0xKira/api_palette - A code-searching/completion tool, for IDA APIs
- sibears/HRAST - PoC of modifying HexRays AST - 可以优化decompiler结果
Database tools
Uncategorized
- JonathanSalwan/Triton - a dynamic binary analysis library. Build your own program analysis tools, automate your reverse engineering, perform software verification or just emulate code - 2.6K star
- cellebrite-labs/ida_kcpp - An IDAPython module for enhancing c++ support on top of ida_kernelcache
- FelixBer/FindFunc - an IDA PRO plugin to find code functions that contain a certain assembly or byte pattern, reference a certain name or string, or conform to various other constraints
- Accenture/VulFi - provide a single view with all cross-references to the most interesting functions (such as strcpy, sprintf, system, etc.)
- herosi/CTO - Call Tree Overviewer
- mcdulltii/obfDetect - IDA plugin to pinpoint obfuscated code
- gaasedelen/tenet - A Trace Explorer for Reverse Engineers
- patois/dsync - IDAPython plugin that synchronizes disassembler and decompiler views - 比自带的同步多了个代码提示
- tenable/mIDA - extracts RPC interfaces and recreates the associated IDL file
- gaasedelen/lucid - An Interactive Hex-Rays Microcode Explorer
- L4ys/LazyIDA - Make your IDA Lazy!
- Cisco-Talos/DynDataResolver - 多个功能,具体看博客
- nccgroup/idahunt - a framework to analyze binaries with IDA Pro and hunt for things in IDA Pro
- Ga-ryo/IDAFuzzy - Fuzzy search tool for IDA Pro
- ampotos/dynStruct - Reverse engineering tool for automatic structure recovering and memory use analysis based on DynamoRIO and Capstone
- IDA StringCluster - extending IDA's string navigation capabilities - IDA7.5不兼容,得改改
- 1111joe1111/ida_ea - A set of exploitation/reversing aids for IDA: Context Viewer, Instuction Emulator, Heap Explorer, Trace Dumper, CMD and Restyle
- ALSchwalm/dwarfexport - Export dwarf debug information from IDA Pro
- maddiestone/IDAPythonEmbeddedToolkit - IDAPython scripts for automating analysis of firmware of embedded devices
- tkmru/nao - Simple No-meaning Assembly Omitter for IDA Pro (This is just a prototype)
- airbus-cert/etwbreaker - An IDA plugin to deal with Event Tracing for Windows (ETW)
- lucasg/findrpc - carve binary for internal RPC structures
- andreafioraldi/IDAngr - Use angr in the IDA Pro debugger generating a state from the current debug session
- fireeye/flare-ida - IDA Pro utilities from FLARE team
- deepinstinct/dsc_fix - Aids in reverse engineering libraries from dyld_shared_cache in IDA
- danigargu/heap-viewer - An IDA Pro plugin to examine the glibc heap, focused on exploit development
- endgameinc/xori - an automation-ready disassembly and static analysis library that consumes shellcode or PE binaries and provides triage analysis data
- xerub/idastuff
- NeatMonster/AMIE - A Minimalist Instruction Extender
- lucasg/idamagnum - a plugin for integrating MagnumDB requests within IDA
- RolfRolles/HexRaysDeob - Hex-Rays microcode API plugin for breaking an obfuscating compiler
Resources
- Analyzing an IDA Pro anti-decompilation code
- youtube: IDA Pro Reverse Engineering Tutorial for Beginners
- ptsecurity: IDA Pro Tips to Add to Your Bag of Tricks
Leaked installer