readelf
readelf readelf is the ELF inspector from Binutils that dumps headers, sections, symbols, and dynamic tables from executables, revealing entry points and library deps for quick binary triage. Run it via CLI on ELF files for formatted outputs, scripting flags like -h for headers or -s for symbols in automated workflows. Open-source from GNU, it's the ELF examiner for reverse engineers peeking under the hood without full disasm.
Explore →objdump
objdump objdump is the multi-format disassembler that extracts sections, relocs, and strings from PE/ELF/Mach-O binaries, with disassembly views for function overviews in static analysis. Invoke on files with -d for code dumps or -x for headers, piping to grep for targeted pulls like imports. Open-source from GNU Binutils, it's the object oracle for analysts mapping executable layouts swiftly.
Explore →pefile
pefile pefile is the Python lib for parsing PE files, extracting DOS/NT headers, sections, and imports to fingerprint Windows executables for malware or vuln hunting. Import and load PE data, querying attributes like entry point or overlay for scripted reports. Open-source from erocarrera, it's the PE parser for scripters dissecting EXEs without native tools.
Explore →LIEF
LIEF LIEF is the cross-platform binary manipulator that reads/writes PE/ELF/Mach-O formats, extracting symbols, segments, and resources for detailed executable introspection. Bind its C++/Python APIs to query headers or patch binaries, generating JSON dumps for analysis. Open-source from Quarkslab, it's the binary blacksmith for reverse engineers forging insights from file structures.
Explore →Detect-It-Easy
Detect-It-Easy Detect-It-Easy is the GUI/CLI identifier for executable types, packers, and compilers, scanning PE/ELF for entropy and signatures to classify malware or samples quickly. Launch the Qt app on files for visual trees, or script the lib for batch fingerprinting. Open-source from horsicq, it's the type tracker for analysts categorizing binaries in large collections.
Explore →exeinfo-pe
exeinfo-pe exeinfo-pe is the PE specialist that scans Windows executables for packers, sections, and entry points, with hash computation and VirusTotal lookups for rapid sample vetting. Run the Delphi exe on files for detailed reports, exporting to text for scripting chains. Open-source from wagahai, it's the PE profiler for pentesters gauging packing levels in malware.
Explore →radare2
radare2 radare2's info commands dissect binaries for headers, symbols, and strings, with rizin for ELF/PE parsing to map imports and exports in interactive sessions. Load files via r2 shell, query with 'i' commands for structured dumps, scripting via r2pipe. Open-source from radareorg, it's the info inquisitor for RE pros extracting metadata mid-analysis.
Explore →binutils
binutils binutils suite like nm and size extracts symbols and section info from executables, sizing code/data for anomaly detection in stripped binaries. Compile tools from source, run nm on objs for undefined refs, feeding to dependency graphs. Open-source from GNU, it's the utility underbelly for developers templating binary inspections in build chains.
Explore →lief-python
lief-python lief-python is the Python bindings for LIEF, querying binary metadata like relocations and TLS for scripted analysis of PE/ELF internals. Import and parse files, accessing attributes via objects for JSON serialization. Open-source from lief-project, it's the scripted surveyor for analysts automating executable dissections in notebooks.
Explore →exe-loader