From Collaborative RCE Tool Library
String Finders
| Tool name: | PowerGREP |
| ||
|---|---|---|---|---|
| Author: | Just Great Software Co. | |||
| Website: | http://www.powergrep.com | |||
| Current version: | 3.4.1 | |||
| Last updated: | July 18, 2007 | |||
| Direct D/L link: | N/A | |||
| License type: | Shareware | |||
| Description: | PowerGREP is a very powerful Windows grep tool. Quickly search through large numbers of files on your PC or network, including text and binary files, compressed archives, MS Word documents, Excel spreadsheets and PDF files, etc. Find the information you want with powerful text patterns (regular expressions) specifying the form of what you want, instead of literal text. Search and replace with one or many regular expressions to comprehensively maintain web sites, source code, reports, etc. Extract statistics and knowledge from logs files and large data sets. | |||
| Also listed in: | Regular Expression Tools, Source Code Search Tools, Data Search and Extraction Tools | |||
| More details: | Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry) | |||
| Tool name: | radare |
| ||
|---|---|---|---|---|
| Author: | pancake | |||
| Website: | http://radare.nopcode.org | |||
| Current version: | 0.9.3 | |||
| Last updated: | February 19, 2008 | |||
| Direct D/L link: | http://radare.nopcode.org/get/radare-0.9.3.tar.gz | |||
| License type: | GPL | |||
| Description: | The radare project aims to provide a complete unix-like toolchain for working with binary files. It currently provides a set of tools to work with x86, arm and java with some ones powerpc. The core is a raw hexadecimal editor for commandline with scripting features and perl/python extensions that gets extended with IO plugins that hooks the open/read/write/close/system calls. The debugger and disassembler has a code analysis module for x86, arm and java. This way it's possible to draw graphs using Cairo on a GTK window or store the flow execution of a program on a log file and use the information to diff't against another trace or binary. The toolchain provides assemblers and disasemblers for x86, arm and java. The disassembler has been enhaced to handle inline comments, code block detections and flag references (data pointers or so). The debugger currently works on linux,*bsd x86-32 but it has initial support for x86-64 and linux-ARM, and w32 support is in mind too. But there are IO plugins for debugging windows and DOS applications via wine and dosemu. Initial gxemul support gives us the possibility to also debug ARM, MIPS, SPARC, .. binaries. There are some internal commands to handle memory maps, mount a syscall proxy, inject code, patch data, dump user data sections, step-back, syscall tracing, hardware DRx register manipulation, conditional watchpoints with expressions, signalling manipulation, syscall injection and very early threading support.. Data structures can be parsed with hand-written C programs called as extensions from radare. So the hexadecimal editor comes with a set of views for different bases and print formats like URL-encoding, binary, octal, shellcode, C string-like, which is really useful for developing shellcodes. There's a minimal GUI frontend written in C that interacts directly with an VTE running radare. But I plan to write a new native frontend written in Vala. Current development plugins are: * ewf: EnCase (R) forensic disk images * winedbg: WineDebugger interface ( winedbg://./program.exe ) * haret: Remotely read WindowsCE memory ( haret://host:port ) * ptrace: Debugs or attach to a process ( dbg://file or pid://PID ) * sysproxy: Connects to a remote syscallproxy server * remote: TCP IO ( listen://:port or connect://host:port ) * gdb: Debugs or attach to a process using gdb (gdb://file, gdb://PID, gdb://host:port) * w32: posix to native w32 api io * posix: plain posix file access The tools provided around the core are: * radare: command line hexadecimal editor with IO plugin extensions * rabin: get info from ELF/MZ/PE/CLASS files * rasc: shellcode generator and tester (outputs in raw, hexpairs or C) * bindiff: binary diffing utilities for raw files, binaries, data blocks, etc * xrefs: find crossed references on raw images for ppc, arm and x86 * hasher: calculate different algorithms over data blocks of a file or stream * rsc: command line helpers written in shellscript or perl * javasm: minimalistic java assembler/disassembler/classdumper * armasm: minimalistic arm assembler * xc: converts between multiple radix numeric bases FMI see the mailing list Have fun! | |||
| Also listed in: | Assemblers, Binary Diff Tools, Code Injection Tools, Disassemblers, Hex Editors, Java Disassembler Libraries, Linux Debuggers, Linux Disassemblers, Linux Tools, Memory Dumpers, Memory Patchers, Process Dumpers, Reverse Engineering Frameworks, Ring 3 Debuggers, Symbol Retrievers, SysCall Monitoring Tools, Tracers | |||
| More details: | Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry) | |||
| Tool name: | RegexBuddy |
| ||
|---|---|---|---|---|
| Author: | Just Great Software Co. | |||
| Website: | http://www.regexbuddy.com | |||
| Current version: | 3.1.0 | |||
| Last updated: | December 20, 2007 | |||
| Direct D/L link: | N/A | |||
| License type: | Commercial | |||
| Description: | From the website: "RegexBuddy is your perfect companion for working with regular expressions. Easily create regular expressions that match exactly what you want. Clearly understand complex regexes written by others. Quickly test any regex on sample strings and files, preventing mistakes on actual data. Debug without guesswork by stepping through the actual matching process. Use the regex with source code snippets automatically adjusted to the particulars of your programming language. Collect and document libraries of regular expressions for future reuse. GREP (search-and-replace) through files and folders. Integrate RegexBuddy with your favorite searching and editing tools for instant access" Note that the developer does not provide any trial or free download of this software. It merits inclusion in the RCE library because it is a very versatile regex builder and pseudo-debugger. For reversers without good regex knowledge this tool is invaluable; it allows point-and-click regex building, and will break a regex down to its individual parts for easier review. The developer previously released trial versions (version 2.x.x) of this software. These trial versions are perfectly usable and featured for RCE acitivities, therefore you may wish (and find it easier) to locate a 2.x.x trial version. | |||
| Also listed in: | Regular Expression Tools | |||
| More details: | Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry) | |||
| Tool name: | TextScan |
| ||
|---|---|---|---|---|
| Author: | AnalogX | |||
| Website: | http://www.analogx.com/CONTENTS/download/program/textscan.htm | |||
| Current version: | 1.00 | |||
| Last updated: | 22/12/2001 | |||
| Direct D/L link: | http://www.analogx.com/files/txtscani.exe | |||
| License type: | Freeware | |||
| Description: | Quote from website: "AnalogX TextScan searches any binary file for a minimum and maximum string length, and then returns all occurrences in sorted order... But it doesn't just stop there, it also has the ability to identify most functions and DLL's inside of a file, and even has the ability to extract both char and unichar strings! This is a great first step in getting a better understanding of what's happening inside of a program you're interested in, or even for just looking for the occasional Easter egg!" TextScan is a reliable tool for extracting ASCII and UNICODE strings from within binaries. Note that the website states version 1.00 for the tool, however the "About" states 1.02. | |||
| Also listed in: | (Not listed in any other category) | |||
| More details: | Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry) | |||
| Tool name: | The Regex Coach |
| ||
|---|---|---|---|---|
| Author: | Dr. Edmund Weitz | |||
| Website: | http://www.weitz.de/regex-coach | |||
| Current version: | 0.9.1 | |||
| Last updated: | January 17, 2007 | |||
| Direct D/L link: | http://weitz.de/files/regex-coach.exe | |||
| License type: | Freeware | |||
| Description: | The Regex Coach is a graphical application for Windows which can be used to experiment with (Perl-compatible) regular expressions interactively. It has the following features: * It shows whether a regular expression matches a particular target string. * It can also show which parts of the target string correspond to captured register groups or to arbitrary parts of the regular expression. * It can "walk" through the target string one match at a time. * It can simulate Perl's split and s/// (substitution) operators. * It tries to describe the regular expression in plain English. * It can show a graphical representation of the regular expression's parse tree. * It can single-step through the matching process as performed by the regex engine. * Everything happens in "real time", i.e. as soon as you make a change somewhere in the application all other parts are instantly updated. | |||
| Also listed in: | Regular Expression Tools | |||
| More details: | Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry) | |||
Feed containing all updates and additions for this category.
Feed containing all updates and additions for this category, including sub-categories.
