English || Türkçe || Français || 中文简体
This is a collection of tools you may like if you are interested in reverse engineering and/or malware analysis on x86 and x64 Windows systems. After installing this program, you'll have two ways to access the tools:
- Double-click the
retoolkit
icon in the Desktop. - Right-click on a file, choose
Send to -> retoolkit
. This way the selected file is passed as argument to the desired program.
You don't. Obviously, you can download such tools from their own website and install them by yourself in a new VM. But if you download retoolkit, it will probably save you some time. Additionally, the tools come pre-configured so you'll find things like x64dbg with a few plugins, command-line tools working from any directory, etc. You may like it if you're setting up a new analysis VM.
The *.iss files you see here are the source code for our setup program built with Inno Setup. To download the real thing, you have to go to the Releases section and download the setup program.
Have a look at the wiki for a detailed list.
I don't know. Some included tools are not open source and come from shady places. You should use it exclusively in virtual machines and under your own responsibility.
It depends. The idea is to keep it simple. We won't add a tool just because it's not here yet. But if you think there's a good reason to do so, and the license allows us to redistribute the software, please open an issue here if it doesn't exist yet.
- Added:
- Removed:
- Bewareircd: Too specific to analyze (now rare?) IRC-based communications.
- dnSpy: Replaced by dnSpyEx.
- HyperDBG: It's a nice project, but they don't provide binary releases yet, meaning a lot of work for me.
- JRE: Replaced by JDK, which is required by Ghidra.
- Threadtear: It doesn't work with JDK required by Ghidra.
- Yeah, new version numbering scheme borrowed from Ubuntu releases. :)
- Reorganized MSI analysis tools under OLE tools section.
- Updated current tools.
- Fixed pev PATH.
- Fixed SendTo+ license issue [#34].
- Lots of new functions added to SlothBP x64dbg plugin configuration.
- New DIE signatures added.
- Tools added:
- Dev-C++ compiler.
- Java 8 Runtime Environment, needed by Java tools.
- Python 3 (via WinPython), mainly to support Python-based tools.
- XLMMacroDeobfuscator.
- dnSpyEx (new, maintained dnSpy fork).
- oledump.
- oletools [#33].
- pdfid.py.
- pdf-parser.py
- MapoAnalyzer x64dbg plugin.
- xSelectBlock x64dbg plugin.
- redress.
- hollows_hunter.
- HyperDbg.
- Threadtear.
- 1768.py.
- CobaltStrikeScan.
- dex2jar.
- Added JADX.
- Better organization based on target file type.
- New context menu (right-click on a file -> Send to -> retoolkit).
- Removed Start Menu shortcuts.
- Tools updated to their latest version.
- Updated Error Lookup tool to a different one, with more features.
- fasm now opens .asm files if you double-click them.
- First public release.