Alternatives and similar repositories for pefile

Users that are interested in pefile are comparing it to the libraries listed below

• mandiant / flare-floss

  View on GitHub
  FLARE Obfuscated String Solver - Automatically extract obfuscated strings from malware.
  ☆3,877Feb 3, 2026Updated last week
• hasherezade / pe-sieve

  View on GitHub
  Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-mem…
  ☆3,553Oct 31, 2025Updated 3 months ago
• lief-project / LIEF

  View on GitHub
  LIEF - Library to Instrument Executable Formats (C++, Python, Rust)
  ☆5,272Feb 3, 2026Updated last week
• JusticeRage / Manalyze

  View on GitHub
  A static analyzer for PE executables.
  ☆1,104Jan 30, 2026Updated 2 weeks ago
• cea-sec / miasm

  View on GitHub
  Reverse engineering framework in Python
  ☆3,818Jan 26, 2025Updated last year
• JonathanSalwan / Triton

  View on GitHub
  Triton is a dynamic binary analysis library. Build your own program analysis tools, automate your reverse engineering, perform software v…
  ☆4,049Dec 2, 2025Updated 2 months ago
• mandiant / flare-ida

  View on GitHub
  IDA Pro utilities from FLARE team
  ☆2,435Oct 29, 2024Updated last year
• Yara-Rules / rules

  View on GitHub
  Repository of yara rules
  ☆4,697Apr 17, 2024Updated last year
• onethawt / idaplugins-list

  View on GitHub
  A list of IDA Plugins
  ☆3,805May 31, 2024Updated last year
• Maktm / FLIRTDB

  View on GitHub
  A community driven collection of IDA FLIRT signature files
  ☆1,328Sep 3, 2021Updated 4 years ago
• trailofbits / pe-parse

  View on GitHub
  Principled, lightweight C/C++ PE parser
  ☆886Jan 12, 2026Updated last month
• ayoubfaouzi / al-khaser

  View on GitHub
  Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.
  ☆6,849Feb 1, 2026Updated 2 weeks ago
• Rurik / Noriben

  View on GitHub
  Noriben - Portable, Simple, Malware Analysis Sandbox
  ☆1,229Aug 7, 2025Updated 6 months ago
• joxeankoret / diaphora

  View on GitHub
  Diaphora, the most advanced Free and Open Source program diffing tool.
  ☆4,177Nov 24, 2024Updated last year
• vivisect / vivisect

  View on GitHub
  ☆988Jan 16, 2026Updated 3 weeks ago
• angr / angr

  View on GitHub
  A powerful and user-friendly binary analysis platform!
  ☆8,484Updated this week
• stephenfewer / ReflectiveDLLInjection

  View on GitHub
  Reflective DLL injection is a library injection technique in which the concept of reflective programming is employed to perform the loadi…
  ☆3,224Sep 3, 2022Updated 3 years ago
• mandiant / speakeasy

  View on GitHub
  Windows kernel and user mode emulation.
  ☆1,841Feb 4, 2026Updated last week
• Neo23x0 / yarGen

  View on GitHub
  yarGen is a generator for YARA rules
  ☆1,774Jan 10, 2026Updated last month
• illera88 / Ponce

  View on GitHub
  IDA 2016 plugin contest winner! Symbolic Execution just one-click away!
  ☆1,609Jun 11, 2025Updated 8 months ago
• tklengyel / drakvuf

  View on GitHub
  DRAKVUF Black-box Binary Analysis
  ☆1,207Feb 1, 2026Updated last week
• mandiant / capa

  View on GitHub
  The FLARE team's open-source tool to identify capabilities in executable files.
  ☆5,821Updated this week
• gdabah / distorm

  View on GitHub
  Powerful Disassembler Library For x86/AMD64
  ☆1,324Oct 10, 2023Updated 2 years ago
• capstone-engine / capstone

  View on GitHub
  Capstone disassembly/disassembler framework for ARM, ARM64 (ARMv8), Alpha, BPF, Ethereum VM, HPPA, LoongArch, M68K, M680X, Mips, MOS65XX,…
  ☆8,545Updated this week
• REhints / HexRaysCodeXplorer

  View on GitHub
  Hex-Rays Decompiler plugin for better code navigation
  ☆2,601Nov 27, 2025Updated 2 months ago
• idapython / src

  View on GitHub
  IDAPython project for Hex-Ray's IDA Pro
  ☆1,527Dec 24, 2025Updated last month
• google / binexport

  View on GitHub
  Export disassemblies into Protocol Buffers
  ☆1,174Feb 2, 2026Updated last week
• hasherezade / libpeconv

  View on GitHub
  A library to load, manipulate, dump PE files. See also: https://github.com/hasherezade/libpeconv_tpl
  ☆1,323Oct 31, 2025Updated 3 months ago
• MarioVilas / winappdbg

  View on GitHub
  WinAppDbg Debugger
  ☆478Nov 6, 2025Updated 3 months ago
• VirusTotal / yara

  View on GitHub
  The pattern matching swiss knife
  ☆9,408Updated this week
• a0rtega / pafish

  View on GitHub
  Pafish is a testing tool that uses different techniques to detect virtual machines and malware analysis environments in the same way that…
  ☆3,857Jun 21, 2024Updated last year
• decalage2 / oletools

  View on GitHub
  oletools - python tools to analyze MS OLE2 files (Structured Storage, Compound File Binary Format) and MS Office documents, for malware a…
  ☆3,280Jan 26, 2026Updated 2 weeks ago
• rshipp / awesome-malware-analysis

  View on GitHub
  Defund the Police.
  ☆13,426Jun 7, 2024Updated last year
• volatilityfoundation / volatility

  View on GitHub
  An advanced memory forensics framework
  ☆7,963May 16, 2025Updated 8 months ago
• horsicq / Detect-It-Easy

  View on GitHub
  Program for determining types of files for Windows, Linux and MacOS.
  ☆10,229Updated this week
• hfiref0x / WinObjEx64

  View on GitHub
  Windows Object Explorer 64-bit
  ☆1,883Updated this week
• qilingframework / qiling

  View on GitHub
  A True Instrumentable Binary Emulation Framework
  ☆5,807Nov 5, 2025Updated 3 months ago
• googleprojectzero / sandbox-attacksurface-analysis-tools

  View on GitHub
  Set of tools to analyze Windows sandboxes for exposed attack surface.
  ☆2,262Nov 6, 2025Updated 3 months ago
• unicorn-engine / unicorn

  View on GitHub
  Unicorn CPU emulator framework (ARM, AArch64, M68K, Mips, Sparc, PowerPC, RiscV, S390x, TriCore, X86)
  ☆8,747Jan 17, 2026Updated 3 weeks ago