reddit hackernews mail facebook facebook linkedin


toolkit for python reverse engineering.

De4py are an Advanced python deobfuscator with a beautiful UI and a set of Advanced features that enables malware analysts and reverse engineers to deobfuscate python files and more.

- Deobfuscation:
De4py support some popular obfuscators, like: Jawbreaker, BlankOBF, PlusOBF, Wodx, Hyperion, obfuscator

- Pycode Execution:
Executing your python code inside the process which can be useful in many cases to make the program do something you want to make it do, for example if the program have licensing and it calls the real "main" only if you bought the program you can call it directly.

- Strings Dump:
Dumping Strings in the python process and saving it as a file which can be pretty useful to extract data from memory such as webhooks.

- Removing Exit Function:
Removing the exit function which can be extremely useful if the python program tried to exit itself if it found a debugger or a VM

- Getting All Functions:
Getting all functions inside the python process which can be really useful when trying to modify a python function in memory

- Pyshell GUI:
Custom GUI to make it easy to execute python code inside the desired process.

- GUI and Console Support:
De4py supports both console and GUI, but why use console when you can have a nice-on-the-eyes GUI, am i right? ;)

- File Analyzer:
An analyzer that have many features like detecting if the python program is packed and tries to unpack it if it was using pyinstaller for example, it also got a feature that shows either all strings or suspicious strings (suspicious strings like: IPs, websites, and "token" "discord" "leveldb" strings and other suspicious strings in the file) and shows them in a nice output window.

- Behavior Monitoring:
De4py can monitor python processes and see if they opened any files handles, opened a process, wrote/readed the memory of other processes and also monitoring if the process terminated other processes, in addition to sockets monitoring (including the size of data that is being sent and the ip that is being sent/recieved from) along with dumping socket content to a file and dumping OpenSSL encrypted content decrypted into a file.

- Plugins system:
You can add plugins to de4py to customize the theme or add custom deobfuscators plugins repo and docs here