De4py is an advanced Python deobfuscator with a beautiful user interface and a set of powerful features. It’s designed to help malware analysts and reverse engineers tackle obfuscated Python files and more.
Here are some key features of De4py:
Deobfuscation: De4py supports popular obfuscators like Jawbreaker, BlankOBF, PlusOBF, Wodx, Hyperion, and pyobfuscate.com obfuscator. It helps you unravel the obfuscated code and understand its true functionality.
Pycode Execution: You can execute Python code directly within the process. This feature is handy when dealing with programs that have licensing checks or other conditional behavior.
Strings Dump: Extract strings from the Python process memory, which can be useful for analyzing webhooks or other data stored in memory.Removing Exit Function: De4py can remove the exit function, preventing the program from terminating prematurely (useful for debugging).
Getting All Functions: Retrieve a list of all functions within the Python process. Useful for modifying functions in memory.
Pyshell GUI: A custom GUI allows you to execute Python code within the desired process.
GUI and Console Support: De4py offers both console and GUI modes. The GUI provides a more user-friendly experience.
File Analyzer: Detects if a Python program is packed (e.g., using pyinstaller) and attempts to unpack it. It also identifies suspicious strings (IPs, websites, specific keywords) within the file.
Behavior Monitoring: Monitors Python processes for file handles, process interactions, memory reads/writes, and socket activity. It can even decrypt OpenSSL-encrypted content.
Plugins System: Customize the theme or add custom deobfuscators using plugins.API System: Use De4py’s features (deobfuscator engine and pyshell) in your own tools.
it's are maintained by my friend Fadi002 and me (AdvDebug), any feedback is appreciated.
Top comments (0)