dnSpy is a debugger and .NET assembly editor. You can use it to edit and debug assemblies even if you don't have any source code available.
Want to say thanks? Click the star at the top of the page. Or fork dnSpy and send a PR!
The following pictures show dnSpy in action. It shows dnSpy editing and debugging a .NET EXE file, not source code.

Features

  • Debug .NET Framework, .NET Core and Unity game assemblies, no source code required
  • Edit assemblies in C# or Visual Basic or IL, and edit all metadata
  • Light and dark themes
  • Extensible, write your own extension
  • High DPI support (per-monitor DPI aware)
  • And much more, see below

dnSpy uses the ILSpy decompiler engine and the Roslyn (C# / Visual Basic) compiler and many other open source libraries, see below for more info.

Debugger

  • Debug .NET Framework, .NET Core and Unity game assemblies, no source code required
  • Set breakpoints and step into any assembly
  • Locals, watch, autos windows
  • Variables windows supports saving variables (eg. decrypted byte arrays) to disk or view them in the hex editor (memory window)
  • Object IDs
  • Multiple processes can be debugged at the same time
  • Break on module load
  • Tracepoints and conditional breakpoints
  • Export/import breakpoints and tracepoints
  • Call stack, threads, modules, processes windows
  • Break on thrown exceptions (1st chance)
  • Variables windows support evaluating C# / Visual Basic expressions
  • Dynamic modules can be debugged (but not dynamic methods due to CLR limitations)
  • Output window logs various debugging events, and it shows timestamps by default 🙂
  • Assemblies that decrypt themselves at runtime can be debugged, dnSpy will use the in-memory image. You can also force dnSpy to always use in-memory images instead of disk files.
  • Public API, you can write an extension or use the C# Interactive window to control the debugger

Assembly Editor

  • All metadata can be edited
  • Edit methods and classes in C# or Visual Basic with IntelliSense, no source code required
  • Add new methods, classes or members in C# or Visual Basic
  • IL editor for low level IL method body editing
  • Low level metadata tables can be edited. This uses the hex editor internally.

Hex Editor

  • Click on an address in the decompiled code to go to its IL code in the hex editor
  • Reverse of above, press F12 in an IL body in the hex editor to go to the decompiled code or other high level representation of the bits. It's great to find out which statement a patch modified.
  • Highlights .NET metadata structures and PE structures
  • Tooltips shows more info about the selected .NET metadata / PE field
  • Go to position, file, RVA
  • Go to .NET metadata token, method body, #Blob / #Strings / #US heap offset or #GUID heap index
  • Follow references (Ctrl+F12)

Other

  • BAML decompiler
  • Blue, light and dark themes (and a dark high contrast theme)
  • Bookmarks
  • C# Interactive window can be used to script dnSpy
  • Search assemblies for classes, methods, strings etc
  • Analyze class and method usage, find callers etc
  • Multiple tabs and tab groups
  • References are highlighted, use Tab / Shift+Tab to move to next reference
  • Go to entry point and module initializer commands
  • Go to metadata token or metadata row commands
  • Code tooltips (C# and Visual Basic)
  • Export to project

List of other open source libraries used by dnSpy

  • ILSpy decompiler engine (C# and Visual Basic decompilers)
  • Roslyn (C# and Visual Basic compilers)
  • dnlib (.NET metadata reader/writer which can also read obfuscated assemblies)
  • VS MEF (Faster MEF equals faster startup)
  • ClrMD (Access to lower level debugging info not provided by the CorDebug API)

Credits

image
dnSpy is a debugger and .NET assembly editor. You can use it to edit and debug assemblies even if you don't have any source code available. Want to say thanks? Click the star at the top of the page. Or fork dnSpy and send a PR! The following pictures show dnSpy in action. It shows dnSpy editing and debugging a .NET EXE file, not source code. Features Debug .NET Framework, .NET Core and Unity game assemblies, no source code required Edit assemblies in C# or Visual Basic or IL, and edit all metadata Light and dark themes Extensible, write your own extension High DPI support (per-monitor DPI aware) And much more, see below dnSpy uses the ILSpy decompiler engine and the Roslyn (C# / Visual Basic) compiler and many other open source libraries, see below for more info. Debugger Debug .NET Framework, .NET Core and Unity game assemblies, no source code required Set breakpoints and step into any assembly Locals, watch, autos windows Variables windows supports saving variables (eg. decrypted byte arrays) to disk or view them in the hex editor (memory window) Object IDs Multiple processes can be debugged at the same time Break on module load Tracepoints and conditional breakpoints Export/import breakpoints and tracepoints Call stack, threads, modules, processes windows Break on thrown exceptions (1st chance) Variables windows support evaluating C# / Visual Basic expressions Dynamic modules can be debugged (but not dynamic methods due to CLR limitations) Output window logs various debugging events, and it shows timestamps by default 🙂 Assemblies that decrypt themselves at runtime can be debugged, dnSpy will use the in-memory image. You can also force dnSpy to always use in-memory images instead of disk files. Public API, you can write an extension or use the C# Interactive window to control the debugger Assembly Editor All metadata can be edited Edit methods and classes in C# or Visual Basic with IntelliSense, no source code required Add new methods, classes or members in C# or Visual Basic IL editor for low level IL method body editing Low level metadata tables can be edited. This uses the hex editor internally. Hex Editor Click on an address in the decompiled code to go to its IL code in the hex editor Reverse of above, press F12 in an IL body in the hex editor to go to the decompiled code or other high level representation of the bits. It's great to find out which statement a patch modified. Highlights .NET metadata structures and PE structures Tooltips shows more info about the selected .NET metadata / PE field Go to position, file, RVA Go to .NET metadata token, method body, #Blob / #Strings / #US heap offset or #GUID heap index Follow references (Ctrl+F12) Other BAML decompiler Blue, light and dark themes (and a dark high contrast theme) Bookmarks C# Interactive window can be used to script dnSpy Search assemblies for classes, methods, strings etc Analyze class and method usage, find callers etc Multiple tabs and tab groups References are highlighted, use Tab / Shift+Tab to move to next reference Go to entry point and module initializer commands Go to metadata token or metadata row commands Code tooltips (C# and Visual Basic) Export to project List of other open source libraries used by dnSpy ILSpy decompiler engine (C# and Visual Basic decompilers) Roslyn (C# and Visual Basic compilers) dnlib (.NET metadata reader/writer which can also read obfuscated assemblies) VS MEF (Faster MEF equals faster startup) ClrMD (Access to lower level debugging info not provided by the CorDebug API) Credits Download dnSpy

image
Recaf is an open-source Java bytecode editor built on top of Objectweb's ASM . ASM is a bytecode manipulation library that abstracts away the constant pool and a few other class-file attributes. Since keeping track of the constant pool and managing proper stackframes are no longer necessary, complex changes can be made with relative ease. With additional features to assist in the process of editing classes, Recaf is the most feature rich free bytecode editor available. Useful Information While ASM makes bytecode manipulation very simple it does not mean you should dive head-first into editing compiled java programs without understanding some basic programming concepts and the Java class file architecture. Here are some references for these topics: Specification: Chapter 4. The class File Format JVM Architecture 101: Get to Know Your Virtual Machine Java opcodes: Simplified ASM set Standard set For screenshots check the screenshots directory . They appear throughout the documentation as well. Libraries used: ASM – _ Class editing abilities _ CFR – _ Decompilation _ Simple-Memory-Compiler – _ Recompilation of decompiled code _ JIMFS – _ Virtual file system _ ControlsFX – _ Custom controls (Used in pretty much everything) _ RichTextFX – _ Decompiler code highlighting _ JRegex – _ Pattern matching for decompiler code highlighting _ minimal-json – _ Json reading/writing for config storage _ Commonmark – _ Markdown parsing _ picocli – _ Command line argument parsing _ Download Recaf

Recaf is an open-source Java bytecode editor built on top of Objectweb's ASM. ASM is a bytecode manipulation library that abstracts away the constant pool and a few other class-file attributes. Since keeping track of the constant pool and managing proper stackframes are no longer necessary, complex changes can be made with relative ease. With additional features to assist in the process of editing classes, Recaf is the most feature rich free bytecode editor available.

Useful Information

While ASM makes bytecode manipulation very simple it does not mean you should dive head-first into editing compiled java programs without understanding some basic programming concepts and the Java class file architecture. Here are some references for these topics:

For screenshots check the screenshots directory. They appear throughout the documentation as well.

Libraries used:

image
Here’s the main new features and improvements in Faraday v3.5: New vulnerability form We are happy to introduce our new vulnerability form which makes the creation and editing of vulnerabilities easier. The new form brings you tabs to make it smaller and group different fields. Custom fields Add your own custom fields to your vulnerabilities. We currently support str, int and list types. You can also use these fields in your Executive Reports. 2nd-factor authentication We added the optional feature for 2nd-factor authentication. You can use any mobile application to use our 2nd-factor authentication. Download Faraday v3.5

Here’s the main new features and improvements in Faraday v3.5:

New vulnerability form
We are happy to introduce our new vulnerability form which makes the creation and editing of vulnerabilities easier.  The new form brings you tabs to make it smaller and group different fields.
Custom fields
Add your own custom fields to your vulnerabilities. We currently support str, int and list types. You can also use these fields in your Executive Reports.

2nd-factor authentication
We added the optional feature for 2nd-factor authentication. You can use any mobile application to use our 2nd-factor authentication.

    image
    As the name might suggest AutoSploit attempts to automate the exploitation of remote hosts. Targets can be collected automatically through Shodan, Censys or Zoomeye. But options to add your custom targets and host lists have been included as well. The available Metasploit modules have been selected to facilitate Remote Code Execution and to attempt to gain Reverse TCP Shells and/or Meterpreter sessions. Workspace, local host and local port for MSF facilitated back connections are configured by filling out the dialog that comes up before the exploit component is started Operational Security Consideration Receiving back connections on your local machine might not be the best idea from an OPSEC standpoint. Instead consider running this tool from a VPS that has all the dependencies required, available. The new version of AutoSploit has a feature that allows you to set a proxy before you connect and a custom user-agent. Installation Installing AutoSploit is very simple, you can find the latest stable release here . You can also download the master branch as a zip or tarball or follow one of the below methods; Cloning sudo -s << EOF git clone https://github.com/NullArray/Autosploit.git cd AutoSploit chmod +x install.sh ./install.sh python2 autosploit.py EOF Docker sudo -s << EOF git clone https://github.com/NullArray/AutoSploit.git cd AutoSploit chmod +x install.sh ./install.sh cd AutoSploit/Docker docker network create -d bridge haknet docker run –network haknet –name msfdb -e POSTGRES_PASSWORD=s3cr3t -d postgres docker build -t autosploit . docker run -it –network haknet -p 80:80 -p 443:443 -p 4444:4444 autosploit EOF On any Linux system the following should work; git clone https://github.com/NullArray/AutoSploit cd AutoSploit chmod +x install.sh ./install.sh AutoSploit is compatible with macOS, however, you have to be inside a virtual environment for it to run successfully. In order to accomplish this employ/perform the below operations via the terminal or in the form of a shell script. sudo -s << '_EOF' pip2 install virtualenv –user git clone https://github.com/NullArray/AutoSploit.git virtualenv source /bin/activate cd pip2 install -r requirements.txt chmod +x install.sh ./install.sh python autosploit.py _EOF More information on running Docker can be found here Usage Starting the program with python autosploit.py will open an AutoSploit terminal session. The options for which are as follows. 1. Usage And Legal 2. Gather Hosts 3. Custom Hosts 4. Add Single Host 5. View Gathered Hosts 6. Exploit Gathered Hosts 99. Quit Choosing option 2 will prompt you for a platform specific search query. Enter IIS or Apache in example and choose a search engine. After doing so the collected hosts will be saved to be used in the Exploit component. As of version 2.0 AutoSploit can be started with a number of command line arguments/flags as well. Type python autosploit.py -h to display all the options available to you. I've posted the options below as well for reference. usage: python autosploit.py -[c|z|s|a] -[q] QUERY [-C] WORKSPACE LHOST LPORT [-e] [–whitewash] PATH [–ruby-exec] [–msf-path] PATH [-E] EXPLOIT-FILE-PATH [–rand-agent] [–proxy] PROTO://IP:PORT [-P] AGENT optional arguments: -h, –help show this help message and exit search engines: possible search engines to use -c, –censys use censys.io as the search engine to gather hosts -z, –zoomeye use zoomeye.org as the search engine to gather hosts -s, –shodan use shodan.io as the search engine to gather hosts -a, –all search all available search engines to gather hosts requests: arguments to edit your requests –proxy PROTO://IP:PORT run behind a proxy while performing the searches –random-agent use a random HTTP User-Agent header -P USER-AGENT, –personal-agent USER-AGENT pass a personal User-Agent to use for HTTP requests -q QUERY, –query QUERY pass your search query exploits: arguments to edit your exploits -E PATH, –exploit-file PATH provide a text file to convert into JSON and save for later use -C WORKSPACE LHOST LPORT, –config WORKSPACE LHOST LPORT set the configuration for MSF (IE -C default 127.0.0.1 8080) -e, –exploit start exploiting the already gathered hosts misc arguments: arguments that don't fit anywhere else –ruby-exec if you need to run the Ruby executable with MSF use this –msf-path MSF-PATH pass the path to your framework if it is not in your ENV PATH –whitelist PATH only exploit hosts listed in the whitelist file Dependencies _ Note _ : All dependencies should be installed using the above installation method, however, if you find they are not: AutoSploit depends on the following Python2.7 modules. requests psutil Should you find you do not have these installed get them with pip like so. pip install requests psutil or pip install -r requirements.txt Since the program invokes functionality from the Metasploit Framework you need to have this installed also. Get it from Rapid7 by clicking here . Download AutoSploit

    As the name might suggest AutoSploit attempts to automate the exploitation of remote hosts. Targets can be collected automatically through Shodan, Censys or Zoomeye. But options to add your custom targets and host lists have been included as well. The available Metasploit modules have been selected to facilitate Remote Code Execution and to attempt to gain Reverse TCP Shells and/or Meterpreter sessions. Workspace, local host and local port for MSF facilitated back connections are configured by filling out the dialog that comes up before the exploit component is started
    Operational Security Consideration
    Receiving back connections on your local machine might not be the best idea from an OPSEC standpoint. Instead consider running this tool from a VPS that has all the dependencies required, available.
    The new version of AutoSploit has a feature that allows you to set a proxy before you connect and a custom user-agent.

    Installation
    Installing AutoSploit is very simple, you can find the latest stable release here. You can also download the master branch as a zip or tarball or follow one of the below methods;

    Cloning

    sudo -s << EOF
    git clone https://github.com/NullArray/Autosploit.git
    cd AutoSploit
    chmod +x install.sh
    ./install.sh
    python2 autosploit.py
    EOF

    Docker

    sudo -s << EOF
    git clone https://github.com/NullArray/AutoSploit.git
    cd AutoSploit
    chmod +x install.sh
    ./install.sh
    cd AutoSploit/Docker
    docker network create -d bridge haknet
    docker run --network haknet --name msfdb -e POSTGRES_PASSWORD=s3cr3t -d postgres
    docker build -t autosploit .
    docker run -it --network haknet -p 80:80 -p 443:443 -p 4444:4444 autosploit
    EOF

    On any Linux system the following should work;

    git clone https://github.com/NullArray/AutoSploit
    cd AutoSploit
    chmod +x install.sh
    ./install.sh

    AutoSploit is compatible with macOS, however, you have to be inside a virtual environment for it to run successfully. In order to accomplish this employ/perform the below operations via the terminal or in the form of a shell script.

    sudo -s << '_EOF'
    pip2 install virtualenv --user
    git clone https://github.com/NullArray/AutoSploit.git
    virtualenv
    source /bin/activate
    cd
    pip2 install -r requirements.txt
    chmod +x install.sh
    ./install.sh
    python autosploit.py
    _EOF

    More information on running Docker can be found here

    Usage
    Starting the program with python autosploit.py will open an AutoSploit terminal session. The options for which are as follows.

    1. Usage And Legal
    2. Gather Hosts
    3. Custom Hosts
    4. Add Single Host
    5. View Gathered Hosts
    6. Exploit Gathered Hosts
    99. Quit

    Choosing option 2 will prompt you for a platform specific search query. Enter IIS or Apache in example and choose a search engine. After doing so the collected hosts will be saved to be used in the Exploit component.
    As of version 2.0 AutoSploit can be started with a number of command line arguments/flags as well. Type python autosploit.py -h to display all the options available to you. I've posted the options below as well for reference.

    usage: python autosploit.py -[c|z|s|a] -[q] QUERY
    [-C] WORKSPACE LHOST LPORT [-e] [--whitewash] PATH
    [--ruby-exec] [--msf-path] PATH [-E] EXPLOIT-FILE-PATH
    [--rand-agent] [--proxy] PROTO://IP:PORT [-P] AGENT

    optional arguments:
    -h, --help show this help message and exit

    search engines:
    possible search engines to use

    -c, --censys use censys.io as the search engine to gather hosts
    -z, --zoomeye use zoomeye.org as the search engine to gather hosts
    -s, --shodan use shodan.io as the search engine to gather hosts
    -a, --all search all available search engines to gather hosts

    requests:
    arguments to edit your requests

    --proxy PROTO://IP:PORT
    run behind a proxy while performing the searches
    --random-agent use a random HTTP User-Agent header
    -P USER-AGENT, --personal-agent USER-AGENT
    pass a personal User-Agent to use for HTTP requests
    -q QUERY, --query QUERY
    pass your search query

    exploits:
    arguments to edit your exploits

    -E PATH, --exploit-file PATH
    provide a text file to convert into JSON and save for
    later use
    -C WORKSPACE LHOST LPORT, --config WORKSPACE LHOST LPORT
    set the configuration for MSF (IE -C default 127.0.0.1
    8080)
    -e, --exploit start exploiting the already gathered hosts

    misc arguments:
    arguments that don't fit anywhere else

    --ruby-exec if you need to run the Ruby executable with MSF use
    this
    --msf-path MSF-PATH pass the path to your framework if it is not in your
    ENV PATH
    --whitelist PATH only exploit hosts listed in the whitelist file

    Dependencies
    Note: All dependencies should be installed using the above installation method, however, if you find they are not:
    AutoSploit depends on the following Python2.7 modules.

    requests
    psutil

    Should you find you do not have these installed get them with pip like so.

    pip install requests psutil

    or

    pip install -r requirements.txt

    Since the program invokes functionality from the Metasploit Framework you need to have this installed also. Get it from Rapid7 by clicking here.

    image
    Commix (short for [ comm ]and [ i ]njection e[ x ]ploiter) is an automated tool written by Anastasios Stasinopoulos ( @ancst ) that can be used from web developers, penetration testers or even security researchers in order to test web-based applications with the view to find bugs, errors or vulnerabilities related to command injection attacks. By using this tool, it is very easy to find and exploit a command injection vulnerability in a certain vulnerable parameter or HTTP header. Requirements Python version 2.6.x or 2.7.x is required for running this program. Installation Download commix by cloning the Git repository: git clone https://github.com/commixproject/commix.git commix Commix comes packaged on the official repositories of the following Linux distributions, so you can use the package manager to install it! ArchStrike BlackArch Linux BackBox Kali Linux Parrot Security OS Weakerthan Linux Commix also comes as a plugin , on the following penetration testing frameworks: TrustedSec's Penetration Testers Framework (PTF) OWASP Offensive Web Testing Framework (OWTF) CTF-Tools PentestBox PenBox Katoolin Aptive's Penetration Testing tools Homebrew Tap – Pen Test Tools Supported Platforms Linux Mac OS X Windows (experimental) Usage To get a list of all options and switches use: python commix.py -h Q : Where can I check all the available options and switches? A : Check the ‘ usage ‘ wiki page. Usage Examples Q : Can I get some basic ideas on how to use commix? A : Just go and check the ‘ usage examples ‘ wiki page, where there are several test cases and attack scenarios. Upload Shells Q : How easily can I upload web-shells on a target host via commix? A : Commix enables you to upload web-shells (e.g metasploit PHP meterpreter) easily on target host. For more, check the ‘ upload shells ‘ wiki page. Modules Development Q : Do you want to increase the capabilities of the commix tool and/or to adapt it to our needs? A : You can easily develop and import our own modules. For more, check the ‘ module development ‘ wiki page. Command Injection Testbeds Q : How can I test or evaluate the exploitation abilities of commix? A : Check the ‘ command injection testbeds ‘ wiki page which includes a collection of pwnable web applications and/or VMs (that include web applications) vulnerable to command injection attacks. Exploitation Demos Q : Is there a place where I can check for demos of commix? A : If you want to see a collection of demos, about the exploitation abilities of commix, take a look at the ‘ exploitation demos ‘ wiki page. Bugs and Enhancements Q : I found a bug / I have to suggest a new feature! What can I do? A : For bug reports or enhancements, please open an issue here . Presentations and White Papers Q : Is there a place where I can find presentations and/or white papers regarding commix? A : For presentations and/or white papers published in conferences, check the ‘ presentations ‘ wiki page. Download Commix

    Commix (short for [comm]and [i]njection e[x]ploiter) is an automated tool written by Anastasios Stasinopoulos (@ancst) that can be used from web developers, penetration testers or even security researchers in order to test web-based applications with the view to find bugs, errors or vulnerabilities related to command injection attacks. By using this tool, it is very easy to find and exploit a command injection vulnerability in a certain vulnerable parameter or HTTP header.


    Requirements
    Python version 2.6.x or 2.7.x is required for running this program.

    Installation
    Download commix by cloning the Git repository:

    git clone https://github.com/commixproject/commix.git commix

    Commix comes packaged on the official repositories of the following Linux distributions, so you can use the package manager to install it!

    Commix also comes as a plugin, on the following penetration testing frameworks:

    Supported Platforms

    • Linux
    • Mac OS X
    • Windows (experimental)

    Usage
    To get a list of all options and switches use:

    python commix.py -h

    Q: Where can I check all the available options and switches?
    A: Check the ‘usage‘ wiki page.

    Usage Examples
    Q: Can I get some basic ideas on how to use commix?
    A: Just go and check the ‘usage examples‘ wiki page, where there are several test cases and attack scenarios.

    Upload Shells
    Q: How easily can I upload web-shells on a target host via commix?
    A: Commix enables you to upload web-shells (e.g metasploit PHP meterpreter) easily on target host. For more, check the ‘upload shells‘ wiki page.

    Modules Development
    Q: Do you want to increase the capabilities of the commix tool and/or to adapt it to our needs?
    A: You can easily develop and import our own modules. For more, check the ‘module development‘ wiki page.

    Command Injection Testbeds
    Q: How can I test or evaluate the exploitation abilities of commix?
    A: Check the ‘command injection testbeds‘ wiki page which includes a collection of pwnable web applications and/or VMs (that include web applications) vulnerable to command injection attacks.

    Exploitation Demos
    Q: Is there a place where I can check for demos of commix?
    A: If you want to see a collection of demos, about the exploitation abilities of commix, take a look at the ‘exploitation demos‘ wiki page.

    Bugs and Enhancements
    Q: I found a bug / I have to suggest a new feature! What can I do?
    A: For bug reports or enhancements, please open an issue here.

    Presentations and White Papers
    Q: Is there a place where I can find presentations and/or white papers regarding commix?
    A: For presentations and/or white papers published in conferences, check the ‘presentations‘ wiki page.