This is a curated list of Plugins and Scripts written for the reverse engineering platform - Cutter.
Want to build your own Plugin for Cutter, or to port an existing one from other disassemblers? It is easy! Follow the tutorial in the official documentation: https://cutter.re/docs/plugins.html
- Cutter Plugins
This is an integration of the Ghidra decompiler for Cutter and radare2. It is solely based on the decompiler part of Ghidra, which is written entirely in C++, so neither Ghidra itself nor JAVA are required at all and the plugin can be built self-contained.
Due to its quality, the ghidra decompiler plugin is shipped by default in Cutter releases.
Type: Plugin
Status: Maintained
Reference: r2ghidra plugin announced in Cutter v1.9
The plugin integrates RetDec decompiler into Cutter.
With the bundled version of RetDec you can decompile the following architectures:
- 32-bit: Intel x86, ARM, MIPS, PIC32, and PowerPC.
- 64-bit: x86-64, ARM64 (AArch64).
Type: Plugin
Status: Maintained
r2dec converts the assembly of a function to a Pseudo-C code. Cutter integrates r2dec by default.
Type: Plugin
Status: Maintained
Talk: How not to write a decompiler - r2con 2018
This plugin integrates the Jupyter notebook inside Cutter
Status: Maintained
Allows the import and export of x64dbg comments and breakpoints in Cutter
Status: Maintained
A Cutter plugin to match project with Yara rules at runtime.
Status: Maintained
Hyara is a plugin that makes it convenient to write and test Yara rules from inside Cutter.
Type: Plugin
Status: WIP
A plugin that adds dynamic symbolic execution to Cutter's debugger using Angr.
Status: Maintained
A plugin that adds Hobbits displays to Cutter.
Status: WIP
Capa is a framework that uses a well-defined collection of rules to identify capabilities in a program. You can run the plugin against a PE file or shellcode and it tells you what it thinks the program can do.
Type: Plugin
Status: Maintained
A plugin for Cutter and Radare2 to deobfuscate APT32 flow graphs This is a python plugin for Cutter that is compatible as an r2pipe script for radare2 as well. The plugin will help reverse engineers to deobfuscate and remove junk blocks from APT32 (Ocean Lotus) samples.
Type: Plugin
Status: Maintained
Article: APT32 Flow Graphs with Cutter and Radare2
This is an r2pipe based script that is used to decrypt strings and resources in the Dropshot APT malware.
Type: Script
Status: Maintained
Articles:
- Decrypting APT33’s Dropshot Malware with Radare2 and Cutter – Part 1
- Decrypting APT33’s Dropshot Malware with Radare2 and Cutter – Part 2
Deobfuscation script of API calls in Bitpaymer (v2)
Type: Script
Reference: https://twitter.com/FraMauronz/status/1005138478261309440
CutterDrcov is code coverage plugin that visualizes DynamoRIO drcov into Cutter static analysis.
Type: Plugin
Status: Maintained
This is still a work in progress on this Pull Request.
Type: Plugin
Status: WIP
Cutter Full Instruction Reference Plugin. The plugin will monitor the location for your cursor and display the full documentation of the instruction. At the moment it only supports x86-64, ARM and MIPS 32bit, however adding support for other architectures is relatively easy.
Type: Plugin
Status: Maintained
A plugin for Cutter that shows the information about the assembly instruction currently selected (only for x86 and x64)
Type: Plugin
Status: Maintained
Cutter script to comment value of strings that were manually created on the stack.
Type: Script
Status: Maintained
A Cutter plugin to generate radare2 graphs. It also provides a new graph called Deep callgraph, which builds an in-depth callgraph from the current function, adding recursively its callees' callings.
Type: Plugin
Status: Maintained
Python and C++ sample plugins to start with.
Type: Plugin
Status: Maintained
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent