Showcases

Showcase

In our knowledge, Capstone has been used by 508 following products (listed in no particular order).

Skorpio: Cross-platform-architecture Dynamic Instrumentation Framework (PDF).
Qiling: Cross-platform & multi-architecture lightweight sandbox.
Unicorn: Lightweight multi-arch, multi-platform CPU emulator framework.
Keystone: Lightweight multi-arch, multi-platform assembler framework.
CEnigma: Web-based disassembler tool that is simple, easy, fast & user-friendly. (inactive now)
CEbot: A Twitter bot for binary-reversing right from Twitter account. (inactive now)
Camal: Coseinc automated malware analysis lab.
Radare2: Unix-like reverse engineering framework and commandline tools.
Pyew: a Python tool for static malware analysis.
WinAppDbg: Code instrumentation scripts in Python under a Windows environment.
PowerSploit: PowerShell Post-Exploitation Framework.
MachOView: Visual Mach-O file browser that allows exploring and in-place editing Intel and ARM binaries.
RopShell: Free online ROP gadgets search.
ROPgadget: Gadgets finder and auto-roper.
Frida: Inject JavaScript code into native apps on Windows, Mac, Linux and iOS.
The-Backdoor-Factory: Patch Win86/64 PE and Linux86/64 binaries with shellcode.
BDFProxy: Patch Binaries via MITM (BackdoorFactory + mitmProxy).
Cuckoo: Open source automated malware analysis system.
Cerbero Profiler: Malware and forensic analysis tool.
CryptoShark: Cross-platform interactive debugger (powered by Frida).
Ropper: Rop gadget and binary information tool.
Snowman: A native code to C/C++ decompiler.
Concolica: Python concolic execution framework for program analysis.
Memtools Vita: Toolkit to explore PlayStation Vita firmware.
BARF: Multiplatform open source Binary Analysis and Reverse engineering Framework.
rp++: Full-cpp written tool to find ROP sequences in PE/Elf/Mach-O x86/x64/ARM binaries.
Binwalk: Firmware analysis tool.
MPRESS dumper: Unpacking tool for some HackingTeam’s OS X malware.
Xipiter toolkit: Miscellaneous tools for various security tasks.
Sonare: Qt-based disassembly viewer.
PyDA: Python DisAssembler.
Qira: QEMU Interactive Runtime Analyser.
Rekall: Rekall Memory Forensic Framework.
Inficere: MacOSX rootkit (for learning purpose)
Pwntools: CTF framework used by Gallopsled in every CTF.
Bokken: GUI for the Pyew malware analysis tool and Radare reverse engineering framework.
Webkitties: PlayStation Vita Webkit Exploit / Mini SDK and Testing Framework.
Malware_config_parsers: A collection of public malware config parsers.
Nightmare: A distributed fuzzing testing suite with web administration.
Catfish: A tool to ease the process of finding ROP gadgets & creating payloads with them.
JSoS-Module-Dump: PlayStation Vita module dumper.
Vitasploit: PlayStation Vita native exploitation framework.
PowerShellArsenal: A PowerShell Module Dedicated to Reverse Engineering.
PyReil: REIL translation library.
ARMSCGen: Shellcodes for ARM/Thumb mode.
Shwass: Mach-O Executables Analyzer & Disassembler.
Nrop: Automated Return-Oriented Programming Chaining.
lldb-capstone-arm: Disassemble scripts for LLDB (for Arm & Arm64)
Capstone.js: JavaScript wrapper over an Emscripten build of Capstone.
ELF Unstrip Tool: Generate unstripped binary from an ELF strip binary.
Binjitsu: CTF framework and exploit development library.
Rop-tool: A tool to help you writing binary exploits.
JitAsm: JIT Assembler Library for multiple ISAs.
OllyCapstone: A plugin for OllyDbg 1.10 to replace the old disasm engine with Capstone.
PackerId: A fork of packerid.py with disassembly support.
UEFI_boot_script_expl: CHIPSEC module to exploit UEFI boot script table vulnerability.
Symx: Lightweight Symbolic Execution Engine.
ArmExec: Android native runtime emulator.
Capstone View for IDA: A plugin to use Capstone to display code instead of IDA’s own disassembly engine.
Honggfuzz: A general-purpose fuzzer with simple, command-line interface.
Triad decompiler: A tiny, free and open source decompiler that will take ELF files as input and spit out pseudo-C.
SemTrax: Data Tracking for Binary Software.
Senseye: Dynamic Visual Debugging / Reverse Engineering Toolsuite.
Plasma: Reverse engineering tool for x86/ARM. Generates indented pseudo-C with colored syntax code.
Binflow: A fast & multi-thread support tool to trace function calls in ELF binaries.
OpenREIL: Translator and tools for REIL (Reverse Engineering Intermediate Language).
PREF: Portable Reverse Engineering Framework that aims to be the swiss army knife for Reverse Engineering.
Pwnypack: Certified Edible Dinosaurs official CTF toolkit.
GEF: Multi-Architecture GDB Enhanced Features for Exploiters & Reverse-Engineers.
Hopper: A reverse engineering tool to disassemble/decompile/debug Intel Mac, Linux, Windows & iOS executables.
Pysymemu: An Intel 64 symbolic emulator.
Decompiler: A decompiler with multiple backend support, written in Python.
ArkDasm: 64-bit interactive disassembler for Windows.
SM64tools: Collection of tools for manipulating the Super Mario 64 ROM.
ViDi: Visual Disassembler for static analysis of PE files.
Volatility_plugins: A collection of plugins for the Volatility framework.
ThunderGate: An open source toolkit for PCI bus exploration.
Visulator: A machine emulator that visualizes how each instruction is processed.
Psce4all: PlayStation Console Emulators For All.
Pwndbg: A Python plugin of GDB to assist exploit development.
IntelliJ IDEA: A Java IDE.
Binch: A light ELF binary patch tool in python urwid.
Ropchain: X86 systematic ROP payload generation (with API to customize payload).
PyOCD: Python library for programming and debugging ARM Cortex-M microcontrollers using CMSIS-DAP.
Okita: a set of proof-of-concepts to disassemble binaries to assembly.
Angr: A framework for static & dynamic concolic (symbolic) analysis.
Shellyzer-Gui: a GUI application that helps to analyze shellcode.
Xenia: Xbox 360 Emulator Research Project.
CodeReason: Semantic Binary Code Analysis Framework
Haka: a toolsuite to capture TCP/IP packets and filtering them based on Lua policy files.
Gcov: GNU gcov like tool.
Anticuckoo: A tool to detect and crash Cuckoo Sandbox.
EmilPRO: Graphical disassembler for a large number of instruction sets.
NextGen: A Genetic File, Sycall and Network Fuzzer for Unix systems.
Imatinib: Instrumentation tool that uses the only inline patch hooking.
PolyHook: X86/X64 hooking library.
Harpoon: Lightweight runtime hooking library for OS X.
fcd: A LLVM-based native program decompiler
MemoryPatchDetector: Detects code differentials between executables in disk and processes/modules in memory.
Mpesm: Identify the compiler/packer/cryptor of PE files.
Silicon-disassembler: A high-performance, asynchronous web-component disassembler.
peCloakCapstone: A tool to encoder Windows PE files to bypass AntiVirus detection.
Reko: A multi-architecture decompiler.
Usercon: User-space system emulator.
Lyn: Python binding for GNU lighning.
Edb: A cross platform x86/x86-64 debugger.
Unicorn-decoder: A shellcode decoder that can dump self-modifying-code.
Hekate: Winsock inspection/filtering/modifying.
Capstone.js-bookmarklet: Disassemble from webpage with bookmarklet.
Qiew: Hex/File format viewer.
ProDBG: A debugger supports a variety of targets and operating systems.
Pageant_xkeys: Extract unencrypted SSH keys from Pageant memory dump.
Crumble: A cross-platform commandline tool to disassemble PE files.
Trap-syscalls: Library for in-process tracing and/or hooking of system calls.
Thunderstrike: EFI bootkits for Apple MacBooks.
rr-dataflow: A GDB plugin to trace back to the origin of data in Mozilla’s rr.
ropnroll: OSX exploitation helper library.
StfuSIP: System Integrity Protection (SIP) bypass for OSX 10.11.1.
DirectX9Hook: Runtime DirectX9 Hooking.
fREedom: Extracting disassembly information from executables for Binnavi.
Trap-syscalls: Library for in-process tracing/hooking of system calls (on Linux/x86-64)
PyAna: Analyzing Windows shellcode.
CapFunc: IDA Python Script that Disassembles Functions with Capstone.
MyROP: ROP tool for ARM.
hsdecomp: A decompiler for GHC-compiled Haskell.
WWCD: What Would Capstone Decode - IDA plugin implementing a Capstone powered IDA view.
PythonForWindows: codebase to make it easier to work with Windows & native execution.
MacDBG: Simple easy to use C & Python debugging framework for Mac OS X.
VxPwn: A fuzzer for VxWorks.
CHDK: Canon Hack Development Kit.
Triton: Dynamic binary analysis framework.
Shellsploit: New generation exploit development kit.
ADBI: Android Dynamic Binary Instrumentation tool for tracing Android native layer.
Redress-Disassembler: Cross platform binary disassembler written in Java.
TraceGrind: Execution tracing module for Valgrind.
AppleALC: Native OS X HD audio for unofficially-supported codecs.
ArmRoper: ARM ROP chain gaget searcher.
EhTrace: A tool for tracing execution of binaries on Windows.
Ded: MSDOS executable disassembler.
Eli.Decode: Decode obfuscated shellcodes.
Awasm: An AIMGP (Automatic Induction of Machine code by Genetic Programming) engine.
Voltron: A hacky debugger UI for hackers.
fence_counter: QSIM based fence counter.
Lisa.py: An Exploit Dev Swiss Army Knife.
DdiMon: Monitoring and controlling kernel API calls with stealth breakpoint using EPT.
UniHook: Intercept arbitrary functions at run-time, without knowing their typedefs.
Redream: SEGA Dreamcast emulator.
Erebus: A reverse engineering tool suite for Linux.
Avery: x86-64 kernel in Rust.
Pyflirt: Map file generator for Intel X86 binary based on flirt signature.
dispatch: Programmatic disassembly and patching.
cypher: Simple tool to automate adding shellcode to PE files.
Cemu: Cheap EMUlator based on Keystone and Unicorn engines.
ROPMEMU: Analyze ROP-based exploitation.
AssemblyBot: Telegram bot for assembling and disassembling on-the-go.
Demovfuscator: Deobfuscator for movfuscated binaries.
Ropf: Gadget displacement on top of IPR (In-Place Randomization) against Code Reuse Attack.
Cardinal: Similarity Analysis to Defeat Malware Compiler Variations.
dynStruct: Reverse engineering tool for structure recovering and memory usage analysis based on DynamoRIO.
iokit-dumper-arm64: Statically reconstructing the IOKit classes hierarchy from iOS kernelcache dumps.
Spedi: Speculative disassembly, CFG recovery, and call-graph recovery from stripped binaries.
Dash: A simple web based tool for working with assembly language.
Qsim: Full system emulator front-end to a multi-core timing model.
Windows_Debugger: A simple Windows x86-32 debugger.
MongoDB disasm: Interactive Disassembler with GUI (Web-based).
WTFJH: iOS Security Runtime Inspection.
Xenpwn: A toolkit for memory access tracing using hardware-assisted virtualization.
Rebours: A framework for control-flow recovery in binary programs.
Patchkit: A powerful binary patching toolkit.
CFFCapstone: Assembler extension to CFF Explorer.
FirmInsight: Automatic collect firmwares from internet and extract info.
UniAna: Analysis PE file or Shellcode (Only Windows x86).
pymetamorph: Metamorphic engine in Python for Windows executables.
WCC: The Witchcraft Compiler Collection.
Patcherex: Shellphish’s automated patching engine, originally created for the Cyber Grand Challenge.
Cgrex: Targeted patcher for CGC binaries - using in the Cyber Grand Challenge.
C-flat: Control Flow Attestation for Embedded Systems Software.
W-SWFIT: x64 Windows Software Fault Injection Tool.
DynInst Tools: Tools built using Dyninst or Dyninst component libraries.
PeiBackdoor: PEI stage backdoor for UEFI compatible firmware.
CaptainHook: x86/x64 hook environment.
Ropstone: A basic ROP/gadget finder.
Labeless: Labels/Comments synchronization between IDA PRO and debugger backend (OllyDbg, x64dbg).
KlareDbg: Kernel debugger using Timeless Debugging method.
Ponce: IDA Pro-based symbolic execution & taint analysis engine.
Relyze: Interactive Software Analysis.
Shellsploit-library: Exploit development library for python users.
asm_buddy: Small script to assemble/disassemble from CLI.
Rgat: Instruction trace visualisation tool for dynamic program analysis.
Shellbug: Basic command-line, text-based, shellcode debugger.
Cheat Happens: CoSMOS Memory Scanner and Gamehacking Tool.
SimpleDpack: Windows PE packer.
EasyROP: A Python tool to generate ROP chains.
Nemezisv3: A GUI tool to convert hex-string to assembly and vice versa.
Stoneb0t: IRC bot providing assemble / disassemble for various architectures.
Rop-chainer: Generates return-oriented exploits for ELF binaries.
Wdbdbg: Python WDB RPC monitor for X86 targets on VxWorks 5.x/6.x.
kHypervisor: Light-weight nested Virtual Machine Monitor for Windows x64.
RePEconstruct: Automatically unpacking a Windows binary & rebuild its import address table.
DirEngine: Disassembly Intermediate Representation Engine.
Wag: WebAssembly compiler implemented in Go.
Fuzzemu: Instruction emulator for the Cortex-M3 ARM.
IDASec: IDA plugin for reverse-engineering and dynamic interactions with the Binsec platform.
Satt: Software Analyze Trace using Intel Processor Trace.
PShape: Practical Support for Half-Automated Program Exploitation.
PowerShell Suite: A collection of PowerShell utilities.
Nougat: ART-Extension for Android Nougat.
instruction_set_research: Analyse the instruction set distribution on malicicous PE files.
VulcanoIO: Open Source Cluster IOTs for Reverse Engineering Malware.
Proctal: Manipulates the address space of a running program on Linux.
Lazy Office Analyzer: Analyze Microsoft Office docs.
FRIEND: Flexible Register/Instruction Extender aNd Documentation.
Synthir: IR Transformation Synthesis for Assembly Instructions.
Panda: Platform for Architecture-Neutral Dynamic Analysis.
Alfredworkflow-Capkeystone: Alfred Workflow to convert hex string to assembly and vice versa.
Pydbg: A pure-python win32 debugger interface.
Trace: System tracer implementation in Rust.
Chiasm-shell: Python-based interactive assembler/disassembler CLI.
inVtero: Find/Extract processes, hypervisors in memory dumps using microarchitechture independent Virtual Machiene Introspection techniques.
PEDetour: Modify Portable Executable file to hook its export functions.
Paradise: x86/x86-64 hooking library.
Dithumb: Minimal ARM/Thumb linear sweep disassembler similar to objdump.
ARM-Tracer: Trace Log Generation (CLI) on a target device or emulator.
LunaLUA: LunaDLL with LUA, a free extension for SMBX game engine.
GadgetWrecker: A conceptually simple, experimental defence against ROP exploits.
ftrace: A ltrace/strace-like but just to log calls to local functions.
Nucleus: Compiler-Agnostic Function Detection in Binaries.
TSXCFI: Prototye Implementation for TSX-based CFI Enforcement.
Stonesh: Command interpreter for Keystone and Capstone designed to be an alternative to ks/cstool.
Ratone: A console for assemble/disassemble code using Capstone/Keystone.
Bootcode_parser: Offline analysis of the boot records used by BIOS based systems (UEFI is not supported).
Fido: Teaching old shellcode new tricks.
Utimaco: Tools for reverse engineering the Utimaco Firmware.
Grap: Define and match graph patterns within binaries.
Nymaim-tools: A set of tools to analyze & track Nymaim trojan.
Guestrace: System call tracing tool based on Xen altp2m.
ExceptionDetector: Exception detector for Win32 programs.
Online Assembler & Disassembler: Online Assembler and Disassembler.
Unicorn.JS demo: Demo of Unicorn emulator in JavaScript.
Executable Image Parser: A pure-Java, concurrent friendly library for parsing executable files of a variety of formats.
Yara-sign-tool: A tool to generate yara signatures from function blocks.
ClassicOffensive: Game Classic Offensive mod.
Bin-analysis: Ruby module containing various utilities for binary analysis.
Syzygy: Syzygy Transformation Toolchain.
pointer-chain-reversal: Trace pointer access in Windows C++ applications.
Disassembler: Simple disassembler in Go with DWARF support.
Bre: Go-based tools for binaries reverse engineering.
Indika: A blanket execution/min hash semantic hash tool for binary function identification.
Syscall-Monitor: A system monitor program (like Sysinternal’s Process Monitor) using Intel VT-X/EPT for Windows7+.
Piglab: Tooling and test harness for Snort signature/plugin development.
X86-analysis: Static analysis tools for x86 assembly.
iOSKextDump: Dump Kext information from iOS kernel cache.
Lilu: Arbitrary KEXT and process patching on MacOS.
x86-64-pe-emu: AMD64 Windows PE Emulator in Python.
AsmBot: Slack bot to assemble and disassemble using Capstone and Keystone.
Kcapys: Patch all calls to a function ELF file with NOPs.
Maclook4ref: Quickly find references to the specified Immediate number, or find the function call of specifies offset, and generate C++ functions call backtrace.
Reassemble: Re-Assembler utility for reverse engineering.
cgPwn: Cyber Grand Pwnage Box.
WhileDetect: Detect while(True) loop in a given binary.
Shellcode: x86/x86-64 shellcodes for Windows, Mac OSX, Linux, BSD & Solaris.
BranchMonitoringProject: A Branch Trace Store (BTS) monitor-based solution for process monitoring.
ioskextdump_32: Dump Kext information from 32bit iOS kernel cache.
mackextdump: Dump Kext information from MacOS kernel.
unitracer: Windows API tracer for malware.
pwning-tools: A small library that help CTFer quickly write payload.
cache-leak-detector: Detect instruction cache leaks in modular exponentiation software.
Dbg: A Linux debugger.
kcshell: Interactive assembly/disassembly shell for various architectures.
Bt: Binary toolkit.
Kernel_integrity: Kernel Integrity Check for Virtual Machine.
AsmHelper: A MacOS tool to help convert machine code to assembly and vice versa.
UniversalRop: Small tool for generating ropchains using Unicorn and Z3.
Manticore: Dynamic binary analysis tool.
Bootloader instrumentation suite: Bootloader research tools.
Crop: C-style language ROP Compiler for CFI-hardened system attacks.
Symexec: Basic x86 Symbolic Execution for educational purposes.
Memvis: Tool for interfacing with ELF files.
PEinfo: Passive Windows Portable Executable file information parser without any external dependencies.
syscall_intercept: System-call intercepting library.
Troll: C-language source-level debugger for ARM Cortex-M systems.
Vino: Binary instrumentation tool for Linux.
Falcon: Binary Static Analysis Library in Rust.
JSRT: Javascript Runtime for Windows, based on Chakra.
HyperDbg: Nested-Virtualization based debugger for debugging Hypervisor / Virtual Monitor Machine (VMMs).
open-source-machlib: An open source equivalent of machlib.
Ganxo: Opensource API hooking framework.
Seb: Scenario Executor for Binaries.
Mlib: Your bag of handy codes for malware researchers.
qemu-plugins-tutorial: Tutorial to write qemu plugins.
Egghatch: Shellcode identification & formatting.
AroeA: IDA script to extract stack strings + simple deobfuscate.
postmortem: A tiny GDB frontend.
RenHook: An open-source x64 hooking library for Windows.
Avatar2: A target orchestration framework with focus on dynamic analysis of embedded device firmware.
Vegvisir: A browser based GUI for LLDB debugger.
STAN: STAN is a sTAtic aNalyser.
Hfm: Hypervisor-base File Monitoring: monitoring file-related activities in VMs on XEN hypervisor.
PokerubyDiff: A web-based diff client to assist with decompiling pokeruby.
Pythem: Multi-purpose Pentest framework.
Holodec: Open source decompiler for x86/x86-64 binaries.
Pybag: CPython module for Windbg’s DbgEng plus additional wrappers.
LuaQemu: QEMU-based framework exposing several of QEMU-internal APIs to a LuaJIT core injected into QEMU itself.
python-idb: Pure Python parser and analyzer for IDA Pro database files (.idb).
Cisol: Translator from asm to C, but not decompiler. Something between compiler and decompiler.
Pyrebox: Python scriptable Reverse Engineering sandbox.
Memory checker: Detect invalid memory access and memory leak.
Bbtrace: Basic block trace for DynamoRio.
Sandsifter: X86 processor fuzzer.
Retools: a reverse engineering toolkit for normies.
Bin2LLVM: A binary to LLVM translator.
PyGDB: Debugger capable of debugging binary programs with DWARF-2 debug info.
kAFL: Hardware-Assisted Feedback Fuzzing for OS Kernels.
Nemubot: A smart and modulable IRC bot.
Zzpp: A cute hook framework.
Pktsend: Tiny packet sender. User can craft IP packet flexibly.
HopperDos: 16 bit Intel X86 and DOS executables support for Hopper Disassempler.
FunctionScan: Find function boundary and recognize library function.
CageTheUnicorn: Debugging/emulating environment for Switch code.
disassemble.rs: A Rust framework for static analysis.
SEH_Fuzzer: A fuzzer for Windows SEH buffer overflow.
Asemu: 32-bit x86 emulator using ncurses and Capstone/Keystone/Unicorn.
Binary Ninja: A reversing platform.
ReilEx: Symbolic execution engine using REIL (Reverse Engineering Intermediate Language).
Pwntools-Ruby: Pwntools on Ruby.
CircuitBreaker: Nintendo Switch hacking toolkit.
KLisp: Lisp compiler.
HookLib: A small and simple header-only hooking library for x86/x64 architecture.
pdata_check: Identify unusual runtimes based on the PDATA section & the last instruction of the runtime function.
Sickle: A shellcode development toolkit.
ida_ea: A set of exploitation/reversing aids for IDA.
HookZz: A hook framework for Arm/Arm64/iOS/Android.
Qemu: A generic and open source machine emulator and virtualizer.
Andrax: Andrax mobile pentest.
Bloaty: Bloaty McBloatface: a size profiler for binaries.
Cyann: PoC Nanomite packer for PE32/PE32++.
Grap: Define and match graph patterns within binaries.
Dispar: Disassemling binary parser.
PreventingROPattacks: A compiler pass running on the Assembly code to prevent Return-Oriented-Programming attacks.
Minijit: A naive, educational x86-64 JIT-compiler written from scratch in C++ and Python.
Sonare: An interactive disassembler for reverse engineering.
OSSPolice: Identifying Open-Source License Violation and 1-day Security Risk at Large Scale.
Shellsploit-Library: Exploit development library for Python users.
Shellen: Interactive shellcoding environment to easily craft shellcodes.
Dyntrace: Dynamic tracing in Linux using fast tracepoints.
Psr: Pointer Sequence Reverser - see how Windows C++ application accesses a particular data member or object.
Syntia: Synthesizing the Semantics of Obfuscated Code.
JHEngine: Simple MemoryEditor.
CAFA: Checksum-Aware Fuzzing Assistant for More Coverage.
Retdec: Retargetable machine-code decompiler based on LLVM.
Capstone2LLVMIR: Library for Capstone instruction to LLVM IR translation.
Capstone-dumper: Utility for dumping all the information Capstone has on given instructions.
Capstool: Set of functions that can be used to do basic static analysis of x86/x64 instructions.
PEpatch: A hacky tool to patch PE binaries.
KrkrExtract: A tool to extract and pack Krkr2 and Krkrz’s XP3 files.
3dstool: An all-in-one tool for extracting/creating 3DS ROMs.
ios_mips_gdb: CISCO Mips debugger.
ScratchABit: Easily retargetable and hackable interactive disassembler with IDAPython-compatible plugin API.
Owl: ROP-Gadget finder in Rust.
JuniEmu: Emulator interface for ARM 32bit.
ecos_gdb: A debugger written in assembly to allow serial and tcp based debugging of ECOS firmware.
Multiverse: A static binary rewriter that does not use heuristics.
Ftrace: A simple function call tracer.
Ltrace: A simple library call tracer.
ARP-Rootkit: An open source rootkit for the Linux Kernel to develop new ways of infection/detection.
bitblaze_trace: A Python library to parse Bitblaze traces.
gbadisasm: Game Boy Advance disassembler.
Mega: ELF binary obfuscator.
Mutator: An experimental suite of tools aimed at analysis and automation of C/C++ code development.
Dbghlpr: It provides various functions useful for debugging using Windbg.
Anomaly Guard: Malware Detection by Memory Baselining.
Vulnscan: A binary vunerability scanner for binaries.
Pimp my ride: Multi-architecture CPU Emulator.
PTfuzzer: Greybox fuzzer to fuzz any binary-only software.
CAFA: A Checksum-Aware Fuzzing Assistant For More Coverage.
Webkit: A fast, open source web browser engine.
Extended APIs: Intel’s VT-x / VT-d APIs for the Bareflank hypervisor.
Fuzzle: A stateful fuzzing engine.
Fyvm Disassembler: IDAPython scripts for devirtualization/disassembly FinSpy VM.
Mapbox-GL-Android: A library based on Mapbox GL Native for embedding interactive map into Android.
bin2vex: Convert binary to VEX IR using the C interface provided by Pyvex.
Crave: Framework to automatically test and explore the capabilities of generic AV engines.
Memory-Analyzer: A loadable dll intended to track memory changes and dynamically emplaced “JMP” in the host executable.
Binja-secret: Binary Ninja plugin that encapsulate Frida, Unicorn, Capstone and Keystone.
GO disassembler: A lightweight ELF disassembler written in GO.
dc-lang: A toy programming language + tracing JIT.
ida-embed-arch-disasm: Allows IDA PRO to disassemble x86-64 code (WOW64) in 32-bit database.
Hyara: Yara rule making tool (IDA plugin).
SMDA: Minimalist recursive disassembler library optimized for accurate CFG recovery from memory dumps.
Deen: Generic data encoding/decoding applition built with PyQt5.
PinCFGReconstructor: Instruction tracing for complext programs.
dc-lang: A toy programming language + tracing JIT.
Golf: Parser for ELF file written in Golang.
TaintGrind: A taint-tracking plugin for the Valgrind memory checking tool.
Frick: The first debugger built on top of Frida.
Emufuzz: libFuzzer + Unicorn + Capstone.
REBot: A Discord bot for reverse engineers and exploit developers.
Delf: An ELF dump script written in Python.
One gadget lib: Python library to find one-gadget to invoke “/bin/sh”.
vtMal: Malware Sandbox Emulation in Python @ HITCON 2018.
Rosenbridge: Hardware backdoors in x86 CPUs.
EnVisen: ROP Entropy Visualizer.
Nemu: Modern Hypervisor for the Cloud.
Android-Disassembler: Disassembler for Android.
Google CTF: Google CTF.
LinDbg: Linux clone of Windbg.
libcpu: x86 Dynamic Binary Translator Library.
Dwarf: GUI for Android revere engineering.
Stonework: Pebble emulator iOS and watchOS.
VmwareHardenedLoader: Anti anti-VM for VMWare.
libelfmaster: Secure ELF parsing/loading library for forensics reconstruction of malware, and robust reverse engineering tools.
arme: ARM2ARM recompiler for melonds.
Lojax UEFI rootkit checker: test if your system is vulnerable to world’s first UEFI rootkit attack.
Twopy: A Python JIT compiler.
Boomerang: Boomerang Decompiler.
GTIRB pprinter: Pretty printer from GTIRB to assembly code.
InspectELF: ELF Inspection library finding compile-time gcc security switches.
Unicorn PE: Unicorn based emulator for Windows PE files.
Vulture: Binary Static Analysis Library in Rust.
TaintGrind: A taint-tracking plugin for the Valgrind memory checking tool.
Binsequencer: A script designed to find a common pattern of bytes within a set of samples and generate a YARA rule.
Vmware Hardened Loader: Vmware Hardened VM detection mitigation loader (anti anti-vm).
Janus: Binary modifier.
crash-unscrambler: Analyzes crash reports and crashed processes to recover as much information as possible about the data and execution leading up to the crash.
idenLib: Library Function Identification plugin for IDA Pro.
Rainbow: Easy scripting interface to emulate embedded binaries for tracing.
Binarydroid: Basic disassembler for Android.
GTIRB pprinter: Pretty printer from GTIRB to assembly code.
Saferwall: A hackable malware sandbox for the 21st Century.
Yara signator: Automatic YARA rule generation for Malpedia.
Droidguard-VM: Java implementation of DroidGuard virtual machine.
Zephyrus: A sophisticated memory library used to dynamically hook and edit memory, allowing pre-compiled code to be rewritten.
xdvre: A disassembler/debugger that works based on the extension plugin.
elf-mlsploit: Mlsploit module for perturbing ELF binary (direct call to indirect call).
Ddisasm: Datalog driven disassembly of binary executables.
mkYARA: Generating YARA rules based on binary code.
unprotect: A Python tool for parsing PE malware and extract evasion techniques.
DJI firmware tools: Tools for handling firmwares of DJI products, with focus on quadcopters.
bu6pwn: PWN Framework.
Inspector gadget: Discovers ROP gadgets & chains them together.
Corana: A Dynamic Symbolic Execution Engine for ARM Cortex-M.
uftrace: Function (graph) tracer for user-space.
flara: A web based Yara generator.
dhop: Discover Heap OPeration.
DeSW: Just a simple De-switcher.
Ensemble DL Ransomware Detector: A Deep Learning ensemble that classifies Windows executable files as either benign, ransomware, or other malware.
RansomwareDetector: Attempts to detect ransomware based on properties of of a binary.
RopDissector: A framework for static analysis of ROP exploits and programs.
TriggerBug: Fast-Symbolic-Emulation-Engine.
Delinker: Unlinks a binary executable to get back a set of .o object files for further transformation and re-linking.
YaraSafe: SAFE embeddings to match functions in Yara.
Patcher: Lightweight library to facilitate creating & tracking function hooks or other arbitrary memory patches.
CARE: Compiler-Assisted Recovery mechanism for soft failures, which are caused by transient faults.
CRNN-malware-detector: Convolutional Recurrent Neural Net based malware detection model.
Razzer: A Kernel fuzzer focusing on race bugs.
Execution trace viewer: Tool for viewing and analyzing execution traces.
Zofi: The Zero Overhead Fault Injector project.
elf-dissector: Tools for inspecting, analyzing and optimizing ELF files.
RetroWrite: Retrofitting compiler passes though binary rewriting.
TaintInduce: Automate the creation of taint propagation rules for unknown instruction sets.
malduck: Malduck is your ducky companion in malware analysis journeys.
UnicoreFuzz: Fuzzing the Kernel Using AFL-Unicorn.
UniTaint: PoC for a taint based attack on VMProtect.
macsim: A heterogeneous architecture timing model simulator.
libhooker: Modular binary injection framework.
disasm.ninja: A realtime assembler/disassembler.
washingtondc: Open-source Sega Dreamcast emulator.
Router Exploit Shovel: Automated Application Generation for Stack Overflow Types on Wireless Routers.
tbrop: Taint-based ROP tool.
mobo: Little hypervisor project using KVM.
Window Function Tracer: Window Executable file Function tracer using Debugging API.
VBox Monitor: Monitoring/Debug tool for VirtualBox.
Unicorn-Bios: Basic BIOS emulator for Unicorn Engine.
yara-sig-generator: Create Yara signature from binary address.
Binee: Binary emulation environment.
Xendbg: A feature-complete reference implementation of a modern Xen VMI debugger.
Mupen64Plus: A cross-platform plugin-based N64 emulator.
Razor: A Framework for Post-deployment Software Debloating.
AFLplusplus: AFL fuzzer with community patches.
DeviceMon: VT-based PCI device monitor (SPI).
binarypinja: Create datasets for machine learning programs in a NLP (natural language processing).
TriggerBug: Fast-Symbolic-Emulation-Engine.
Maat: Open-source Dynamic Symbolic Execution framework used for Binary Analysis.
Packman deobfuscator: League-of-Legends anti-cheat code deobfuscator.
aah: Arm64 architecture handler.
Volatility3: The Volatile memory extraction framework.
Windbgtool: WinDbg Toolbox package.
dsdump: An improved nm + Objective-C & Swift class-dump.
zdb: 64 bit ELF debugger for reverse engineering.
QuickPatch: GDB plugin for patching ELF file.
S(gx)ELF-respect: Privacy-preserving TEE prototype on a service-oriented environment.
EFI DXE Emulator: EFI DXE Emulator and Interactive Debugger.
VTIL Core: Virtual-machine Translation Intermediate Language.
Kernel fuzzer for Xen: VMI Kernel Fuzzer for Xen Project: VM forking, VMI & AFL integration demo.
Frankenstein: Broadcom and Cypress firmware emulation for fuzzing and further full-stack debugging.
approxis-groundtruth: Generates a ground truth map of binary disassembly.
OBIN: An educational elf parser and simple binary analysis tool.
AtX: A tool to help port simple ARM32 elf binaries to X86_64 binaries.
e9patch: A Powerful Static Binary Rewriter.
specrop: Speculative exploitation of ROP chains.
BlindSide: BlindSide allows attackers to “hack blind” in the Spectre era.
JOP ROCKET: The Jump-oriented Programming Reversing Open Cyber Knowledge Expert Tool.
XPEViewer: PE file viewer/editor for Windows, Linux and MacOS.
XELFViewer: ELF file viewer/editor for Windows, Linux and MacOS.
XMachOViewer: Mach-O file viewer/editor for Windows, Linux and MacOS.
speakeasy: A portable, modular, binary emulator designed to emulate Windows kernel and user mode malware.
XAPKDetector: APK/DEX detector for Windows, Linux and MacOS.
Detect It Easy: Program for determining types of files for Windows, Linux and MacOS.

In addition, Capstone is available in the following Operating System distributions (listed in no particular order)

Gentoo: Gentoo Linux distribution.
Fedora: Fedora Linux distribution.
Arch: Arch Linux distribution.
Ubuntu: Ubuntu Linux distribution.
Debian: Debian Linux distribution.
OpenBSD: Security-oriented, multi-platform 4.4BSD-based UNIX-like operating system.
FreeBSD: Free Unix-like operating system descended from AT&T Unix via BSDS.
NetBSD: Free, fast, secure, and highly portable Unix-like Open Source operating system.
Pentoo: Gentoo-based Linux distribution for pentesters.
Kali Linux: Rebirth BackTrack, the Penetration testing distribution.
BlackArch: Arch-based GNU/Linux distribution for pentesters and security researchers.
NixOS: The Purely Functional Linux Distribution.
ArchAssault : A fully customizable pentest distribution done the Arch Linux way.
DragonFly BSD: Free Unix-like operating system.
NetHunter: Android penetration testing platform for Nexus devices.
Void Linux: A Linux distro based on the xbps packaging system.
REMnux: A Linux Toolkit for Reverse-Engineering and Analyzing Malware.

Please let us know, so we can put you in the list above, if you are also using Capstone, either:

for your products.
for your training classes.
for your works.