Willi Ballenthin (@williballenthin)
github

williballenthin

Twitter logo Share LinkedIn logo Share Facebook logo Share
  • Stars
    star
    3,197
  • Global Rank 9,156 (Top 0.4 %)
  • Followers 985
  • Following 62
  • Registered almost 15 years ago
  • Most used languages
    Python
         65.7 %
    Rust
         8.6 %
    JavaScript
         8.6 %
    Java
         8.6 %
    Shell
         2.9 %
    Go
         2.9 %
    Emacs Lisp
         2.9 %

Top repositories

1

python-evtx

Pure Python parser for Windows Event Log files (.evtx)
Python
703
star
2

python-idb

Pure Python parser and analyzer for IDA Pro database files (.idb).
Python
452
star
3

python-registry

Pure Python parser for Windows Registry hives.
Python
427
star
4

INDXParse

Tool suite for inspecting NTFS artifacts.
Python
210
star
5

EVTXtract

EVTXtract recovers and reconstructs fragments of EVTX log files from raw binary data, including unallocated space and memory images.
Python
176
star
6

shellbags

Cross-platform, open-source shellbag parser
Python
148
star
7

process-forest

Reconstruct process trees from event logs
Python
144
star
8

idawilli

IDA Pro resources, scripts, and configurations
Python
112
star
9

python-sdb

Pure Python parser for Application Compatibility Shim Databases (.sdb files)
Python
104
star
10

lancelot

intel x86(-64) code analysis library that reconstructs control flow
Rust
94
star
11

python-ntfs

Open source Python library for NTFS analysis
Python
79
star
12

ida-netnode

Humane API for storing and accessing persistent data in IDA Pro databases
Python
74
star
13

govt

Virustotal API for Go
Go
64
star
14

python-dotnet-binaryformat

Pure Python parser for data encoded by .NET's BinaryFormatter
Python
46
star
15

python-evt

Pure Python parser for classic Windows Event Log files (.evt)
Python
46
star
16

go-reversing

Resources for reverse engineering Go binaries
Python
41
star
17

python-vb

analysis of visual basic code
Python
39
star
18

LfLe

Recover event log entries from an image by heurisitically looking for record structures.
Python
26
star
19

viv-utils

Utilities for working with vivisect
Python
20
star
20

ida-settings

Fetch and set configuration values from IDAPython scripts
Python
20
star
21

wevt_template

extract and parse WEVT_TEMPLATEs from PE files
Rust
17
star
22

Autopsy-WindowsRegistryContentViewer

no longer maintained
Java
16
star
23

reversing-clj

messing around writing reversing tools in clojure
JavaScript
14
star
24

Autopsy-WindowsRegistryIngestModule

no longer maintained
Java
13
star
25

siglib

function identification signatures
Python
10
star
26

python-pyqt5-hexview

PyQt5 hex viewer widget.
Python
10
star
27

ucutils

Convenience routines for working with the Unicorn emulator in Python
Python
9
star
28

python-pyqt5-vstructui

PyQt5 vstruct hex viewer widget.
Python
9
star
29

Rejistry

Pure Java parser for Windows Registry hive files.
Java
8
star
30

vivisect-vstruct

standalone copy of vstruct from vivisect
Python
5
star
31

dotfiles

Local configuration files for various Linux tools
Shell
5
star
32

williballenthin.com

Source for my personal website
JavaScript
2
star
33

zydis-wasm

example project with zydis targetting wasm
Rust
2
star
34

cfg-ui

experiments in user interfaces around control flow graphs
JavaScript
2
star
35

highlighter-minor-mode

An Emacs minor mode for log analysis.
Emacs Lisp
1
star