r2kit is a set of scripts to help with a workflow for malware code analysis using radare.
+ sessionstarter.py – Run from inside an r2 session to auto rename imports, thunks, wrapper functions, and library functions.
+ funclist.py – Run from inside an r2 session or externally against a binary to list certain function types.
+ functoyara.py – Run from inside an r2 session to create a YARA signature for the bytes of the current function.
+ Python 2.7.x and r2pipe Python library.
+ radare2 https://github.com/radare/radare2
Use and download:
besure radare2 has been install.
git clone https://github.com/cmatthewbrooks/r2kit && cd r2kit
pip install r2pipe
To start a session against a file: