I would LOVE to see some form of PANDA integration with a tool like this. https://github.com/moyix/panda Having this kind of analysis on a PANDA replay / snapshot would be great.

The combination of the two would be a perfect reverse engineering toolbox. This is great on its own and to use side by side though.

The Inguma penetrate and testing framework also is using bokken. The FAQ is here: https://inguma.eu/projects/inguma/wiki/FAQ

Anybody knows if there is support for LLVM IR code as well? What would be good alternatives here?

Dagger, Fracture, and MCSema are three projects that directly try to decompile to LLVM IR. The Binary Analysis Platform can also export to LLVM IR.

This reminds me a lot of IDA's interface on Windows. Wish it was easier to install.

All it took for me was a `yaourt bokken`. I love Arch.

Is it only for static code analysis, or can you link it with a debugger/vm like you can IDA Pro with qemu?

It uses radare2 behind the scenes, so I think you can do it but it might not be as pretty as you expect.

Pretty cool, I wonder how the features compare to IDA pro. The graph view from the screenshots looks nice.

That's rich. GTK+ doesn't pretend to be seriously cross-platform. Qt does but looks horrible on anything but KDE. It tries to mimic native UI but enters the uncanny valley and is immediately noticeable as a fake. Particularly horrid on OS X.

Don't lecture us on a technical choice you don't understand.

This is fantastic!

I was really looking forward to trying this, until I read that the homebrew installation is broken and the manual installation requires installing a handful of dependencies.

It shouldn't take too long for me to whip up a homebrew formula for this. Do you want one?

if you're willing to do it I'd love that! I should probably familiarize myself with creating formulas at some point, though.

Bokken is great but I only really use it on REMnux because it's difficult to install due to dependencies and relation to other products there.