Connect with us

Hi, what are you looking for?


Application Security

Google Open Sources Binary File Comparison Tool BinDiff

Google has released the source code of BinDiff, a binary file comparison tool popular within the security research community, on GitHub.

Google has announced that BinDiff, a popular file comparison tool maintained by the company for more than a decade, is now open source.

Developed by, which was acquired by Google in 2011, BinDiff is a binary file comparison utility that allows users to identify similarities and differences in disassembled code.

Offering support for IDA Pro, Binary Ninja and Ghidra, the tool can be used to compare binary files for multiple architectures, to identify identical or similar functions, discover potential code theft, identify changes between versions, and more.

For security researchers, the tool comes in handy when it comes to the analysis of multiple versions of the same binary, as well as for isolating patches in software updates supplied by vendors.

BinDiff can also be used to transfer analysis results between binaries, to prevent the duplicate analysis of malware and to help share information across teams.

“It can also be used to port symbols and comments between disassemblies of multiple versions of the same binary. This makes tracking changes over time easier and allows organizations to retain analysis results and enables knowledge transfer among binary analysts,” Google’s description of the tool reads.

BinDiff was initially a paid tool, but Google released it for free in 2016. At the time, the internet giant was heavily relying on its core engine for “a large-scale malware processing pipeline helping to protect both internal and external users.”

To further help the security research community relying on BinDiff for malware analysis, Google has now released the tool’s source code on GitHub.

Advertisement. Scroll to continue reading.

BinDiff can be used on Windows, macOS, and Linux, and supports a Java based GUI that needs to be built separately. Researchers and developers can find instructions on how to build the tool’s code on GitHub.

Related: MITRE and CISA Release Open Source Tool for OT Attack Emulation

Related: NCC Group Releases Open Source Tools for Developers, Pentesters

Related: Google Releases Open Source Bazel Plugin for Container Image Security

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.


As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.