Skip to content
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions .github/CODEOWNERS
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
# Default owner for everything in the repo.
* @IndAlok
49 changes: 49 additions & 0 deletions .github/ISSUE_TEMPLATE/bug_report.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
name: Bug report
description: Report a problem with RzWeb
labels: [bug]
body:
- type: markdown
attributes:
value: |
Thanks for taking the time to report a bug. Please fill in as much detail as you can.
- type: textarea
id: what-happened
attributes:
label: What happened?
description: A clear description of the bug and what you expected instead.
placeholder: When I open a binary and switch to the Graph view, ...
validations:
required: true
- type: textarea
id: repro
attributes:
label: Steps to reproduce
description: Minimal steps so we can see it too.
placeholder: |
1. Open a binary (file type / arch if relevant)
2. Go to '...'
3. See error
validations:
required: true
- type: input
id: binary
attributes:
label: Binary format / architecture
description: e.g. ELF x86-64, PE arm64, Mach-O. Omit if not file-specific.
validations:
required: false
- type: input
id: environment
attributes:
label: Browser & OS
description: e.g. Chrome 140 on Windows 11, Firefox 142 on macOS 15.
validations:
required: true
- type: textarea
id: console
attributes:
label: Console output
description: Any errors from the browser devtools console (will be rendered as code).
render: shell
validations:
required: false
8 changes: 8 additions & 0 deletions .github/ISSUE_TEMPLATE/config.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
blank_issues_enabled: false
contact_links:
- name: Community chat (Telegram)
url: https://telegram.dog/rizinweb
about: Questions, ideas, and general discussion.
- name: rzwasi (WebAssembly build)
url: https://github.com/IndAlok/rzwasi/issues
about: Issues with the Rizin to WASM build, missing commands, or the session API.
25 changes: 25 additions & 0 deletions .github/ISSUE_TEMPLATE/feature_request.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
name: Feature request
description: Suggest an idea or improvement for RzWeb
labels: [enhancement]
body:
- type: textarea
id: problem
attributes:
label: Problem / motivation
description: What are you trying to do that RzWeb makes hard or impossible today?
validations:
required: true
- type: textarea
id: proposal
attributes:
label: Proposed solution
description: What would you like RzWeb to do?
validations:
required: true
- type: textarea
id: alternatives
attributes:
label: Alternatives considered
description: Other approaches, or how other tools (e.g. Cutter, Binary Ninja) handle this.
validations:
required: false
29 changes: 29 additions & 0 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
version: 2
updates:

- package-ecosystem: npm
directory: /
schedule:
interval: weekly
open-pull-requests-limit: 10
groups:

minor-and-patch:
applies-to: version-updates
update-types:
- minor
- patch
security:
applies-to: security-updates
patterns:
- '*'
labels:
- dependencies

- package-ecosystem: github-actions
directory: /
schedule:
interval: weekly
labels:
- dependencies
- ci
29 changes: 29 additions & 0 deletions .github/pull_request_template.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
<!-- Thanks for contributing to RzWeb! Please fill out the sections below. -->

## Summary

<!-- What does this PR do, and why? -->

## Related issues

<!-- e.g. Closes #123 -->

## Type of change

- [ ] Bug fix
- [ ] New feature
- [ ] Refactor / cleanup
- [ ] Documentation
- [ ] CI / tooling

## Checklist

- [ ] `npm run lint` passes (0 warnings)
- [ ] `npm run typecheck` passes
- [ ] `npm run build` succeeds
- [ ] I manually verified the change in the running app where applicable
- [ ] No new dead code, leaked listeners/observers, or `any` types introduced

## Screenshots / notes

<!-- For UI changes, attach before/after screenshots. -->
53 changes: 53 additions & 0 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
name: CI

on:
push:
branches: [main]
pull_request:

concurrency:
group: ci-${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true

permissions:
contents: read

jobs:
quality:
name: Lint, typecheck & build (Node ${{ matrix.node }})
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
node: ['20', '22']
steps:
- name: Checkout
uses: actions/checkout@v7

- name: Setup Node ${{ matrix.node }}
uses: actions/setup-node@v6
with:
node-version: ${{ matrix.node }}
cache: npm

- name: Install dependencies
run: npm ci

- name: Lint
run: npm run lint

- name: Typecheck
run: npm run typecheck

- name: Build
run: npm run build
env:
VITE_RIZIN_VERSION: ci

- name: Upload build output
if: matrix.node == '22'
uses: actions/upload-artifact@v7
with:
name: dist
path: dist/
retention-days: 7
44 changes: 44 additions & 0 deletions .github/workflows/codeql.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
name: CodeQL

on:
push:
branches: [main]
pull_request:
branches: [main]
schedule:
# Weekly, Monday 06:00 UTC, catches newly published advisories.
- cron: '0 6 * * 1'

concurrency:
group: codeql-${{ github.ref }}
cancel-in-progress: true

jobs:
analyze:
name: Analyze (${{ matrix.language }})
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
strategy:
fail-fast: false
matrix:
language: ['javascript-typescript']
steps:
- name: Checkout
uses: actions/checkout@v7

- name: Initialize CodeQL
uses: github/codeql-action/init@v4
with:
language: ${{ matrix.language }}
queries: security-and-quality

- name: Autobuild
uses: github/codeql-action/autobuild@v4

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v4
with:
category: '/language:${{ matrix.language }}'
2 changes: 2 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -3,3 +3,5 @@ dist/
*.local
*.wasm
.vercel
public/rizin.js
public/coi-serviceworker.min.js
32 changes: 32 additions & 0 deletions CODE_OF_CONDUCT.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
# Code of Conduct

## Our pledge

We as members, contributors, and maintainers pledge to make participation in the
RzWeb community a harassment-free experience for everyone, regardless of age,
body size, disability, ethnicity, gender identity and expression, level of
experience, nationality, personal appearance, race, religion, or sexual identity
and orientation.

## Our standards

Examples of behavior that contributes to a positive environment:

- Being respectful of differing viewpoints and experiences
- Giving and gracefully accepting constructive feedback
- Focusing on what is best for the community and the project

Unacceptable behavior includes:

- Harassment, insults, or derogatory comments
- Publishing others' private information without permission
- Other conduct which could reasonably be considered inappropriate

## Enforcement

Instances of abusive or unacceptable behavior may be reported to the maintainers
via the [Telegram community](https://telegram.dog/rizinweb) or GitHub. All
complaints will be reviewed and investigated promptly and fairly.

This Code of Conduct is adapted from the [Contributor Covenant](https://www.contributor-covenant.org),
version 2.1.
74 changes: 74 additions & 0 deletions CONTRIBUTING.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,74 @@
# Contributing to RzWeb

Thanks for your interest in improving RzWeb! This guide covers everything you
need to get a change merged.

## Quick links

- Community chat: [Telegram](https://telegram.dog/rizinweb)
- Bugs and ideas: [open an issue](https://github.com/IndAlok/rzweb/issues/new/choose)
- WebAssembly build: [rzwasi](https://github.com/IndAlok/rzwasi)

## Project layout

RzWeb is the React/TypeScript frontend. The Rizin reverse-engineering core is
compiled to WebAssembly in the companion [rzwasi](https://github.com/IndAlok/rzwasi)
repo and loaded at runtime from a CDN — there is no native code in this repo.

```
src/
components/ UI + per-analysis views (disassembly, graph, hex, …)
lib/rizin/ Worker, RPC protocol, session logic, project bundles
stores/ Zustand stores (file, ui, settings, session, rizin)
pages/ Home + Analysis routes
```

The Rizin WASM module runs in a Web Worker (`src/lib/rizin/rizin.worker.ts`);
the main thread talks to it through a typed RPC facade so the UI never blocks.

## Prerequisites

- **Node ≥ 20.19** (the repo pins **22.12** via `.nvmrc` / `.node-version`).
If you use `nvm`/`fnm`/`asdf`, run `nvm use` (or equivalent) to match.

## Getting started

```bash
git clone https://github.com/IndAlok/rzweb
cd rzweb
npm install
npm run dev # http://localhost:3000
```

## Before you open a PR

All three must pass — CI enforces them and the bar is **zero warnings**:

```bash
npm run lint # eslint, 0 warnings
npm run typecheck # tsc --noEmit
npm run build # tsc -b && vite build
```

Please also:

- **Manually verify** UI changes in the running app (`npm run dev`).
- Keep diffs focused; avoid unrelated churn.
- No dead code, no leaked listeners/observers/object URLs, no `any`.
- Match the surrounding code style (naming, comment density, idioms).

## Commit & PR conventions

- Write clear, imperative commit subjects (e.g. `Fix hex view scroll sync`).
- Reference issues you close (`Closes #123`).
- Fill out the PR template checklist.

## Reporting security issues

Please do **not** file public issues for vulnerabilities — see
[SECURITY.md](SECURITY.md).

## License

By contributing, you agree your contributions are licensed under the same
license as this repository (see [LICENSE](LICENSE)).
4 changes: 4 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -60,8 +60,12 @@ RzWeb is a browser-based reverse engineering interface powered by Rizin compiled

## Highlights

- Multi-session tabs: open several binaries at once, each in its own Web Worker, and switch between them with per-tab view state preserved.
- Persistent Rizin sessions through the paired `rzwasi` build, so analysis state, seeks, and follow-up commands stay live inside the same binary session.
- Rizin runs in a Web Worker, keeping the UI responsive during analysis, multi-MB JSON parsing, and persistence.
- Edit the binary in the browser like: patch bytes from the Hex view or terminal write commands and save the modified file at any time.
- Scripts panel with a CodeMirror editor (syntax highlighting, command-catalog autocomplete) that runs rizin cmd scripts and JS with a synchronous `rz` API, scripts can be uploaded, saved, and downloaded.
- Multiple themes with a picker, the terminal and control-flow graph track the active theme.
- Full terminal access with live command autocomplete, `Tab` completion, arrow-key selection, in-terminal find, and configurable minimum characters and max results returned.
- Dedicated views for disassembly, decompilation, cross-references, control-flow graphs, hex, strings, imports, exports, sections, and binary information.
- Built-in decompiler view (auto-detects the build's decompiler command, e.g. `pdg`/`pdc`) with C-style syntax highlighting and one-click copy.
Expand Down
Loading
Loading