A curated list of my GitHub stars! Generated by starred
-
pics - Posters, drawings...
-
PwnAdventureZ - NES zombie survival game made to be hacked
-
sinkhole - The memory sinkhole
-
kaslr-bypass-via-prefetch - A proof-of-concept KASLR bypass for the Linux kernel via timing prefetch (dilettante implementation, better read the original paper: https://gruss.cc/files/prefetch.pdf)
-
minipro - An open source program for controlling the MiniPRO TL866xx series of chip programmers
-
r2k - kernel module for radare2
-
wcc - The Witchcraft Compiler Collection
-
cb-multios - DARPA Challenges Sets for Linux, Windows, and OS X
-
vmmfuzzer - A hypervisor or virtual machine monitor (VMM) fuzzer
-
TriforceLinuxSyscallFuzzer - A linux system call fuzzer using TriforceAFL
-
perf_event_tests - Test suite for the Linux perf_event subsystem
-
honggfuzz - Security oriented fuzzer with powerful analysis options. Supports evolutionary, feedback-driven fuzzing based on code coverage (sw and hw)
-
simple-pt - Simple Intel CPU processor tracing on Linux
-
UEFITool - UEFI firmware image viewer and editor
-
evic-sdk - An open source SDK for the Joyetech eVic VTC Mini.
-
CansecWest2016_Getting_Physical_Extreme_Abuse_of_Intel_Based_Paging_Systems - CansecWest2016 - Getting Physical: Extreme Abuse of Intel Based Paging Systems
-
SimpleVisor - SimpleVisor is a simple, portable, Intel VT-x hypervisor with two specific goals: using the least amount of assembly code (10 lines), and having the smallest amount of VMX-related code to support dynamic hyperjacking and unhyperjacking (that is, virtualizing the host state from within the host). It works on Windows and UEFI.
-
how2heap - A repository for learning various heap exploitation techniques.
-
ret-sync - ret-sync is a set of plugins that helps to synchronize a debugging session (WinDbg/GDB/LLDB/OllyDbg2/x64dbg) with IDA disassembler.
-
ropc - A Turing complete ROP compiler
-
ropc-llvm - ropc-llvm is a PoC of a Turing complete ROP compiler with support for a subset of LLVM IR. It is an extension of ropc.
-
jscomp - Ahead of time JavaScript compiler
-
ktsan - KernelThreadSanitizer, a fast data race detector for the Linux kernel
-
libplayground - A simple framework for developing Linux kernel heap exploit techniques
-
panda - Platform for Architecture-Neutral Dynamic Analysis
-
8cc - A Small C Compiler
-
MBE - Course materials for Modern Binary Exploitation by RPISEC
-
picoc - A very small C interpreter
-
preeny - Some helpful preload libraries for pwning stuff.
-
int-overflow - Detecting integer overflow in C and C++
-
neftis - Neftis is a microkernel designed to be easily extended and compiled in various platforms
-
JamesM - me going through JamesM's kernel development tutorials
-
afl-fuzz - Non-official repository for lcamtuf's American Fuzzy Lop http://lcamtuf.coredump.cx/afl/
-
skpd - Process dump to executable ELF for linux
-
armette - ARMette is a small ARM7 emulation library intended to ease ARM reverse engineering.
-
mdp - A command-line based markdown presentation tool.
-
dnSpy - .NET assembly editor, decompiler, and debugger
-
consoleXstream - VS2013 c# application
-
Fido -
-
grr - High-throughput fuzzer and emulator of DECREE binaries
-
DomTreSat - Dominator Tree LLVM Pass to Test Satisfiability
-
HexRaysCodeXplorer - Hex-Rays Decompiler plugin for better code navigation
-
AndFix - AndFix is a library that offer hot-fix for Android App.
-
inspectrum - Offline radio signal analyser
-
fcd - An optimizing decompiler
-
mcsema - x86 to LLVM bitcode translation framework
-
USB_Host_Shield_2.0 - Revision 2.0 of USB Host Library for Arduino.
-
runtime - Lightweight JavaScript library operating system for the cloud
-
smartdec - SmartDec decompiler
-
gr-gsm - Gnuradio blocks and tools for receiving GSM transmissions
-
cryptoshark - Self-optimizing cross-platform code tracer based on dynamic recompilation
- write-ups-2015 - Wiki-like CTF write-ups repository, maintained by the community. 2015
- syzkaller - syzkaller is an unsupervised, coverage-guided Linux system call fuzzer
- misc - Little bit of this, little bit of that
- kernel-fuzzing - Fuzzers for the Linux kernel
- IdaHaskell - Allows to execute haskell code in Ida Pro.
-
Raccoon - Google Play desktop client
-
android-vts - Android Vulnerability Test Suite - In the spirit of open data collection, and with the help of the community, let's take a pulse on the state of Android security. NowSecure presents an on-device app to test for recent device vulnerabilities.
-
joern - A robust parser for C/C++ storing abstract syntax trees, control flow graphs and program dependence graphs in a neo4j graph database.
-
bytecode-viewer - A Java 8 Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More)
-
gdbgui - A modern, browser-based frontend to gdb (gnu debugger). Add breakpoints, view stack traces, and more in C, C++, Go, and Rust. Simply run gdbgui from the terminal and a new tab will open in your browser.
-
DOMPurify - DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:
-
Surku - Surku is a general-purpose mutation-based fuzzer.
-
sniffly - Sniffing browser history using HSTS
-
MarkdownPresenter - Update: Follow link to recommended fork. For when you're giving a presentation in half an hour, and you haven't got the time to open up keynote...
-
CTFPad - A web UI and server for task based competitions employing Etherpad Lite.
-
node-google-play - Get details and download apps from https://play.google.com by emulating an Android (Nexus 5X) device by default.
-
dragula - 👌 Drag and drop so simple it hurts
-
DOManalyzer - Analizando el DOM "like a sir"
-
Kaku - Kaku is an highly integrated music player supports different online platform like YouTube, SoundCloud, Vimeo and more. Available on Mac, Windows and Linux.
-
reveal.js - The HTML Presentation Framework
-
smartos-live - For more information, please see http://smartos.org/ For any questions that aren't answered there, please join the SmartOS discussion list: http://smartos.org/smartos-mailing-list/
-
blessed-contrib - Build terminal dashboards using ascii/ansi art and javascript
-
levelup - LevelDB - Node.js style
-
bluebox-ng - Pentesting framework using Node.js powers, focused in VoIP.
- FLIRTDB - A community driven collection of IDA FLIRT signature files
-
tis-interpreter - An interpreter for finding subtle bugs in programs written in standard C
-
symfuzz -
-
Awesome-Fuzzing - A curated list of fuzzing resources ( Books, courses - free and paid, videos, tools, tutorials and vulnerable applications to practice on ) for learning Fuzzing and initial phases of Exploit Development like root cause analysis.
-
ssh-badkeys - A collection of static SSH keys (public and private) that have made their way into software and hardware products.
-
idaplugins-list - A list of IDA Plugins
-
EU-CFP - Call for participation for NodeConf.eu 2015
-
OMSTD - Open Methodology for Security Tool Developers
-
cheatsheets - random brain dumps
- rips - RIPS - A static source code analyser for vulnerabilities in PHP scripts
- nodeasm - By the power of node
-
lighthouse - Code Coverage Explorer for IDA Pro
-
knockknock - A simple, secure, and stealthy port knocking implementation that does not use libpcap or bind to a socket interface.
-
DrK - The DrK Attack - Proof of concept
-
libheap - python library to examine ptmalloc (the glibc userland heap implementation)
-
angrop -
-
FunKeyCIA - Python tool for downloading content from CDN, uses only a title id and title key, or keyfile, to make a good cia.
-
Ropper - You can use ropper to display information about files in different file formats and you can find gadgets to build rop chains for different architectures (x86/x86_64, ARM/ARM64, MIPS, PowerPC). For disassembly ropper uses the awesome Capstone Framework.
-
rop_compiler - An open source, multi-architecture ROP compiler written in python
-
exploitable - The 'exploitable' GDB plugin. I don't work at CERT anymore, but here is the original homepage: http://www.cert.org/vuls/discovery/triage.html
-
pintool -
-
IDAtropy - IDAtropy is a plugin for Hex-Ray's IDA Pro designed to generate charts of entropy and histograms using the power of idapython and matplotlib.
-
kstructhunter - Routines for hunting down kernel structs.
-
afl-utils - Utilities for automated crash sample processing/analysis, easy afl-fuzz job management and corpus optimization
-
deprecated-binaryninja-python - Deprecated Binary Ninja prototype written in Python
-
gdb-dashboard - Modular visual interface for GDB in Python
-
DIE - Dynamic IDA Enrichment
-
xortool - A tool to analyze multi-byte xor cipher
-
pwntools - CTF framework and exploit development library
-
diaphora - Diaphora, a Free and Open Source program diffing tool
-
chipsec - Platform Security Assessment Framework
-
pwndbg - Exploit Development and Reverse Engineering with GDB Made Easy
-
miasm - Reverse engineering framework in Python
-
stuff - Misc tools for reversing, exploit and pentest
-
plasma - Plasma is an interactive disassembler for x86/ARM/MIPS. It can generates indented pseudo-code with colored syntax.
-
sonare - A Qt-based disassembly viewer based on radare2
-
nightmare - A distributed fuzzing testing suite with web administration
-
commit-watcher - Find interesting and potentially hazardous commits in git projects
-
BooJS - Unix swiss army knife for headless browser javascript
- neon - A safe Rust abstraction layer for native Node.js modules.
-
crosstool-ng - A versatile (cross-)toolchain generator.
-
algo - Set up a personal IPSEC VPN in the cloud
-
z2d - Zero 2 Docker with Ubuntu Core, Debian or CentOS
-
service-daemons - 👹 This repository contains a lot of proper working start/stop-scripts or daemons for a variety of linux systems or even operating systems.
-
afl-trivia - Short, unrelated helper scripts for users of AFL (the fuzzer)
- bcomp - 8-bit computer
To the extent possible under law, jpenalbae has waived all copyright and related or neighboring rights to this work.