riusksk.md

Awesome Stars

A curated list of my GitHub stars! Generated by starred

Contents

• ActionScript

• Assembly

• C

• C#

• C++

• CMake

• CSS

• Diff

• Go

• Groovy

• HTML

• Hack

• Haskell

• Java

• JavaScript

• Lua

• Makefile

• OCaml

• Objective-C

• Objective-C++

• Others

• PHP

• Perl

• PowerShell

• Python

• Ruby

• Scala

• Shell

• Smali

• [Standard ML](#standard ml)

• Swift

• TeX

• TypeScript

• [Vim script](#vim script)

ActionScript

• avmplus - Source code for the Actionscript virtual machine

• avmplus - Source code for the Actionscript virtual machine

• FlashScanner - Flash XSS Scanner

Assembly

• pics - Posters, drawings...

• kindle-5.6.5-jailbreak - Kindle 5.6.5 exploitation tools.

• InDroid - Dalvik vm Instrumentation OS

C

• android_security - Public Android Vulnerability Information (CVE PoCs etc)

• poc-exp - poc or exp of android vulnerability

• vim - The official Vim repository

• vuzzer -

• revanc - Reverse Engineering Page Table Caches in Your Processor

• VIKIROOT - CVE-2016-5195 (Dirty COW) PoC for Android 6.0.1 Marshmallow

• avet - AntiVirus Evasion Tool

• droid_injectso - A shared libraries injection tool.

• EMFFuzzer - Enhanced Meta File Fuzzer based on Peach Fuzzing Framework

• iOS-10.1.1-Project-0-Exploit-For-Jailbreak---F.C.E.-365-Fork- - iOS 10.1.1 Project 0 Exploit Compatible with All arm64 devices for Jailbreak Development

• MacDBG - Simple easy to use C and python debugging framework for OSX

• upx - UPX - the Ultimate Packer for eXecutables

• Trident -

• iknowthis - fuzz testing framework for Linux system calls

• afl-qai - A demo project for AFL with QEMU Augmented Instrumentation (qai)

• rxmemscan - iOS Memory scan tool

• KindleTool - Tool for creating/extracting Kindle updates and more

• henkaku - Homebrew enabler for PS Vita

• TriforceOpenBSDFuzzer - System call fuzzing of OpenBSD amd64 using TriforceAFL (i.e. AFL and QEMU)

• PassiveFuzzFrameworkOSX - This framework is for fuzzing OSX kernel vulnerability based on passive inline hook mechanism in kernel mode.

• Mirai-Source-Code - Leaked Mirai Source Code for Research/IoC Development Purposes

• PrivEsc - A collection of Windows, Linux and MySQL privilege escalation scripts and exploits.

• CVE-2016-5195 - CVE-2016-5195 (dirtycow/dirtyc0w) proof of concept for Android

• inficere - Mac OS X rootkit - for learning purposes

• iovyroot - CVE-2015-1805 root tool

• fuzzer-test-suite - Set of tests for fuzzing engines

• ios-jailbreak-patchfinder - Analyzes a binary iOS kernel to determine function offsets and where to apply the canonical jailbreak patches.

• KNOXout - A PoC of KNOXout (CVE-2016-6584) - bypassing Samsung KNOX protections and root Samsung Galaxy S6 Android Device.

• linux-exploit-development-tutorial - a series tutorial for linux exploit development to newbie.

• pwn-mbr - A simple MBR hijack demonstration

• PegasusX - OS X 10.11.6 LPE PoC for CVE-2016-4655 / CVE-2016-4656

• vtable-dumper - A tool to list content of virtual tables in a shared library

• keylogger-osx - Very simple keylogger for self-quantifying on Mac OS X

• openssl - TLS/SSL and crypto library

• bpf-fuzzer - fuzzing framework based on libfuzzer and clang sanitizer

• linux - Linux kernel source tree

• drmemory - Memory Debugger for Windows, Linux, Mac, and Android

• android_vuln_poc-exp - This project contains pocs and exploits for android vulneribilities

• kasan - KernelAddressSanitizer, a fast memory error detector for the Linux kernel

• android-afl - Fuzzing Android program with american fuzzy lop (AFL)

• OllyHeapTrace - OllyHeapTrace is a plugin for OllyDbg to trace the heap operations being performed by a process.

• afl-fuzz-js - afl-fuzz for javascript

• KindleTool - Tool for creating/extracting Kindle updates and more

• afl-other-arch - AFL, with scripts to support other architectures.

• public-pentesting-reports - Curated list of public penetration test reports released by several consulting firms and academic security groups

• aflfast - AFLFast (extends AFL with Power Schedules)

• KernelFuzzer - Cross Platform Kernel Fuzzer Framework

• dronity - Dronity, the Trinity syscall fuzzer ported to Android

• perf_event_tests - Test suite for the Linux perf_event subsystem

• cb-multios - DARPA Challenges Sets for Linux, Windows, and OS X

• vmmfuzzer - A hypervisor or virtual machine monitor (VMM) fuzzer

• ADBI - Android Dynamic Binary Instrumentation tool for tracing Android native layer

• fsmon - monitor filesystem on iOS / OS X / Android / FirefoxOS / Linux

• research-rootkit - LibZeroEvil & the Research Rootkit project.

• how2heap - A repository for learning various heap exploitation techniques.

• gps-sdr-sim - Software-Defined GPS Signal Simulator

• Malloc-Implementations - A collection of memory allocators

• android_run_root_shell -

• winafl - A fork of AFL for fuzzing Windows binaries

• kernel-exploits - A bunch of proof-of-concept exploits for the Linux kernel

• android-unpacker - Android Unpacker presented at Defcon 22: Android Hacker Protection Level 0

• iokit-dumper-arm64 - tool for statically reconstructing the IOKit classes hierarchy from iOS kernelcache dumps

• TriforceLinuxSyscallFuzzer - A linux system call fuzzer using TriforceAFL

• TriforceAFL - AFL/QEMU fuzzing with full-system emulation.

• kernel_rop -

• ddi - ddi - Dynamic Dalvik Instrumentation Toolkit

• ApkProtect - POC of packing app(only dalvik supported)--Decrypt code on the fly

• afl.rs - Fuzzing Rust code with american-fuzzy-lop

• AndroidKernelExploitationPlayground -

• alameda - Linux kernel JIT spray for SMEP / KERNEXEC bypass

• jit-spray-poc-for-ksp -

• kernel-pwn-challenge - Source code for building an exploitable linux kernel challenge iso.

• afl - american fuzzy lop for network fuzzing (unofficial) -- official afl site is http://lcamtuf.coredump.cx/afl/

• afl-ios - Unofficial American Fuzzy Lop repo

• NDroid - A dynamic information flow tracing system for Android

• Android-Rootkit - A rootkit for Android. Based on "Android platform based linux kernel rootkit" from Phrack Issue 68

• exploit-database - The official Exploit Database repository

• kgdb-android - Patches to the Nexus 6 (Shamu) kernel source to allow KGDB over serial debug cable

• WarOfTheWorlds - QSEE Shellcode to directly hijack the "Normal World" Linux Kernel

• Android_Kernel_CVE_POCs - A list of my CVE's with POCs

• fuzz_zone - Fuzzing utility which enables sending arbitrary SCMs to TrustZone

• mach_race - Exploit code for CVE-2016-1757

• write-ups-2016 - Wiki-like CTF write-ups repository, maintained by the community. 2016

• high-low-frequency-attack-defense-toolkits - High/Low frequency attack and defense tookits

• Unix-PrivEsc - Local UNIX PrivEsc Aggregation

• substitute - A free runtime modification library.

• trinity - Linux system call fuzzer

• honggfuzz - Security oriented fuzzer with powerful analysis options. Supports evolutionary, feedback-driven fuzzing based on code coverage (sw and hw)

C#

• superdump - A service for automated crash-dump analysis

• sandbox-attacksurface-analysis-tools -

C++

• gr-gsm - Gnuradio blocks and tools for receiving GSM transmissions

• DIBF - Windows NT ioctl bruteforcer and modular fuzzer

• xenpwn - Xenpwn is a toolkit for memory access tracing using hardware-assisted virtualization

• kfetch-toolkit - The kfetch-toolkit project is designed to perform advanced logging of memory references performed by operating systems’ kernels and examine the resulting logs in search of specific patterns indicating presence of software bugs, often of security nature. Information about memory references is obtained by running a guest operating system of choice using the latest version of the Bochs IA-32 Emulator Project with a custom instrumentation component.

• kernel-uninitialized-memory-checker - A simple clang static analyzer checker that looks for kernel uninitialized memory disclosures to userland.

• windows_kernel_address_leaks - Examples of leaking Kernel Mode information from User Mode on Windows

• syzygy - Syzygy Transformation Toolchain

• inspectrum - Offline radio signal analyser

• rewolf-gogogadget - kernel exploitation helper class

• Triton - Triton is a Dynamic Binary Analysis (DBA) framework. It provides internal components like a Dynamic Symbolic Execution (DSE) engine, a Taint Engine, AST representations of the x86 and the x86-64 instructions set semantics, SMT simplification passes, an SMT Solver Interface and, the last but not least, Python bindings.

• libfuzzer-workshop - Repository for materials of "Modern fuzzing of C/C++ Projects" workshop.

• vuln_javascript - 模拟一个存在漏洞的JavaScript 运行环境,用来学习浏览器漏洞原理和练习如何编写Shellcode (a JavaScript Execute Envirment which study browser vuln and how to write Shellcode ) ..

• drama - This repository contains examples of DRAMA reverse-engineering and side-channel attacks

• edb-debugger - edb is a cross platform x86/x86-64 debugger.

• drammer - Native binary for testing Android phones for the Rowhammer bug

• lcdf-typetools - Utilities for manipulating OpenType, PostScript Type 1, and Multiple Master fonts.

• rgat - An instruction trace visualisation tool for dynamic program analysis

• AndFix - AndFix is a library that offer hot-fix for Android App.

• Ponce - IDA 2016 plugin contest winner! Symbolic Execution just one-click away!

• avmdbg - a lightweight debugger for android virtual machine.

• androswat - tool to inspect, dump, modify, search and inject libraries into Android processes.

• moflow - Release Branches for MoFlow

• BlackHat2016 - Black Hat 2016 Slides, Paper and Code

• FlashHacker - Flash Instrumentation Tool

• PINdemonium - A pintool in order to unpack malware

• ProbeDroid - A dynamic binary instrumentation kit targeting on Android(Lollipop) 5.0 and above.

• rp - rp++ is a full-cpp written tool that aims to find ROP sequences in PE/Elf/Mach-O x86/x64 binaries. It is open-source and has been tested on several OS: Debian / Windows 8.1 / Mac OSX Lion (10.7.3). Moreover, it is x64 compatible and supports Intel syntax. Standalone executables can also be directly downloaded.

• BinderDemo - Sample code for how to use Android binders from native (C++) space.

• obfusion - Obfusion - C++ X86 Code Obfuscation Library

• mosec2016 - The slides and exploit of mosec2016

• al-khaser - Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.

• DexHunter - General Automatic Unpacking Tool for Android Dex Files

• Bug_POCs - Bug POCs

• afl-dyninst - American Fuzzy Lop + Dyninst == AFL Fuzzing blackbox binaries

• android_root - Got Root!

• kcov - Code coverage tool for compiled programs, Python and Bash which uses debugging information to collect and report data without special compilation options

• PolyHook - x86/x64 C++ Hooking Library

• pdfium - PDFium library without V8 JavaScript engine - compiles under Linux, Mac and Windows

• v8 - The official mirror of the V8 git repository

• HexRaysCodeXplorer - Hex-Rays Decompiler plugin for better code navigation

• hardseed - SEX IS ZERO (0), so, who wanna be the ONE (1), aha?

CMake

• gr-keyfob - Transceiver for Hella wireless car key fobs.

CSS

• chromebackdoor - Chromebackdoor is a pentest tool, this tool use a MITB technique for generate a windows executable ".exe" after launch run a malicious extension or script on most popular browsers, and send all DOM datas on command and control.

• cobra - Cobra - Cobra is a static code analysis system that automates the detecting vulnerabilities and security issue.(白盒代码安全审计系统)

Diff

• kemufuzzer - Automatically exported from code.google.com/p/kemufuzzer

Go

• vuls - Vulnerability scanner for Linux/FreeBSD, agentless, written in Go

• syzkaller - syzkaller is an unsupervised, coverage-guided Linux system call fuzzer

Groovy

• jd-gui - A standalone Java Decompiler GUI

HTML

• mitigation-bounty - Later

• jscript9-typedarray-cfg - Proof-of-Concept exploit for jscript9 bug (MS16-063) with CFG Bypass

• BadKernel - Full exploit of CVE-2016-6754(BadKernel) and slide of SyScan360 2016

• 1000php - 1000个PHP代码审计案例(2016.7以前乌云公开漏洞)

• dirtycow.github.io - Dirty COW

• wooyun_articles - drops.wooyun.org 乌云Drops文章备份

• cve-2016-0189 - Proof-of-Concept exploit for CVE-2016-0189 (VBScript Memory Corruption in IE11)

• Exploits -

• fuzzdata - Fuzzing resources for feeding various fuzzers with input.

• skill-map - StuQ 技能图谱

Hack

• kernel-fuzzing - Fuzzers for the Linux kernel

• fbctf - Platform to host Capture the Flag competitions

Haskell

• QuickFuzz - An experimental grammar fuzzer in Haskell using QuickCheck

Java

• OMXInterface - Android Native code to be able to use hardware/software CODECs directly from Java

• Android-IMSI-Catcher-Detector - AIMSICD ? Fight IMSI-Catcher, StingRay and silent SMS!

• binnavi - BinNavi is a binary analysis IDE that allows to inspect, navigate, edit and annotate control flow graphs and call graphs of disassembled code.

• JMD - Java bytecode analysis/deobfuscation tool

• kcap -

• tinker - Tinker is a hot-fix solution library for Android, it supports dex, library and resources update without reinstall apk.

• J2EEScan - J2EEScan is a plugin for Burp Suite Proxy. The goal of this plugin is to improve the test coverage during web application penetration tests on J2EE applications.

• jmet - Java Message Exploitation Tool

• android-vts - Android Vulnerability Test Suite - In the spirit of open data collection, and with the help of the community, let's take a pulse on the state of Android security. NowSecure presents an on-device app to test for recent device vulnerabilities.

• RootTools - RootTools Library

• bytecode-viewer - A Java 8 Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More)

• bifuz - Broadcast Intent FUZzing Framework for Android

• AndroidChromium - chrome browser of android version from chromium open project

• AppTroy - An Online Analysis System for Packed Android Malware

• smali - smali/baksmali

• JAADAS - Joint Advanced Defect assEsment for android applications

• jss7-attack-simulator - SS7 Attack Simulator based on RestComm's jss7

• ysoserial - A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

• nfcard - NFCard is an Android App. It can read contactless IC card use NFC hadware.

• DexExtractor - android dex extractor ，anti-shell，android 脱壳

• TLS-Attacker - TLS-Attacker is a Java-based framework for analyzing TLS libraries. It is developed by the Ruhr University Bochum (http://nds.rub.de/) and the Hackmanit GmbH (http://hackmanit.de/).

• BurpFlashCSRFBuilder - Generates Flash based CORS CSRF Proof of Concepts that can be sent directly to clients

• Apktool - A tool for reverse engineering Android apk files

• afwall - AFWall+ (Android Firewall +) - iptables based firewall for Android

• Cknife - Cknife

• WeChatLuckyMoney - 💸 WeChat's lucky money helper (微信抢红包插件). An Android app that helps you snatch red packets in WeChat groups.

JavaScript

• Windows-universal-samples - API samples for the Universal Windows Platform.

• gdbgui - A modern, browser-based frontend to gdb (gnu debugger). Add breakpoints, view stack traces, and more in C, C++, Go, and Rust. Simply run gdbgui from the terminal and a new tab will open in your browser.

• ChromeFuzzer - fuzz

• pdf.js - PDF Reader in JavaScript

• PS4-playground - A set of PS4 experiments using the WebKit exploit

• JSVerbalExpressions - JavaScript Regular expressions made easy

• ChakraCore - ChakraCore is the core part of the Chakra Javascript engine that powers Microsoft Edge

• btlejuice - BtleJuice Bluetooth Smart (LE) Man-in-the-Middle framework

• colors-cli - ?_? Terminal string styling done right.

• AlgorithmVisualizer - Algorithm Visualizer

• funfuzz - JavaScript engine & DOM fuzzers

• electronic-wechat - 💬 A better WeChat on macOS and Linux. Built with Electron by Zhongyi Tong.

• CSRF-Request-Builder -

• free-programming-books-zh_CN - 📚 免费的计算机编程类中文书籍，欢迎投稿

• jalangi2 - Dynamic analysis framework for JavaScript

Lua

• morpheus - Morpheus - Automated Ettercap TCP/IP Hijacking Tool

• kindlepdfviewer - (DEPRECATED, please use KOReader instead) A PDF (plus DJVU, ePub, TXT, CHM, FB2, HTML...) viewer made for e-ink framebuffer devices, using muPDF, djvulibre, crengine

Makefile

• drizzleDumper - drizzleDumper是一款基于内存搜索的Android脱壳工具。

• AndroidEagleEye - An Xposed and adbi based module which is capable of hooking both Java and Native methods targeting Android OS.

OCaml

• gueb -

Objective-C

• IPAPatch - Patch iOS Apps, The Easy Way, Without Jailbreak.

• yalu102 - incomplete iOS 10.2 jailbreak for 64 bit devices by qwertyoruiopz and marcograssi

• yalu - incomplete ios 8.4.1 jailbreak by Kim Jong Cracks (8.4.1 codesign & sandbox bypass w/ LPE to root & untether)

• OS-X-10.11.6-Exp-via-PEGASUS - Local privilege escalation for OS X 10.11.6 via PEGASUS

• Clutch - Fast iOS executable dumper

• CaptainHook - Common hooking/monkey patching headers for Objective-C on Mac OS X and iPhone OS. MIT licensed

• ios-class-guard - Simple Objective-C obfuscator for Mach-O executables.

• IOUSBHID-IOHID-Overflow - Integer overflow in IOHIDDevice/IOUSBHIDDevice

• SystemMonitor - iOS application providing you all information about your device - hardware, operating system, processor, memory, GPU, network interface, storage and battery, including OpenGL powered visual representation in real time.

Objective-C++

• InspectiveC - objc_msgSend hook for debugging/inspection purposes.

Others

• Exploit-Writeups - A collection where my current and future writeups for exploits/CTF will go

• blackhat_asia_2017 - black hat Asia 2017 Slides

• BlackHat-Asia-2017 - BlackHat Asia 2017 talk

• Best-App - 收集&推荐优秀的 Apps/硬件/技巧/周边等

• my-mac-os - ? a list of applications, alfred workflows and various tools that make my macOS experience even more amazing

• avpwn - List of real-world threats against endpoint protection software

• RFSec-ToolKit - RFSec-ToolKit is a collection of Radio Frequency Communication Protocol Hacktools.

• awesome-osx-command-line - Use your OS X terminal shell to do awesome things.

• Machine-Learning-for-Cyber-Security - Curated list of tools and resources related to the use of machine learning for cyber security

• iOSAppReverseEngineering - The world’s 1st book of very detailed iOS App reverse engineering skills :)

• awesome-adb - 🍭 ADB Usage Complete / ADB 用法大全

• linux-kernel-exploitation - A bunch of links related to Linux kernel fuzzing and exploitation

• Android-documents.io - 主要存放一些在开发中总结积累的技能和技巧

• Awesome-Hacking - A collection of various awesome lists for hackers, pentesters and security researchers

• GreatiOSJailbreakMaterial - Great iOS Jailbreak Material! - I read hundreds of papers and PPTs. Only list the most useful materials here!

• bug-bounty-reference - Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature

• Androl4b - A Virtual Machine For Assessing Android applications, Reverse Engineering and Malware Analysis

• MacOSX-SDKs - A collection of those pesky SDK folders: MacOSX10.1.5.sdk thru MacOSX10.11.sdk

• openjpeg-data - Test files for the OpenJPEG libraries and utilities

• js-vuln-db - A collection of JavaScript engine CVEs with PoCs

• wooyun-drops-all-articles-package - wooyun drops all article package

• HitCon-2016-Windows-10-x64-edge-0day-and-exploit - HitCon 2016 Windows 10 x64 edge 0day and exploit

• mms - Modern Memory Safety in C/C++

• osx-re-101 - A collection of resources for OSX/iOS reverse engineering.

• linux-re-101 - A collection of resources for linux reverse engineering

• Awesome-Fuzzing - A curated list of fuzzing resources ( Books, courses - free and paid, videos, tools, tutorials and vulnerable applications to practice on ) for learning Fuzzing and initial phases of Exploit Development like root cause analysis.

• vul_war - 《漏洞战争：软件漏洞分析精要》配套资料

• awesome-windows-exploitation - A curated list of awesome Windows Exploitation resources, and shiny things. Inspired by awesom

• linux-insides-zh - Linux 内核揭密

• Android-Security-Reference - A W.I.P Android Security Ref

• idaplugins-list - A list of IDA Plugins

• hosts - 🗽最新可用的google hosts文件。镜像：

• MACOSX-SecurityUpdate - 整理统计MacOSX的安全补丁与修复的漏洞

• su-a-cyder - Su-a-Cyder: Home-Brewed iOS Malware PoC Generator (BlackHat ASIA 2016)

• Java-Deserialization-Cheat-Sheet - The cheat sheet about Java Deserialization vulnerabilities

• afl-cve - A collection of vulnerabilities discovered by the AFL fuzzer (afl-fuzz)

PHP

• Scanners-Box - [Project-Kob-6]The toolbox of open source scanners - 安全行业从业人员自研开源扫描器合集??

• SRCMS - [Project-Kob-1]SRCMS(轻响应)企业应急响应中心开发框架模版??

• baidulixiandown - HIGHER SPEED TO DOWNLOAD BAIDU NET DISK

• My-CTF-Web-Challenges - Collection of CTF Web challenges I made

• fuzzdb - Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.

• SecLists - SecLists is the security tester's companion. It is a collection of multiple types of lists used during security assessments. List types include usernames, passwords, URLs, sensitive data grep strings, fuzzing payloads, and many more.

• MISP - MISP - Malware Information Sharing Platform & Threat Sharing

• webshell - This is a webshell open source project

• SCANNER-INURLBR - Advanced search in search engines, enables analysis provided to exploit GET / POST capturing emails & urls, with an internal custom validation junction for each target / url found.

Perl

• EQGRP - Decrypted content of eqgrp-auction-file.tar.xz

• nikto - Nikto web server scanner

• browsersploit - BrowserExploit is an advanced browser exploit pack for doing internal and external pentesting, helping gaining access to internal computers.

• theos-jailed - A version of Theos/CydiaSubstrate for non-jailbroken iOS devices

• StrutScan - Struts2 Vuls Scanner base perl script

PowerShell

• Empire - Empire is a PowerShell and Python post-exploitation agent.

Python

• Cyber-Defence - Information released publicly by NCC Group's Cyber Defence team

• weevely3 - Weaponized web shell

• tplmap - Code and Server-Side Template Injection Detection and Exploitation Tool

• qspectrumanalyzer - Spectrum analyzer for multiple SDR platforms (PyQtGraph based GUI for soapy_power, hackrf_sweep, rtl_power, rx_power and other backends)

• race-condition-exploit - Tool to help with the exploitation of web application race conditions

• pwntools-write-ups - A colleciton of CTF write-ups all using pwntools

• urh - Universal Radio Hacker: investigate wireless protocols like a boss

• shellnoob - A shellcode writing toolkit

• pulsar - Protocol Learning and Stateful Fuzzing

• AIL-framework - AIL framework - Analysis Information Leak framework

• peda-arm - GDB plugin peda for arm

• lighthouse - Code Coverage Explorer for IDA Pro

• pwntools - CTF framework and exploit development library

• windbglib - Public repository for windbglib, a wrapper around pykd.pyd (for Windbg), used by mona.py

• mona - Corelan Repository for mona.py

• bypass_waf - waf自动爆破(绕过)工具

• autoPwn - Automate repetitive tasks for fuzzing

• HaboMalHunter - HaboMalHunter is a sub-project of Habo Malware Analysis System (https://habo.qq.com), which can be used for automated malware analysis and security assessment on the Linux system.

• HEVD-Python-Solutions - Python solutions for the HackSysTeam Extreme Vulnerable Driver

• xunfeng - 巡风是一款适用于企业内网的漏洞快速应急，巡航扫描系统。

• PyJFuzz - PyJFuzz - Python JSON Fuzzer

• idaemu - idaemu is an IDA Pro Plugin - use for emulating code in IDA Pro.

• gramfuzz - gramfuzz is a grammar-based fuzzer that lets one define complex grammars to generate text and binary data formats.

• WAFNinja - WAFNinja is a tool which contains two functions to attack Web Application Firewalls.

• xsser - From XSS to RCE 2.5 - Black Hat Europe Arsenal 2016

• voltron - A hacky debugger UI for hackers

• KavalAnts - Code coverage calculation/monitoring tool for Corpus Distillation

• Vanapagan - Fuzzing library written in/for python.

• img2pdf - losslessly convert images to pdf

• AutoLocalPrivilegeEscalation - An automated script that download potential exploit for linux kernel from exploitdb, and compile them automatically

• macOS-Security-and-Privacy-Guide - A practical guide to securing macOS.

• DriverBuddy - DriverBuddy is an IDA Python script to assist with the reverse engineering of Windows kernel drivers.

• HexRaysPyTools - Ida Pro plugin

• win_driver_plugin - A tool to help when dealing with Windows IOCTL codes or reversing Windows drivers.

• wydomain - to discover subdomains of your target domain

• BLE-Replay - BLE-Replay is a Bluetooth Low Energy (BLE) peripheral assessment tool

• Pwngdb - gdb for pwn

• DrK - The DrK Attack - Proof of concept

• exploit_generator - Automated Exploit generation with WinDBG

• fuzzinator - Fuzzinator Random Testing Framework

• TUnpacker - TUnpacker是一款Android脱壳工具

• spade - APK backdoor embedder

• afl-crash-analyzer - Another crash analyzer tool for the American Fuzzy Lop (AFL) fuzzer

• neural-fuzzer -

• pwndbg - Exploit Development and Reverse Engineering with GDB Made Easy

• wifuzz - Automatically exported from code.google.com/p/wifuzz

• wifuzzit - a 802.11 wireless fuzzer

• VolatilityBot - VolatilityBot ? An automated memory analyzer for malware samples and memory dumps

• certfuzz - This project contains the source code for the CERT Basic Fuzzing Framework (BFF) and the CERT Failure Observation Engine (FOE).

• awesome-vehicle-security - ?? A curated list of resources for learning about vehicle security and car hacking

• WiFi-Pumpkin - Framework for Rogue Wi-Fi Access Point Attack

• VMAttack - VMAttack PlugIn for IDA Pro

• wafbypasser -

• morph - an open source browser fuzzing framework for fun.

• Matroschka - Python steganography tool to hide images or text in images

• peepdf - Powerful Python tool to analyze PDF documents

• Fox-scan - Fox-scan is a initiative and passive SQL Injection vulnerable Test tools.

• BrundleFuzz - BrundleFuzz is a distributed fuzzer for Windows and Linux using dynamic binary instrumentation.

• clang-kernel-build - Steps to build the Linux kernel using Clang

• Hodor - Hodor! Fuzzer..

• strongdb - gdb plugin for android debugging

• fuzzer - A Python interface to AFL, allowing for easy injection of testcases and other functionality.

• cuckoo-droid - CuckooDroid - Automated Android Malware Analysis with Cuckoo Sandbox.

• metame - metame is a metamorphic code engine for arbitrary executables

• SSTIF - 一个Fuzzing服务器端模板注入漏洞的半自动化工具

• flare-fakenet-ng - FakeNet-NG - Next Generation Dynamic Network Analysis Tool

• afl-utils - Utilities for automated crash sample processing/analysis, easy afl-fuzz job management and corpus optimization

• dtf - Android Device Testing Framework ("dtf")

• APKiD - Android Application Identifier for Packers, Protectors, Obfuscators and Oddities

• peda - PEDA - Python Exploit Development Assistance for GDB

• oletools - oletools - python tools to analyze MS OLE2 files (Structured Storage, Compound File Binary Format) and MS Office documents, for malware analysis, forensics and debugging.

• Zulu - The Zulu fuzzer

• MacHeap - OS X malloc introspection tool

• websploit - websploit is an advanced MITM framework

• Routerhunter-2.0 - Testing vulnerabilities in devices and routers connected to the Internet.

• LL-Fuzzer - An automated NFC fuzzing framework for Android devices.

• fonttools - A library to manipulate font files from Python.

• cemu - Cheap EMUlator: Simply load, write & execute assembly code for various architectures.

• shellsploit-framework - New Generation Exploit Development Kit

• BugId - Python script that uses the cBugId module to detect, analyze and id application bugs

• ctf - Exploits for interesting CTF challenges I have worked on

• droid-ff - Android File Fuzzing Framework

• angr - The next-generation binary analysis platform from UC Santa Barbara's Seclab!

• ROPMEMU - ROPMEMU is a framework to analyze, dissect and decompile complex code-reuse attacks.

• arpwn - Analysis tools and exploit sample scripts for Adobe Reader 10/11 and Acrobat Reader DC

• the-backdoor-factory - Patch PE, ELF, Mach-O binaries with shellcode

• gef - Multi-Architecture GDB Enhanced Features for Exploiters & Reverse-Engineers

• droidimg - android vmlinux loader

• jniostorlab - JNI method enumeration in ELF files

• barf-project - BARF : A multiplatform open source Binary Analysis and Reverse engineering Framework

• interpy-zh - ??《Python进阶》（Intermediate Python 中文版）

• sqlmap - Automatic SQL injection and database takeover tool

• EmPyre - A post-exploitation OS X/Linux agent written in Python 2.7

• kitty - Fuzzing framework written in python

• kirlangic-ttf-fuzzer - TrueType Font Fuzzer

• plasma - Plasma is an interactive disassembler for x86/ARM/MIPS. It can generates indented pseudo-code with colored syntax.

• shadow - jemalloc heap exploitation framework

• MSM8974_exploit - Full TrustZone exploit for MSM8974

• exploits -

• ios-hooker - Python script to parse Objective-C header files from iOS applications and generate function hooks.

• smali_emulator - This software will emulate a smali source file generated by apktool.

• python-imobiledevice_demo - libimobiledevice demo for Python

• lisa.py - -An Exploit Dev Swiss Army Knife.

• exploitable - The 'exploitable' GDB plugin. I don't work at CERT anymore, but here is the original homepage: http://www.cert.org/vuls/discovery/triage.html

• Metaphor - Metaphor - Stagefright with ASLR bypass

• drozer - The Leading Security Assessment Framework for Android.

Ruby

• interpreter-bugs - Fuzzing results for various interpreters.

• whitewidow - SQL Vulnerability Scanner

• wordpress-exploit-framework - A Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems.

• phishlulz -

• PokemonHook -

• XXEinjector - Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods.

• wpscan - WPScan is a black box WordPress vulnerability scanner.

• fastlane - ?? The easiest way to automate building and releasing your iOS and Android apps

Scala

• AppCrawler - 基于appium的app自动遍历工具

Shell

• docker-aosp - ?? Minimal Android AOSP build environment with handy automation wrapper scripts

• docker-aosp - ?? Minimal Android AOSP build environment with handy automation wrapper scripts

• fuzzers_based_on_afl - specific fuzzers based on AFL and fuzzing results

• oss-fuzz - OSS-Fuzz - continuous fuzzing of open source software

• ctf-tools - Some setup scripts for security research tools.

• OSX-KVM - Running Mac OS X El Capitan and macOS Sierra on QEMU/KVM

• iOSRE - iOS Reverse Engineering

• oh-my-zsh - A delightful community-driven (with 1,000+ contributors) framework for managing your zsh configuration. Includes 200+ optional plugins (rails, git, OSX, hub, capistrano, brew, ant, php, python, etc), over 140 themes to spice up your morning, and an auto-update tool so that makes it easy to keep up with the latest updates from the community.

• backdoor-apk - backdoor-apk is a shell script that simplifies the process of adding a backdoor to any Android APK file. Users of this shell script should have working knowledge of Linux, Bash, Metasploit, Apktool, the Android SDK, smali, etc. This shell script is provided as-is without warranty of any kind and is intended for educational purposes only.

Smali

• simplify - Generic Android Deobfuscator

Standard ML

• EQGRP-AUCTION -

Swift

• iOSAppHook - 专注于非越狱环境下iOS应用逆向研究，从dylib注入，应用重签名到App Hook

TeX

• rupture - A framework for BREACH and other compression-based crypto attacks

TypeScript

• vscode - Visual Studio Code

Vim script

• dockerRML - Docker images set up with tools for radio & machine learning tasks

License

To the extent possible under law, riusksk has waived all copyright and related or neighboring rights to this work.