- 收集的所有开源工具: sec-tool-list: 超过18K, 包括Markdown和Json两种格式
- 全平台逆向资源: awesome-reverse-engineering:
- Windows平台安全: PE/DLL/DLL-Injection/Dll-Hijack/Dll-Load/UAC-Bypass/Sysmon/AppLocker/ETW/WSL/.NET/Process-Injection/Code-Injection/DEP/Kernel/...
- Linux安全: ELF/...
- macOS/iXxx安全: Mach-O/越狱/LLDB/XCode/...
- Android安全: HotFix/XPosed/Pack/Unpack/Emulator/Obfuscate
- 知名工具: IDA/Ghidra/x64dbg/OllDbg/WinDBG/CuckooSandbox/Radare2/BinaryNinja/DynamoRIO/IntelPin/Frida/QEMU/...
- 网络相关的安全资源: awesome-network-stuff:
- 网络通信: 代理/SS/V2ray/GFW/反向代理/隧道/VPN/Tor/I2P/...
- 网络攻击: 中间人/PortKnocking/...
- 网络分析: 嗅探/协议分析/网络可视化/网络分析/网络诊断等
- 攻击性网络安全资源: awesome-cyber-security: 漏洞/渗透/物联网安全/数据渗透/Metasploit/BurpSuite/KaliLinux/C&C/OWASP/免杀/CobaltStrike/侦查/OSINT/社工/密码/凭证/威胁狩猎/Payload/WifiHacking/无线攻击/后渗透/提权/UAC绕过/...
- 开源远控和恶意远控分析报告: awesome-rat: 开源远控工具: Windows/Linux/macOS/Android; 远控类恶意恶意代码的分析报告等
- Webshell工具和分析/使用文章: awesome-webshell: Webshell资源收集, 包括150个Github项目, 200个左右文章
- 取证相关工具和文章: awesome-forensics: 近300个取开源证工具,近600与取证相关文章
- 跟逆向有关的资源收集。当前包括的工具个数3500+,并根据功能进行了粗糙的分类。部分工具添加了中文描述。当前包括文章数2300+。
- 此页只包含部分内容. 查看完整版
- Windows
- Linux
- Apple&&iOS&&iXxx
- Android
- IDA
- 插件&&脚本
- (97) 未分类
- 结构体&&类的检测&&创建&&恢复
- (3) 收集
- (9) 外观&&主题
- (4) 固件&&嵌入式设备
- 签名(FLIRT等)&&比较(Diff)&&匹配
- (6) IDB操作
- (5) 协作逆向&&多人操作相同IDB文件
- (9) 与调试器同步&&通信&&交互
- 导入导出&与其他工具交互
- 针对特定分析目标
- IDAPython本身
- (6) 指令参考&文档
- 辅助脚本编写
- (16) 古老的
- 调试&&动态运行&动态数据
- (14) 反编译器&&AST
- (7) 反混淆
- 效率&&导航&&快速访问&&图形&&图像&&可视化
- (7) Android
- Apple&&macOS&&iXxx&&Objective-C&&SWift&&Mach-O
- (9) ELF
- (5) Microcode
- (6) 模拟器集成
- (4) 新添加的
- (4) 作为辅助&&构成其他的一环
- 漏洞
- (7) 补丁&&Patch
- (3) 其他
- 函数相关
- (3) 污点分析&&符号执行
- (8) 字符串
- (3) 加密解密
- 文章
- 插件&&脚本
- Ghidra
- x64dbg
- OllyDbg
- WinDBG
- Radare2
- Cuckoo
- BinaryNinja
- DBI
- 其他
- TODO
- 对工具进行更细致的分类
- 为工具添加详细的中文描述,包括其内部实现原理和使用方式
- 添加非Github repo
- 补充文章
- 修改已添加文章的描述
- 以Github开源工具为主
- [111星][1m] firmianay/security-paper (与本人兴趣强相关的)各种安全or计算机资料收集
- [4星][1y] [Py] bitshifter123/arpwn Analysis tools and exploit sample scripts for Adobe Reader 10/11 and Acrobat Reader DC
- [4星][25d] [Py] socraticbliss/ps4_ioctl_nabber_script PS4 IOCTL Nabber / IDA 7.0-7.2
- [2星][10m] enusbaum/mbbsdasm.ida MBBSDASM Hex-Rays IDA IDS/IDT Files for MajorBBS/Worldgroup Modules
- [1058星][17d] [Py] fireeye/flare-ida 多工具
- StackStrings 自动恢复手动构造的字符串
- Struct Typer implements the struct typing described here
- ApplyCalleeType specify or choose a function type for indirect calls as described here
- argtracker 识别函数使用的静态参数
- idb2pat FLIRT签名生成
- objc2_analyzer 在目标Mach-O可执行文件的与Objective-C运行时相关的部分中定义的选择器引用及其实现之间创建交叉引用
- MSDN Annotations 从XML文件中提取MSDN信息,添加到IDB数据库中
- ironstrings 使用代码模拟执行(flare-emu), 恢复构造的字符串
- Shellcode Hashes 生成Hash数据库
- [737星][7m] [Py] devttys0/ida IDA插件/脚本/模块收集
- wpsearch 查找在MIPS WPS checksum实现中常见的立即数
- md5hash 纯Python版的MD5 hash实现(IDA的hashlib有问题)
- alleycat 查找向指定的函数内代码块的路径、查找两个或多个函数之间的路径、生成交互式调用图、可编程
- codatify 定义IDA自动化分析时miss的ASCII字符串、函数、代码。将data段的所有未定义字节转换为DWORD(于是IDA可识别函数和跳转表指针)
- fluorescence 高亮函数调用指令
- leafblower 识别常用的POSIX函数:printf, sprintf, memcmp, strcpy等
- localxrefs 在当前函数内部查找所有对任意选择文本的引用
- mipslocalvars 对栈上只用于存储寄存器的变量进行命名,简化栈数据分析(MISP)
- mipsrop 在MIPS可执行代码中搜寻ROP。查找常见的ROP
- rizzo 对2个或多个IDB之间的函数进行识别和重命名,基于:函数签名、对唯一字符串/常量的引用、模糊签名、调用图
- [318星][2m] [C] ohjeongwook/darungrim 软件补丁分析工具
- [312星][1y] [C++] nevermoe/unity_metadata_loader 将global-metadata.dat中的字符串和方法/类名称加载到IDA
- [277星][4m] [Py] jpcertcc/aa-tools 多脚本
- apt17scan.py Volatility插件, 检测APT17相关的恶意代码并提取配置
- emdivi_postdata_decoder 解码Emdivi post的数据
- emdivi_string_decryptor IDAPython脚本, 解密Emdivi内的字符串
- citadel_decryptor Data decryption tool for Citadel
- adwind_string_decoder Python script for decoding strings inside Adwind
- redleavesscan Volatility plugin for detecting RedLeaves and extracting its config
- datper_splunk Python script for detects Datper communication and adds result field to Splunk index
- datper_elk Python script for detects Datper communication and adds result field to Elasticsearch index
- tscookie_decode Python script for decrypting and parsing TSCookie configure data
- wellmess_cookie_decode Python script for decoding WellMess's cookie data (support Python2)
- cobaltstrikescan Volatility plugin for detecting Cobalt Strike Beacon and extracting its config
- tscookie_data_decode Python script for decrypting and parsing TSCookie configure data
- [114星][1y] [Py] vallejocc/reverse-engineering-arsenal 逆向脚本收集
- WinDbg Windbg脚本收集
- IDA-set_symbols_for_addresses 遍历所有区段查找与指定的(地址,符号)匹配的DWORD地址,并将对应地址的值命名
- IDA-stack_strings_deobfuscator_1 反混淆栈字符串
- RevealPE
- [80星][4m] [Py] takahiroharuyama/ida_haru 多工具
- bindiff 使用BinDiff对多个二进制文件进行对比,可多达100个
- eset_crackme ESET CrackMe driver VM loader/processor
- fn_fuzzy 快速二进制文件对比
- stackstring_static 静态恢复栈上的字符串
- [75星][10m] [Py] secrary/ida-scripts 多脚本
- dumpDyn 保存动态分配并执行的代码的相关信息:注释、名称、断点、函数等,之后此代码在不同基址执行时使保存内容依然可用
- idenLib 库函数识别
- IOCTL_decode Windows驱动的IO控制码
- XORCheck check xor
- [60星][2y] [Py] tmr232/idabuddy 逆向滴好盆友??
- [59星][2y] [C++] alexhude/loadprocconfig 加载处理器配置文件
- [59星][2m] [Py] williballenthin/idawilli IDA Pro 资源、脚本和配置文件等
- hint_calls 以Hint的形式战士函数引用的call和字符串
- dynamic_hints 演示如何为动态数据提供自定义hint的示例插件
- add_segment 将已存在文件的内容添加为新的segment
- color 对指令进行着色
- find_ptrs 扫描.text区段查找可能为指针的值,并进行标记
- yara_fn 创建yara规则,匹配当前函数的basic block
- idawilli a python module that contains utilities for working with the idapython scripting interface.
- themes colors and skins
- [58星][20d] [Py] lich4/personal_script 010Editor/BurpSuite/Frida/IDA等多个工具的多个脚本
- 重复区段: IDA->插件->导入导出->Frida |DBI->Frida->工具->新添加的 |
- 010Editor 010Editor的多个脚本
- ParamChecker Burp插件
- Frida Frida多个脚本
- IDA IDA Scripts
- IDA-read_unicode.py IDA插件,识别程序中的中文字符
- IDA-add_xref_for_macho 辅助识别Objective-C成员函数的caller和callee
- IDA-add_info_for_androidgdb 使用gdbserver和IDA调试Android时,读取module列表和segment
- IDA-trace_instruction 追踪指令流
- IDA-detect_ollvm 检测OLLVM,在某些情况下修复(Android/iOS)
- IDA-add_block_for_macho 分析macho文件中的block结构
- [54星][1y] [Py] zardus/idalink 使用IDA API时保证不卡界面. 在后台启动与界面脱离IDA CLI会话, 再使用RPyC连接界面
- [52星][3y] [C++] sektioneins/wwcd Capstone支持的IDA视图
- [51星][2y] [Py] cseagle/ida_clemency IDA cLEMENCy Tools
- clemency_ldr IDA加载程序模块,为9位,中端,cLEMENCy可执行文件创建基本的内存布局,并处理其加载。
- clemency_proc IDA处理器模块,处理反汇编和汇编任务
- clemency_dump IDA插件,将修改后的数据库内容转储到打包的9位中端字节文件中
- clemency_fix IDA plugin to assist with fixing up poorly disassembled functions that might branch/call into regions that continue to be marked as data blocks.
- [49星][12m] [Py] agustingianni/utilities 多个IDAPython脚本
- DumpFunctionBytes dumps the current function (you need to position the cursor on the start of the function) as a shellcode. It does a very limited analysis of the function in order to let you know that you need to fix call sites to functions
- func_references print all the function calls to a given function. This is generally used to look for calls to malloc like function
- arm_frequency takes as input the output of objdump on an ARM binary. It will show the ammount of times every instruction was used, sorted by the most used ones.
- struct_hint infer what's the underlying structure used by a function. Highly heuristic. Don't trust it blindly, just try to use what it gives you and work from that.
- string_finder Utility to find all the strings inside an ill formed IDA Database
- simple_jack Simple Jack symbol porting tool by goose
- renamer Rename files in a directory to its sha1 sum plus an extension.
- prolog_finder Find potential ARM procedures prolog
- minset Tool to calculate the minimum set of files that have approximatelly the best coverage.
- mark_interesting Small idapython script that finds all the signed comparisions and marks them with a color.
- machofinder Hacky script to gather all the mach-o file (and fat).
- find_hardref Script to find hardcoded references inside an IDA database.
- [47星][4y] [Py] jjo-sec/idataco 多功能
- [46星][7y] [Py] carlosgprado/milf IDA瑞士军刀
- milf 辅助漏洞挖掘
- [42星][4y] [C++] nihilus/guid-finder 查找GUID/UUID
- [40星][7m] [Visual Basic .NET] dzzie/re_plugins 逆向插件收集
- IDASrvr wm_copydata IPC 服务器,通过WM_COPYDATA机制监听远程消息, 可从其他进程中想IDA发送命令,查询数据,控制接口显示
- IDA_JScript 通过IDASrvr,使用JavaScript编写IDA脚本(依赖ActiveX)
- IDA_JScript_w_DukDbg IDA_JScript进阶版
- IDASrvr2 IDASrvr进阶版,添加x64支持
- IdaUdpBridge this replaces the udp command socket in idavbscript which was crashy
- IdaVbScript ton of small tools for IDA all thrown into one interface
- OllySrvr wm_copydata IPC server running in olly
- Olly_hittrace You set breakpoints in the UI and it will then run the app automating it and logging which ones were hit.
- Olly_module_bpx allow you to set breakpoints within modules which have not yet been loaded.
- Olly_vbscript vbscript automation capability for olly including working across breakpoint events.
- PyIDAServer 测试在IDA中运行IPC服务器
- Wingraph32 This is another experiment at a wingraph32 replacement for ida. This one has more features to hide nodes, and can also navigate IDA to the selected function when you click on it in the graph.
- rabc_gui this is a GUI front end for RABCDAsm to disasm, reasm, and reinsert modified script blocks back into flash files.
- swfdump_gui when run against a target swf, it will create a decompressed version of the swf and a .txt disasm log file these files will be cached and used on subsequent loads. if you wish to start over from scratch use the tools->delete cached * options.
- gleegraph a quick Wingraph32/qwingraph replacement that has some extra features such as being able to navigate IDA to the selected nodes when they are clicked on in graph view, as well as being able to rename the selected node from the graph, or adding a prefix to all child nodes below it.
- hidden_strings scans for strings being build up in char arrays at runtime to hide from traditional strings output
- memdump_conglomerate reads a folder full of memory dumps and puts them all into a single dll husk so they will disassemble at the proper offsets.
- memdump_embedder takes a memory dump and embeds it into a dummy dll husk so that you can disassemble it at the target base address without having to manually reset it everytime
- rtf_hexconvert small tool to extract hex strings from a rtf document and show them in a listview. click on listitem to see decoded data in a hexeditor pane where you can save it
- uGrapher rename real wingraph32.exe to _wingraph.exe and put this one in its place.
- wininet_hooks Hook以下API调用并记录关键信息:HttpOpenRequest,InternetConnect,InternetReadFile,InternetCrackUrl,HttpSendRequest
- [40星][2y] [Py] mxmssh/idametrics 收集x86体系结构的二进制可执行文件的静态软件复杂性度量
- [38星][2y] [Py] saelo/ida_scripts 多脚本
- kernelcache 识别并重命名iOS kernelcache函数stub。ARM64 Only
- ssdt 解析Windows内核中的syscall表
- [34星][4y] [Py] madsc13ntist/idapython IDAPython脚本收集(无文档)
- [32星][5y] [Py] iphelix/ida-pomidor 在长时间的逆向中保存注意力和效率
- [28星][1y] [Py] xyzz/vita-ida-physdump help with physical memory dump reversing
- [27星][1y] [Py] daniel_plohmann/simplifire.idascope 简化恶意代码分析
- [27星][6m] [Py] enovella/re-scripts IDA/Ghidra/Radare2脚本收集(无文档)
- [26星][5y] [Py] bastkerg/recomp IDA recompiler(无文档)
- [26星][8m] [C++] offlinej/ida-rpc Discord rich presence plugin for IDA Pro 7.0
- [25星][3y] [Py] zyantific/continuum Plugin adding multi-binary project support to IDA Pro (WIP)
- [23星][3m] [Py] rceninja/re-scripts
- Hyperv-Scripts
- IA32-MSR-Decoder 查找并解码所有的MSR码
- IA32-VMX-Helper 查找并解码所有的MSR/VMCS码
- [23星][10m] [C++] trojancyborg/ida_jni_rename IDA JNI clal rename
- [22星][5y] [Py] nihilus/idascope 辅助恶意代码逆向(Bitbucket上的代码较新)
- [22星][4m] [Py] nlitsme/idascripts 枚举多种类型数据:Texts/NonFuncs/...
- enumerators Enumeration utilities for idapython
- [22星][4y] [Py] onethawt/idapyscripts IDAPython脚本
- DataXrefCounter 枚举指定区段的所有交叉引用,计算使用频率
- [22星][3y] [C++] patois/idaplugins Random IDA scripts, plugins, example code (some of it may be old and not working anymore)
- [20星][1y] [Py] hyuunnn/ida_python_scripts IDAPython脚本
- IDA_comment
- ida_function_rename
- variable_finder
- assembler_disassembler
- api_visualization
- Decoder Multiple malware decoders
- [20星][2y] [C#] zoebear/radia 创建一个用于可视化代码的交互式、沉浸式环境,辅助二进制文件逆向
- [20星][3y] [Py] ztrix/idascript Full functional idascript with stdin/stdout handled
- [20星][1y] [Py] hyuunnn/ida_python_scripts ida python scripts
- [20星][2m] [Py] mephi42/ida-kallsyms (No Doc)
- [19星][1y] [Py] a1ext/ida-embed-arch-disasm 使IDA可在32位数据库中反汇编x64代码(WOW64)
- [19星][9m] [Py] yellowbyte/reverse-engineering-playground 逆向脚本收集,包括:IDAPython、文件分析、文件格式分析、文件系统分析、Shellcode分析
- idapython-scripts
- IDA-ARMdetect Identifies all sections in a ARM binary that is setting up (writing to) a pin, reading a pin (using the pin as input pin), or interfacing with other devices on the board using I2C
- IDA-CCCheck The 0xCC byte is the byte representing int 3, or software breakpoint. When you make a software breakpoint on an instruction, the debugger replaces the first byte of the instruction to 0xCC.
- IDA-Deobfuscate directly patch the bytes in IDA so IDA will show the correct deobfuscated listing rather than writing the deobfuscated listing to a separate file
- IDA-FindMain automatically find and rename main as "main" and then move cursor position in IDA's disassembly listing to beginning of main.(In a stripped ELF executable, IDA will not be able to identify main)
- IDA-intCheck Interrupts are either generated by external sources, such as I/O devices, or by processor-detected exceptions in the running code
- IDA-JccFlip Changes a jcc instruction to its opposite representation.
- IDA-LocFuncAnalyzer In a stripped ELF binary, local functions are deprived of its original name. This is why local functions are not usually the starting point when doing analysis since without its original name, all local functions look exactly the same as one another. This script aims to change that
- IDA-MalCheck Checks an executable for usage of API that has a high chance of being used maliciously or for anti-reversing purposes such as IsDebuggerPresent
- IDA-NopSled Either convert the instructions that user select/highlight or the instruction that the mouse cursor is on to NOPs
- IDA-RdtscCheck rdtsc instruction puts the number of ticks since the last system reboot in EDX:EAX
- file_format_hacks File Format Hacks
- file_analysis
- shellcode_analysis Shellcode Analysis
- [17星][1y] [Py] honeybadger1613/etm_displayer IDA Pro плагин для отображения результата Coresight ETM трассировки perf'а
- [16星][5y] fabi/idacsharp C# 'Scripts' for IDA 6.6+ based on
- [15星][8m] [CMake] google/idaidle 如果用户将实例闲置时间过长,则会警告用户。在预定的空闲时间后,该插件首先发出警告,然后再保存当前的disassemlby数据库并关闭IDA
- [14星][4y] [C++] nihilus/fast_idb2sig_and_loadmap_ida_plugins 2个插件
- [13星][2y] [Py] cisco-talos/pdata_check 根据pdata节和运行时函数的最后一条指令识别异常运行时。
- [13星][1y] [C++] nihilus/graphslick IDA Plugin - GraphSlick
- [13星][1y] [Py] cxm95/ida_wrapper An IDA_Wrapper for linux, shipped with an Function Identifier. It works well with Driller on static linked binaries.
- [12星][1y] [Assembly] gabrielravier/cave-story-decompilation 使用IDA反编译的游戏洞窟物語(Cave Story)
- [11星][2y] [Py] 0xddaa/iddaa idapython scripts
- [11星][5y] [Py] dshikashio/idarest Expose some basic IDA Pro interactions through a REST API for JSONP
- [11星][10m] [C++] ecx86/ida7-supportlib IDA-SupportLib library by sirmabus, ported to IDA 7
- [10星][4y] [C++] revel8n/spu3dbg 调试anergistic SPU emulator
- [9星][4y] [Py] nfarrar/ida-colorschemes A .clr colorscheme generator for IDA Pro 6.4+.
- [9星][2m] [C++] nlitsme/idcinternals 研究IDC脚本的内部表现形式
- [9星][5y] [Ruby] rogwfu/plympton Library to work with yaml exported IDA Pro information and run statistics
- [9星][9m] [Py] 0xcpu/relieve 逆向/恶意代码分析脚本
- elfie display (basic) info about an ELF, similar to readelf.
- elforensics check ELF for entry point hooks, RWX sections, CTORS & GOT & PLT hooks, function prologue trampolines.
- dololi unfinished, the idea is to automatically generate an executable that calls exports from DLL(s).
- [8星][5y] [Py] daniel_plohmann/idapatchwork Stitching against malware families with IDA Pro
- [8星][2y] [C++] ecx86/ida7-segmentselect IDA-SegmentSelect library by sirmabus, ported to IDA 7
- [8星][2y] [Py] fireundubh/ida7-alleycat Alleycat plugin by devttys0, ported to IDA 7
- [8星][2m] [Py] lanhikari22/gba-ida-pseudo-terminal IDAPython tools to aid with analysis, disassembly and data extraction using IDA python commands, tailored for the GBA architecture at some parts
- [8星][3y] [Py] pwnslinger/ibt IDA Pro Back Tracer - Initial project toward automatic customized protocols structure extraction
- [8星][2y] [C++] shazar14/idadump An IDA Pro script to verify binaries found in a sample and write them to disk
- [7星][2y] [Py] swackhamer/ida_scripts IDAPython脚本(无文档)
- [7星][10m] [Py] techbliss/ida_pro_http_ip_geolocator IDA 插件,查找网址并解析为 ip,通过Google 地图查看
- [7星][5y] [Py] techbliss/processor-changer 修改处理器(需重新打开IDA)
- [7星][1y] [C++] tenable/mida 提取RPC接口,重新创建关联的IDL文件
- [7星][1y] [C++] ecx86/ida7-hexrays-invertif Hex-Rays Invert if statement plugin for IDA 7.0
- [6星][2y] [CMake] elemecca/cmake-ida 使用CMake构建IDA Pro模块
- [6星][9m] [Py] geosn0w/dumpanywhere64 An IDA (Interactive Disassembler) script that can save a chunk of binary from an address.
- [5星][3y] [Py] andreafioraldi/idavshelp 在IDA中集成VS的帮助查看器
- [5星][5m] [Py] fdiskyou/ida-plugins IDAPython脚本(无文档)
- [5星][3y] [Py] gh0st3rs/idassldump IDAPython脚本, 将SSL流量转储到文件
- [5星][1y] [C++] lab313ru/m68k_fixer IDA Pro plugin fixer for m68k
- [5星][5y] [C#] npetrovski/ida-smartpatcher IDA apply patch GUI
- [5星][4y] [Py] tmr232/tarkus Plugin Manager for IDA Pro
- [5星][2y] abarbatei/ida-utils links, information and helper scripts for IDA Pro
- [4星][3m] [Py] gitmirar/idaextapi IDA API utlitites
- [4星][3y] [Py] hustlelabs/joseph IDA Viewer Plugins
- [4星][1y] savagedd/samp-server-idb
- [4星][3m] [Py] spigwitmer/golang_struct_builder IDA 7.0+ script that auto-generates structs and interfaces from runtime metadata found in golang binaries
- [3星][10m] [Py] gdataadvancedanalytics/ida-python Random assembly of IDA Python scripts
- defineIAT written for the Trickbot sample with sha256 8F590AC32A7C7C0DDFBFA7A70E33EC0EE6EB8D88846DEFBDA6144FADCC23663A
- stringDecryption written for the Trickbot sample with sha256 8F590AC32A7C7C0DDFBFA7A70E33EC0EE6EB8D88846DEFBDA6144FADCC23663A
- [3星][5y] [C++] nihilus/ida-x86emu x86模拟执行
- [3星][2y] [Py] ypcrts/ida-pro-segments It's very hard to load multiple files in the IDA GUI without it exploding. This makes it easy.
- [2星][2y] [C++] ecx86/ida7-oggplayer IDA-OggPlayer library by sirmabus, ported to IDA 7
- [2星][2y] [Py] mayl8822/ida 快速执行谷歌/百度/Bing搜索
- [2星][4y] [Py] nihilus/idapatchwork Stitching against malware families with IDA Pro
- [2星][2y] [Py] sbouber/idaplugins
- [2星][2m] [Py] psxvoid/idapython-debugging-dynamic-enrichment
- [1星][2y] [Py] andreafioraldi/idamsdnhelp 打开MSDN帮助搜索页
- [1星][1y] [Py] farzonl/idapropluginlab4 An ida pro plugin that tracks def use chains of a given x86 binary.
- [1星][3m] [Py] voidsec/ida-helpers Collection of IDA helpers
- [0星][3y] [Py] kcufid/my_ida_python My idapython decode data
- [0星][1y] [Py] ruipin/idapy Various IDAPython libraries and scripts
- [0星][9m] [Py] tkmru/idapython-scripts IDAPro scripts
- [931星][25d] [OCaml] airbus-seclab/bincat 二进制代码静态分析工具。值分析(寄存器、内存)、污点分析、类型重建和传播(propagation)、前向/后向分析
- 重复区段: IDA->插件->污点分析 |
- [664星][27d] [Py] igogo-x86/hexrayspytools 结构体和类重建插件
- [168星][1y] [Py] bazad/ida_kernelcache 使用IDA Pro重建iOS内核缓存的C++类
- 重复区段: IDA->插件->Apple->内核缓存 |
- [140星][4y] [C++] nihilus/hexrays_tools 辅助结构体定义和虚函数检测
- [103星][4m] [Py] lucasg/findrpc 从二进制文件中提取内部的RPC结构体
- [4星][3y] [C#] andreafioraldi/idagrabstrings 在指定地址区间内搜索字符串,并将其映射为C结构体
- 重复区段: IDA->插件->字符串 |
-
[607星][3m] [Py] 0xgalz/virtuailor 利用IDA调试获取的信息,自动创建C++的虚表
-
重复区段: IDA->插件->调试->调试数据 |
-
-
[171星][10m] [C++] ecx86/classinformer-ida7 ClassInformer backported for IDA Pro 7.0
-
[130星][2y] [Py] nccgroup/susanrtti RTTI解析插件
-
[90星][1y] [C++] rub-syssec/marx 揭示C++程序中的类继承结构
-
[69星][7y] [C] nektra/vtbl-ida-pro-plugin Identifying Virtual Table Functions using VTBL IDA Pro Plugin + Deviare Hooking Engine
-
[35星][5y] [C++] nihilus/ida_classinformer IDA ClassInformer PlugIn
-
[32星][2y] [Py] krystalgamer/dec2struct 使用类定义/声明文件,在 IDA 中轻松创建虚表
-
[16星][2y] [C++] mwl4/ida_gcc_rtti Class informer plugin for IDA which supports parsing GCC RTTI
- [1771星][10d] onethawt/idaplugins-list IDA插件收集
- [363星][9m] fr0gger/awesome-ida-x64-olly-plugin IDA x64DBG OllyDBG 插件收集
- 重复区段: x64dbg->插件->新添加的 |
- [10星][1y] [Py] ecx86/ida-scripts IDA Pro/Hex-Rays configs, scripts, and plugins收集
- [723星][7m] [Py] zyantific/idaskins 皮肤插件
- [258星][7y] eugeneching/ida-consonance 黑色皮肤插件
- [106星][6m] [CSS] 0xitx/ida_nightfall 黑色主题插件
- [58星][7y] gynophage/solarized_ida Solarized黑色主题
- [10星][7y] [Py] luismiras/ida-color-scripts 导入导出颜色主题
- [9星][2y] [CSS] gbps/x64dbg-consonance-theme 黑色的x64dbg主题
- [6星][5y] [Py] techbliss/ida-styler 修改IDA样式
- [3星][3m] rootbsd/ida_pro_zinzolin_theme zinzolin主题
- [1星][1y] [C] albertzsigovits/idc-dark A dark-mode color scheme for Hex-Rays IDA using idc
- [5228星][2m] [Py] refirmlabs/binwalk 固件分析工具(命令行+IDA插件)
- [492星][5m] [Py] maddiestone/idapythonembeddedtoolkit 自动分析嵌入式设备的固件
- [177星][2y] [Py] duo-labs/idapython Duo 实验室使用的IDAPython 脚本收集
- 重复区段: IDA->插件->Apple->未分类 |
- cortex_m_firmware 整理包含ARM Cortex M微控制器固件的IDA Pro数据库
- amnesia 使用字节级启发式在IDA Pro数据库中的未定义字节中查找ARM Thumb指令
- REobjc 在Objective-C的调用函数和被调用函数之间进行适当的交叉引用
- [101星][1m] [Py] pagalaxylab/vxhunter 用于分析基于VxWorks的嵌入式设备的工具集
- [421星][1m] [C] mcgill-dmas/kam1n0-community 汇编代码管理与分析平台(独立工具+IDA插件)
- 重复区段: IDA->插件->作为辅助 |
- IDA插件
- kam1n0
- [149星][1y] [C++] ajkhoury/sigmaker-x64 IDA Pro 7.0 compatible SigMaker plugin
- [131星][1y] [Py] cisco-talos/bass 从先前生成的恶意软件集群的样本中自动生成AV签名
- [71星][4y] [Py] icewall/bindifffilter IDA Pro plugin making easier work on BinDiff results
- [69星][5y] [Py] arvinddoraiswamy/slid 静态链接库检测
- [51星][3m] [Py] vrtadmin/first-plugin-ida 函数识别与签名恢复工具
- [45星][1y] [Py] l4ys/idasignsrch 签名搜索
- [33星][3y] [Py] g4hsean/binauthor 识别未知二进制文件的作者
- [31星][1y] [Py] cisco-talos/casc 在IDA的反汇编和字符串窗口中, 辅助创建ClamAV NDB 和 LDB签名
- [25星][2y] [LLVM] syreal17/cardinal Similarity Analysis to Defeat Malware Compiler Variations
- [24星][6m] [Py] xorpd/fcatalog_server Functions Catalog
- [21星][3y] [Py] xorpd/fcatalog_client fcatalog idapython client
- [18星][5y] [Py] zaironne/snippetdetector IDA Python scripts project for snippets detection
- [17星][8y] [C++] alexander-pick/idb2pat idb2pat plugin, fixed to work with IDA 6.2
- [14星][8y] [Standard ML] letsunlockiphone/iphone-baseband-ida-pro-signature-files IDA签名文件,iPhone基带逆向
- 重复区段: IDA->插件->Apple->未分类 |
- [3星][4y] [Py] ayuto/discover_win 对比Linux和Windows二进制文件,对Windows文件未命名的函数进行自动重命名
- 重复区段: IDA->插件->函数相关->重命名 |
- [0星][1y] [Py] gh0st3rs/idaprotosync 在2个或多个函数中识别函数原型
- [605星][2m] [Max] maktm/flirtdb A community driven collection of IDA FLIRT signature files
- [321星][5m] push0ebp/sig-database IDA FLIRT Signature Database
- [4星][9m] cloudwindby/ida-pro-sig IDA PRO FLIRT signature files MSVC2017的sig文件
- [62星][11m] [Py] push0ebp/allirt Tool that converts All of libc to signatures for IDA Pro FLIRT Plugin. and utility make sig with FLAIR easily
- [54星][9m] [Py] nwmonster/applysig Apply IDA FLIRT signatures for Ghidra
- [1554星][13d] [Py] joxeankoret/diaphora program diffing
- [360星][1m] [Py] checkpointsw/karta source code assisted fast binary matching plugin for IDA
- [332星][1y] [Py] joxeankoret/pigaios A tool for matching and diffing source codes directly against binaries.
- [135星][1y] [Py] nirizr/rematch REmatch, a complete binary diffing framework that is free and strives to be open source and community driven.
- [95星][7m] [Visual Basic .NET] dzzie/idacompare 汇编级别对比工具
- [73星][4y] [C] nihilus/ida_signsrch signsrch签名匹配
- [72星][5y] [Py] binsigma/binsourcerer 反汇编与源码匹配
- [72星][3y] vrtadmin/first 函数识别和签名恢复, 带服务器
- [52星][5y] [C++] filcab/patchdiff2 IDA binary differ. Since code.google.com/p/patchdiff2/ seemed abandoned, I did the obvious thing…
- [14星][3y] [Py] 0x00ach/idadiff IDAPython脚本,使用@Heurs MACHOC algorithm (https://github.com/ANSSI-FR/polichombr)算法创建二进制文件的CFG Hash,与其他样本对比。如果发现1-1关系,则重命名
- [14星][5y] [C++] binsigma/binclone 检测恶意代码中的相似代码
- [449星][2m] [Py] polymorf/findcrypt-yara 使用Yara规则查找加密常量
- 重复区段: IDA->插件->加密解密 |
- [92星][2m] [Py] hyuunnn/hyara 辅助编写Yara规则
- [92星][2m] [Py] hyuunnn/hyara Yara rule making tool (IDA Pro & Binary Ninja Plugin)
- [83星][1y] [Py] oalabs/findyara 使用Yara规则扫描二进制文件
- [16星][11m] [Py] bnbdr/ida-yara-processor 针对已编译Yara规则文件的Loader&&Processor
- 重复区段: IDA->插件->针对特定分析目标->Loader |
- [14星][1y] [Py] alexander-hanel/ida_yara 使用Yara扫描IDB数据
- [14星][1y] [Py] souhailhammou/idaray-plugin IDARay is an IDA Pro plugin that matches the database against multiple YARA files which themselves may contain multiple rules.
- [316星][6m] [Py] williballenthin/python-idb idb 文件解析和分析工具
- [151星][2m] [Py] nccgroup/idahunt 在IDA外部使用IDAPython脚本, 批量创建/读取/解析IDB文件, 可编写自己的IDB分析脚本,命令行工具,
- [87星][6m] [C++] nlitsme/idbutil 从 IDA 数据库中提取数据,支持 idb 及 i64
- [81星][4m] [Py] nlitsme/pyidbutil 读取IDB数据库
- [18星][1y] [Py] kkhaike/tinyidb 从巨型IDB数据库中导出用户数据
- [0星][4y] [C] hugues92/idaextrapassplugin 修复与清理IDB数据库
- [508星][11m] [Py] idarlingteam/idarling 多人协作插件
- [258星][1y] [C++] dga-mi-ssi/yaco 利用Git版本控制,同步多人对相同二进制文件的修改
- [88星][5y] [Py] cubicalabs/idasynergy 集成了版本控制系统(svn)的IDA插件
- [71星][2m] [C++] cseagle/collabreate Hook IDA的事件通知,将事件涉及的修改内容广播到中心服务器,中心服务器转发给其他分析相同文件的用户
- [4星][2y] [Py] argussecurity/psida IDAPython脚本收集,当前只有协作逆向的脚本
- [471星][13d] [C] bootleg/ret-sync 在反汇编工具和调试器之间同步调试会话
- [292星][11m] [C] a1ext/labeless 在IDA和调试器之间无缝同步Label/注释等
- [179星][1y] [Py] andreafioraldi/idangr 在IDA中使用angrdbg调试器进行调试
- [132星][2y] [Py] comsecuris/gdbida 使用GDB调试时,在IDA中自动跟随当前GDB的调试位置
- [97星][4y] [C++] quarkslab/qb-sync 使用调试器调试时,自动在IDA中跟随调试位置
- [46星][4m] [JS] sinakarvandi/windbg2ida 在IDA中显示Windbg调试的每个步骤
- [36星][10m] [Py] anic/ida2pwntools IDA插件,远程连接pwntools启动的程序进行pwn调试
- [29星][2y] [Py] iweizime/dbghider 向被调试进程隐藏IDA调试器
- [19星][7y] [Py] rmadair/windbg2ida 将WinDBG中的调试trace导入到IDA
- [163星][2m] [Py] x64dbg/x64dbgida x64dbg插件,用于IDA数据导入导出
- 重复区段: x64dbg->插件->新添加的 |
- [148星][2m] [C++] alschwalm/dwarfexport Export dwarf debug information from IDA Pro
- [96星][2y] [Py] robindavid/idasec IDA插件,与Binsec 平台进行交互
- [67星][1y] [Py] lucasg/idamagnum 在IDA中向MagnumDB发起请求, 查询枚举常量可能的值
- [59星][2m] [Py] binaryanalysisplatform/bap-ida-python IDAPython脚本,在IDA中集成BAP
- [35星][5y] [Py] siberas/ida2sym IDAScript to create Symbol file which can be loaded in WinDbg via AddSyntheticSymbol
- [28星][6y] [C++] oct0xor/deci3dbg Ida Pro debugger module for Playstation 3
- 重复区段: IDA->插件->针对特定分析目标->PS3 |
- [28星][5m] [C++] thalium/idatag IDA plugin to explore and browse tags
- [19星][2y] [Py] brandon-everhart/angryida 在IDA中集成angr二进制分析框架
- 重复区段: 其他->angr->工具 |
- [16星][4y] [C++] m417z/mapimp an OllyDbg plugin which will help you to import map files exported by IDA, Dede, IDR, Microsoft and Borland linkers.
- [16星][5y] [Py] danielmgmi/virusbattle-ida-plugin The plugin is an integration of Virus Battle API to the well known IDA Disassembler.
- [8星][7y] [C++] patois/madnes 从IDB中导出符号和名称,使可在FCEUXD SP中导入
- [3星][1y] [Py] r00tus3r/differential_debugging Differential debugging using IDA Python and GDB
- [299星][4m] [Py] cisco-talos/ghida 在IDA中集成Ghidra反编译器
- 重复区段: Ghidra->插件->与其他工具交互->IDA |
- [238星][9m] [Py] daenerys-sre/source 使IDA和Ghidra脚本通用, 无需修改
- 重复区段: Ghidra->插件->与其他工具交互->IDA |
- [88星][4m] [Py] cisco-talos/ghidraaas 通过REST API暴露Ghidra分析服务, 也是GhIDA的后端
- 重复区段: Ghidra->插件->与其他工具交互->IDA |
- [54星][9m] [Py] nwmonster/applysig Apply IDA FLIRT signatures for Ghidra
- [47星][2m] [Py] utkonos/lst2x64dbg Extract labels from IDA .lst or Ghidra .csv file and export x64dbg database.
- 重复区段: Ghidra->插件->与其他工具交互->IDA |x64dbg->插件->新添加的 |
- [382星][26d] [C++] google/binexport 将反汇编以Protocol Buffer的形式导出为PostgreSQL数据库, 导入到BinNavi中使用
- 重复区段: 其他->BinNavi->工具 |
- [213星][4y] [PLpgSQL] cseagle/freedom 从IDA中导出反汇编信息, 导入到binnavi中使用
- 重复区段: 其他->BinNavi->工具 |
- [25星][7y] [Py] tosanjay/bopfunctionrecognition plugin to BinNavi tool to analyze a x86 binanry file to find buffer overflow prone functions. Such functions are important for vulnerability analysis.
- 重复区段: 其他->BinNavi->工具 |
- [68星][9m] [Py] lunixbochs/revsync IDA和Binja实时同步插件
- 重复区段: BinaryNinja->插件->与其他工具交互->IDA |
- [61星][6m] [Py] zznop/bnida 4个脚本,在IDA和BinaryNinja间交互数据
- 重复区段: BinaryNinja->插件->与其他工具交互->IDA |
- ida_export 将数据从IDA中导入
- ida_import 将数据导入到IDA
- binja_export 将数据从BinaryNinja中导出
- binja_import 将数据导入到BinaryNinja
- [14星][6m] [Py] cryptogenic/idc_importer Binary Ninja插件,从IDA中导入IDC数据库转储
- 重复区段: BinaryNinja->插件->与其他工具交互->IDA |
- [125星][8m] [Py] danigargu/syms2elf 将IDA Pro和Radare2识别的符号(目前仅函数)导出到ELF符号表
- [123星][2m] [Py] radare/radare2ida Tools, documentation and scripts to move projects from IDA to R2 and viceversa
- 重复区段: Radare2->插件->与其他工具交互->IDA |
- [128星][3y] [Py] friedappleteam/frapl 在Frida Client和IDA之间建立连接,将运行时信息直接导入IDA,并可直接在IDA中控制Frida
- [83星][5y] [Py] techbliss/frida_for_ida_pro 在IDA中使用Frida, 主要用于追踪函数
- 重复区段: DBI->Frida->工具->与其他工具交互->IDA |
- [58星][20d] [Py] lich4/personal_script 010Editor/BurpSuite/Frida/IDA等多个工具的多个脚本
- 重复区段: IDA->插件->未分类 |DBI->Frida->工具->新添加的 |
- 010Editor 010Editor的多个脚本
- ParamChecker Burp插件
- Frida Frida多个脚本
- IDA IDA Scripts
- IDA-read_unicode.py IDA插件,识别程序中的中文字符
- IDA-add_xref_for_macho 辅助识别Objective-C成员函数的caller和callee
- IDA-add_info_for_androidgdb 使用gdbserver和IDA调试Android时,读取module列表和segment
- IDA-trace_instruction 追踪指令流
- IDA-detect_ollvm 检测OLLVM,在某些情况下修复(Android/iOS)
- IDA-add_block_for_macho 分析macho文件中的block结构
- [40星][2y] [Py] agustingianni/memrepl Frida 插件,辅助开发内存崩溃类的漏洞
- 重复区段: DBI->Frida->工具->新添加的 |
- [134星][1y] [Py] carlosgprado/jarvis 多功能, 带界面,辅助静态分析、漏洞挖掘、动态追踪(Pin)、导入导出等
- [44星][3y] [Batchfile] maldiohead/idapin plugin of ida with pin
- 重复区段: DBI->IntelPin->工具->与其他工具交互->未分类 |
- [542星][2y] [Py] anatolikalysch/vmattack 基于虚拟化的壳的分析(静态/动态)与反混淆
- 重复区段: IDA->插件->反混淆 |
- [199星][4y] [Py] f8left/decllvm IDA plugin for OLLVM analysis
- [117星][1y] [Py] xerub/idastuff 针对ARM处理器
- [101星][12d] [Py] fboldewin/com-code-helper IDAPython脚本, 辅助重建MS COM 代码
- [93星][4m] [Py] themadinventor/ida-xtensa 分析Tensilica Xtensa (as seen in ESP8266)
- [82星][4y] [C++] wjp/idados DOSBox调试器插件
- 重复区段: IDA->插件->调试->未分类 |
- [75星][3m] [Py] coldzer0/ida-for-delphi 针对Delphi的IDAPython脚本,从 Event Constructor (VCL)中获取所有函数名称
- [59星][2y] [Py] isra17/nrs 脱壳并分析NSIS installer打包的文件
- [59星][6m] [C++] troybowman/dtxmsg 辅助逆向DTXConnectionServices 框架
- [57星][4m] [Py] giantbranch/mipsaudit IDA MIPS静态扫描脚本,汇编审计辅助脚本
- [50星][10m] [C] lab313ru/smd_ida_tools Sega Genesis/MegaDrive ROM文件加载器,Z80音频驱动加载器,IDA Pro调试器
- [47星][2y] [C++] antid0tecom/aarch64_armv81extension IDA AArch64 处理器扩展:添加对ARMv8.1 opcodes的支持
- [33星][3y] [Py] sam-b/windows_syscalls_dumper 转储Windows系统调用Call的 number/name,以json格式导出
- [24星][3y] [C++] sektioneins/aarch64_cryptoextension IDA AArch64 processor extender extension: Adding crypto extension instructions (AES/SHA1/SHA256)
- [23星][12m] [Py] howmp/comfinder 查找标记COM组件中的函数
- 重复区段: IDA->插件->函数相关->重命名 |
- [23星][3y] [Py] pfalcon/ida-xtensa2 IDAPython plugin for Tensilica Xtensa (as seen in ESP8266), version 2
- [20星][5y] [Py] digitalbond/ibal 辅助Bootrom分析
- [19星][2y] [C] andywhittaker/idaproboschme7x Bosch ME7x C16x反汇编辅助
- [16星][3y] [Py] 0xdeva/ida-cpu-risc-v RISCV-V 反汇编器
- [15星][5y] [Py] dolphin-emu/gcdsp-ida 辅助GC DSP逆向
- [11星][2y] [C++] hyperiris/gekkops Nintendo GameCube Gekko CPU Extension plug-in for IDA Pro 5.2
- [4星][3y] [Py] neogeodev/idaneogeo NeoGeo binary loader & helper for the Interactive Disassembler
- [3星][5m] [C] extremlapin/glua_c_headers_for_ida Glua module C headers for IDA
- [2星][6m] [Py] lucienmp/idapro_m68k 扩展IDA对m68k的支持,添加gdb step-over 和类型信息支持
- [0星][9m] [C] 0xd0cf11e/idcscripts idc脚本
- emotet-decode 解码emotet
- [0星][3m] [C++] marakew/emuppc PowerPC模拟器,脱壳某些 PowerPC 二进制文件
- [205星][1y] [Py] fireeye/idawasm WebAssembly的加载器和解析器
- [161星][2m] [Py] nforest/droidimg Android/Linux vmlinux loader
- [155星][2y] [Py] crytic/ida-evm 以太坊虚拟机的Processor模块
- [146星][29d] [Py] argp/iboot64helper IDAPython loader to help with AArch64 iBoot, iBEC, and SecureROM reverse engineering
- [131星][2y] [C] gsmk/hexagon IDA processor module for the hexagon (QDSP6) processor
- [112星][1y] pgarba/switchidaproloader Loader for IDA Pro to support the Nintendo Switch NRO binaries
- [79星][9m] [Py] reswitched/loaders IDA Loaders for Switch binaries(NSO / NRO)
- [72星][2y] [Py] embedi/meloader 加载英特尔管理引擎固件
- [55星][7m] [C++] mefistotelis/ida-pro-loadmap Plugin for IDA Pro disassembler which allows loading .map files.
- [37星][1y] [C++] patois/nesldr Nintendo Entertainment System (NES) ROM loader module for IDA Pro
- [35星][1y] [Py] bnbdr/ida-bpf-processor BPF Processor for IDA Python
- [33星][2y] [C++] teammolecule/toshiba-mep-idp IDA Pro module for Toshiba MeP processors
- [32星][5y] [Py] 0xebfe/3dsx-ida-pro-loader IDA PRO Loader for 3DSX files
- [28星][4y] [C] gdbinit/teloader A TE executable format loader for IDA
- [27星][4m] [Py] ghassani/mclf-ida-loader An IDA file loader for Mobicore trustlet and driver binaries
- [27星][3y] [Py] w4kfu/ida_loader loader module 收集
- [23星][2y] [C++] balika011/belf Balika011's PlayStation 4 ELF loader for IDA Pro 7.0/7.1
- [23星][6y] vtsingaras/qcom-mbn-ida-loader IDA loader plugin for Qualcomm Bootloader Stages
- [20星][3y] [C++] patois/ndsldr Nintendo DS ROM loader module for IDA Pro
- [18星][8y] [Py] rpw/flsloader IDA Pro loader module for Infineon/Intel-based iPhone baseband firmwares
- [17星][9m] [C++] gocha/ida-snes-ldr SNES ROM Cartridge File Loader for IDA (Interactive Disassembler) 6.x
- [16星][11m] [Py] bnbdr/ida-yara-processor 针对已编译Yara规则文件的Loader&&Processor
- 重复区段: IDA->插件->签名(FLIRT等)->Yara |
- [16星][9m] [C++] gocha/ida-65816-module SNES 65816 processor plugin for IDA (Interactive Disassembler) 6.x
- [16星][1y] [Py] lcq2/riscv-ida RISC-V ISA处理器模块
- [16星][1y] [Py] ptresearch/nios2 IDA Pro processor module for Altera Nios II Classic/Gen2 microprocessor architecture
- [14星][2y] [Py] patois/necromancer IDA Pro V850 Processor Module Extension
- [13星][1y] [Py] rolfrolles/hiddenbeeloader IDA loader module for Hidden Bee's custom executable file format
- [10星][4y] [C++] areidz/nds_loader Nintendo DS loader module for IDA Pro 6.1
- [10星][6y] [Py] cycad/mbn_loader IDA Pro Loader Plugin for Samsung Galaxy S4 ROMs
- [7星][1y] [C++] fail0verflow/rl78-ida-proc Renesas RL78 processor module for IDA
- [5星][9m] [C++] gocha/ida-spc700-module SNES SPC700 processor plugin for IDA (Interactive Disassembler)
- [3星][9m] [C++] gocha/ida-snes_spc-ldr SNES-SPC700 Sound File Loader for IDA (Interactive Disassembler)
- [2星][3m] [C] cisco-talos/ida_tilegx This is an IDA processor module for the Tile-GX processor architecture
- [376星][9m] [Py] sibears/idagolanghelper 解析Go语言编译的二进制文件中的GoLang类型信息
- [297星][2m] [Py] strazzere/golang_loader_assist 辅助Go逆向
- [306星][1y] [Py] fsecurelabs/win_driver_plugin A tool to help when dealing with Windows IOCTL codes or reversing Windows drivers.
- [218星][1y] [Py] nccgroup/driverbuddy 辅助逆向Windows内核驱动
- [74星][5y] [Py] tandasat/winioctldecoder IDA插件,将Windows设备IO控制码解码成为DeviceType, FunctionCode, AccessType, MethodType.
- [23星][1y] [C] ioactive/kmdf_re 辅助逆向KMDF驱动
- [69星][3m] [C] aerosoul94/ida_gel A collection of IDA loaders for various game console ELF's. (PS3, PSVita, WiiU)
- [55星][7y] [C++] kakaroto/ps3ida IDA scripts and plugins for PS3
- [44星][2y] [C] aerosoul94/dynlib 辅助PS4用户模式ELF逆向
- 重复区段: IDA->插件->ELF |
- [28星][6y] [C++] oct0xor/deci3dbg Ida Pro debugger module for Playstation 3
- 重复区段: IDA->插件->导入导出->未分类 |
- [98星][5m] [C++] mixaill/fakepdb 通过IDA数据库生成PDB文件
- [39星][1y] [Py] ax330d/ida_pdb_loader IDA PDB Loader
- [14星][1y] [CMake] gdataadvancedanalytics/bindifflib Automated library compilation and PDB annotation with CMake and IDA Pro
- [2星][6m] [Py] clarkb7/annotate_lineinfo Annotate IDA with source and line number information from a PDB
- [34星][1y] [Py] kasperskylab/actionscript3 SWF Loader、ActionScript3 Processor和 IDA 调试辅助插件
- [27星][4y] [C++] nihilus/ida-pro-swf 处理SWF文件
- [9星][2y] [Py] d00rt/easy_way_nymaim IDA脚本, 用于去除恶意代码nymaim的混淆,创建干净的idb
- [8星][3y] [Py] thngkaiyuan/mynaim Nymaim 家族样本反混淆插件
- 重复区段: IDA->插件->反混淆 |
- [4星][2y] [Py] immortalp0ny/fyvmdisassembler 对 FinSpy VM进行反虚拟化/反汇编的IDAPython脚本
- [4星][8m] [C] lacike/gandcrab_string_decryptor 解密 GandCrab v5.1-5.3 中的字符串
- 重复区段: IDA->插件->字符串 |
- [132星][2y] [Py] pwning/defcon25-public DEFCON 25 某Talk用到的 反汇编器和 IDA 模块
- [720星][15d] [Py] idapython/src IDAPython源码
- [373星][3m] [Py] tmr232/sark IDAPython的高级抽象
- [248星][2y] [Py] intezer/docker-ida 在Docker容器中执行IDA, 以自动化/可扩展/分布式的方式执行IDAPython脚本
- [82星][4y] idapython/bin IDAPython binaries
- [69星][2y] [Py] alexander-hanel/idapython6to7
- [43星][1y] [Py] nirizr/pytest-idapro 辅助对IDAPython脚本进行单元测试
- [29星][3y] [Py] kerrigan29a/idapython_virtualenv 在IDAPython中启用Virtualenv或Conda,使可以有多个虚拟环境
- [23星][3y] [Py] devttys0/idascript IDA的Wrapper,在命令行中自动对目标文件执行IDA脚本
- [258星][28d] [Py] inforion/idapython-cheatsheet Scripts and cheatsheets for IDAPython
- [497星][1y] [PLpgSQL] nologic/idaref 指令参考插件.
- [449星][4m] [C++] alexhude/friend 反汇编显示增强, 文档增强插件
- 重复区段: IDA->插件->效率->其他 |
- [250星][2y] [Py] gdelugre/ida-arm-system-highlight 用于高亮和解码 ARM 系统指令
- [106星][2m] [Py] neatmonster/amie 针对ARM架构的
FRIEND
插件, 文档增强 - [45星][8y] [Py] zynamics/msdn-plugin-ida Imports MSDN documentation into IDA Pro
- [24星][3y] [AutoIt] yaseralnajjar/ida-msdn-helper IDA Pro MSDN Helper
- [393星][3y] [Py] 36hours/idaemu 基于Unicorn引擎的代码模拟插件
- 重复区段: IDA->插件->模拟器集成 |
- [282星][2m] [Py] fireeye/flare-emu 结合Unicorn引擎, 简化模拟脚本的编写
- 重复区段: IDA->插件->模拟器集成 |
- [137星][26d] [Py] arizvisa/ida-minsc a plugin for IDA Pro that assists a user with scripting the IDAPython plugin that is bundled with the disassembler.
- [104星][1m] [Py] patois/idapyhelper IDAPython脚本编写辅助
- [74星][5m] [C++] 0xeb/ida-qscripts IDA“最近脚本/执行脚本”的进化版
- 重复区段: IDA->插件->效率->其他 |
- [42星][6m] [C++] 0xeb/ida-climacros 在IDA命令行接口中定义和使用静态/动态的宏
- [32星][2y] [CMake] zyantific/ida-cmake 使用CMake编译C++编写的IDA脚本
- [22星][1y] [Py] nirizr/idasix IDAPython兼容库。创建平滑的IDA开发流程,使相同代码可应用于多个IDA/IDAPython版本
- [4星][8m] inndy/idapython-cheatsheet scripting IDA like a Pro
- [25星][1y] techbliss/ida_pro_ultimate_qt_build_guide Ida Pro Ultimate Qt Build Guide
- [13星][3m] [Py] tmr232/cute 在IDAPython中兼容QT4/QT5
- [9星][3y] [Py] techbliss/ida_pro_screen_recorder PyQt plugin for Ida Pro for Screen recording.
- [269星][1m] [Py] eset/ipyida 集成IPython控制台
- [232星][2y] [Jupyter Notebook] james91b/ida_ipython 嵌入IPython内核,集成IPython
- [175星][5m] [Py] techbliss/python_editor Python脚本编辑窗口
- [5星][2y] [C++] patois/ida_vs2017 IDA 7.x VS 2017 项目模板
- [4星][5y] [JS] nihilus/ida-pro-plugin-wizard-for-vs2013 IDA Pro plugin wizard for VisualStudio 2013
- [22星][3y] [Java] cblichmann/idajava Java integration for Hex-Rays IDA Pro
- [8星][3y] [C++] nlitsme/idaperl 在IDA中使用Perl编写脚本
- [162星][4y] [Py] osirislab/fentanyl 简化打补丁
- [127星][6y] [C++] crowdstrike/crowddetox CrowdStrike CrowdDetox Plugin for Hex-Rays,automatically removes junk code and variables from Hex-Rays function decompilation
- [95星][5y] [Py] nihilus/ida-idc-scripts 多个IDC脚本收集
- [82星][6y] [Py] einstein-/hexrays-python Python bindings for the Hexrays Decompiler
- [76星][5y] [PHP] v0s/plus22 Tool to analyze 64-bit binaries with 32-bit Hex-Rays Decompiler
- [63星][5y] [C] nihilus/idastealth
- [40星][6y] [C++] wirepair/idapinlogger Logs instruction hits to a file which can be fed into IDA Pro to highlight which instructions were called.
- [39星][10y] izsh/ida-python-scripts IDA Python Scripts
- [39星][8y] [Py] zynamics/bincrowd-plugin-ida BinCrowd Plugin for IDA Pro
- [35星][8y] [Py] zynamics/ida2sql-plugin-ida
- [27星][4y] [C++] luorui110120/idaplugins 一堆IDA插件,无文档
- [21星][10y] [C++] sporst/ida-pro-plugins Collection of IDA Pro plugins I wrote over the years
- [18星][10y] [Py] binrapt/ida Python script which extracts procedures from IDA Win32 LST files and converts them to correctly dynamically linked compilable Visual C++ inline assembly.
- [16星][7y] [Py] nihilus/optimice
- [10星][10y] jeads-sec/etherannotate_ida EtherAnnotate IDA Pro Plugin - Parse EtherAnnotate trace files and markup IDA disassemblies with runtime values
- [6星][10y] [C] jeads-sec/etherannotate_xen EtherAnnotate Xen Ether Modification - Adds a feature to Ether that pulls register values and potential string values at each instruction during an instruction trace.
- [395星][1y] [C++] cseagle/sk3wldbg 用Unicorn引擎做后端的调试插件
- 重复区段: IDA->插件->模拟器集成 |
- [187星][5y] [C++] nihilus/scyllahide 用户模式反-反调试
- [107星][23d] [Py] danielplohmann/apiscout 简化导入API恢复。可以从内存中恢复API信息。包含命令行版本和IDA插件。可以处理PE头被抹掉等ImpRec/ImpRec无法处理的情况。
- [82星][4y] [C++] wjp/idados DOSBox调试器插件
- 重复区段: IDA->插件->针对特定分析目标->未分类 |
- [57星][8y] [Py] cr4sh/ida-vmware-gdb 辅助Windows内核调试
- [42星][5y] [Py] nihilus/idasimulator 扩展IDA的条件断点支持,在被调试进行中使用Python代码替换复杂的执行代码
- [39星][2y] [Py] thecjw/ida_android_script 辅助Android调试的IDAPython脚本
- 重复区段: IDA->插件->Android |Android->工具->IDA |
- [22星][5y] [Py] techbliss/scylladumper Ida Plugin to Use the Awsome Scylla plugin
- [14星][5y] [Py] techbliss/free_the_debuggers 自动加载并执行调试器插件??
- [0星][2y] [Py] benh11235/ida-windbglue 与远程WinDBG调试服务器进行连接的"胶水"脚本
- [943星][1y] [Py] gaasedelen/lighthouse 从DBI中收集代码覆盖情况,在IDA/Binja中映射、浏览、查看
- 重复区段: DBI->IntelPin->工具->与其他工具交互->未分类 |DBI->Frida->工具->与其他工具交互->IDA |DBI->Frida->工具->与其他工具交互->BinaryNinja |
- coverage-frida 使用Frida收集信息
- coverage-pin 使用Pin收集覆盖信息
- 插件 支持IDA和BinNinja
- [134星][1y] [Py] carlosgprado/jarvis 多功能, 带界面,辅助静态分析、漏洞挖掘、动态追踪(Pin)、导入导出等
- [128星][3y] [Py] friedappleteam/frapl 在Frida Client和IDA之间建立连接,将运行时信息直接导入IDA,并可直接在IDA中控制Frida
- [122星][5y] [C++] zachriggle/ida-splode 使用Pin收集动态运行数据, 导入到IDA中查看
- [117星][2y] [C++] 0xphoenix/mazewalker 使用Pin收集数据,导入到IDA中查看
- 重复区段: DBI->IntelPin->工具->与其他工具交互->未分类 |
- mazeui 在IDA中显示界面
- PyScripts Python脚本,处理收集到的数据
- PinClient
- [89星][8y] [C] neuroo/runtime-tracer 使用Pin收集运行数据并在IDA中显示
- [80星][3y] [Py] davidkorczynski/repeconstruct 自动脱壳并重建二进制文件
- [52星][12m] [Py] cisco-talos/dyndataresolver 动态数据解析. 在IDA中控制DyRIO执行程序的指定部分, 记录执行过程后传回数据到IDA
- 重复区段: DBI->DynamoRIO->工具->与其他工具交互 |
- DDR 基于DyRIO的Client
- IDA插件
- [20星][9m] [C++] secrary/findloop 使用DyRIO查找执行次数过多的代码块
- 重复区段: DBI->DynamoRIO->工具->与其他工具交互 |
- [15星][1y] [C++] agustingianni/instrumentation PinTool收集。收集数据可导入到IDA中
-
[607星][3m] [Py] 0xgalz/virtuailor 利用IDA调试获取的信息,自动创建C++的虚表
-
重复区段: IDA->插件->结构体->C++类 |
-
-
[386星][5m] [Py] ynvb/die 使用IDA调试器收集动态运行信息, 辅助静态分析
-
[380星][4y] [Py] deresz/funcap 使用IDA调试时记录动态信息, 辅助静态分析
-
[104星][3y] [Py] c0demap/codemap Hook IDA,调试命中断点时将寄存器/内存信息保存到数据库,在web浏览器中查看
-
[1672星][7m] [C++] yegord/snowman Snowman反编译器,支持x86, AMD64, ARM。有独立的GUI工具、命令行工具、IDA/Radare2/x64dbg插件,也可以作为库使用
- 重复区段: x64dbg->插件->新添加的 |
- IDA插件
- snowman QT界面
- nocode 命令行工具
- nc 核心代码,可作为库使用
-
[1329星][1y] [C++] rehints/hexrayscodexplorer 反编译插件, 多功能
-
重复区段: IDA->插件->效率->其他 |
查看详情
- 自动类型重建
- 虚表识别/导航(反编译窗口)
- C-tree可视化与导出
- 对象浏览
-
-
[467星][4y] [Py] einstein-/decompiler 多后端的反编译器, 支持IDA和Capstone.
-
[418星][3m] [C++] avast/retdec-idaplugin retdec 的 IDA 插件
-
[293星][5y] [C++] smartdec/smartdec 反编译器, 带IDA插件(进阶版为snowman)
-
[286星][5y] [Py] aaronportnoy/toolbag 反编译强化插件
-
[235星][7m] [Py] patois/dsync 反汇编和反编译窗口同步插件
- 重复区段: IDA->插件->效率->其他 |
-
[180星][29d] [Py] fireeye/fidl A sane API for IDA Pro's decompiler. Useful for malware RE and vulnerability research
-
[167星][1y] [Py] tintinweb/ida-batch_decompile 将多个文件及其import用附加注释(外部参照,堆栈变量大小)反编译到pseudocode.c文件
-
[150星][1y] [Py] ax330d/hrdev 反编译输出增强: 使用Python Clang解析标准的IDA反编译结果
- 重复区段: IDA->插件->效率->显示增强 |
-
[103星][13d] [Py] sibears/hrast 演示如何修改AST(抽象语法树)
-
[90星][6m] [Py] patois/hrdevhelper 反编译函数CTree可视化
- 重复区段: IDA->插件->效率->显示增强 |
-
[70星][13d] [Py] patois/mrspicky IDA反编译器脚本,辅助审计对于memcpy() 和memmove()函数的调用
- 重复区段: IDA->插件->漏洞->未分类 |
-
[25星][2y] [C++] dougallj/dj_ida_plugins 向Hex-Rays反编译器添加VMX intrinsics
- [1365星][3m] [Py] fireeye/flare-floss 自动从恶意代码中提取反混淆后的字符串
- 重复区段: IDA->插件->字符串 |
- floss
- IDA插件
- [542星][2y] [Py] anatolikalysch/vmattack 基于虚拟化的壳的分析(静态/动态)与反混淆
- 重复区段: IDA->插件->针对特定分析目标->未分类 |
- [304星][4m] [C++] rolfrolles/hexraysdeob 利用Hex-Rays microcode API破解编译器级别的混淆
- 重复区段: IDA->插件->Microcode |
- [202星][2y] [Py] tkmru/nao 移除死代码(dead code), 基于Unicorn引擎
- 重复区段: IDA->插件->模拟器集成 |
- [47星][2y] [Py] riscure/drop-ida-plugin Experimental opaque predicate detection for IDA Pro
- [23星][5m] [Py] jonathansalwan/x-tunnel-opaque-predicates IDA+Triton plugin in order to extract opaque predicates using a Forward-Bounded DSE. Example with X-Tunnel.
- 重复区段: IDA->插件->污点分析 |
- [8星][3y] [Py] thngkaiyuan/mynaim Nymaim 家族样本反混淆插件
- 重复区段: IDA->插件->针对特定分析目标->特定样本家族 |
-
[1329星][1y] [C++] rehints/hexrayscodexplorer 反编译插件, 多功能
-
重复区段: IDA->插件->反编译器 |
查看详情
- 自动类型重建
- 虚表识别/导航(反编译窗口)
- C-tree可视化与导出
- 对象浏览
-
-
[449星][4m] [C++] alexhude/friend 反汇编显示增强, 文档增强插件
- 重复区段: IDA->插件->指令参考 |
-
[372星][3m] [Py] l4ys/lazyida 若干快速访问功能, 扫描字符串格式化漏洞
-
重复区段: IDA->插件->字符串 |IDA->插件->漏洞->未分类 |
-
-
[329星][4m] [Py] pfalcon/scratchabit 交互式反汇编工具, 有与IDAPython兼容的插件API
-
[235星][7m] [Py] patois/dsync 反汇编和反编译窗口同步插件
- 重复区段: IDA->插件->反编译器 |
-
[192星][2m] [Py] danigargu/dereferencing 调试时寄存器和栈显示增强
-
[130星][2y] [Py] comsecuris/ida_strcluster 扩展IDA的字符串导航功能
- 重复区段: IDA->插件->字符串 |
-
[99星][1y] [Py] darx0r/stingray 递归查找函数和字符串
- 重复区段: IDA->插件->字符串 |IDA->插件->函数相关->导航 |
-
[81星][15d] [Py] ax330d/functions-plus 解析函数名称,按命名空间分组,将分组结果以树的形式展示
- 重复区段: IDA->插件->函数相关->导航 |
-
[74星][5m] [C++] 0xeb/ida-qscripts IDA“最近脚本/执行脚本”的进化版
- 重复区段: IDA->插件->辅助脚本编写->未分类 |
-
[48星][8d] [C++] jinmo/ifred IDA command palette & more (Ctrl+Shift+P, Ctrl+P)
-
[40星][5m] [Py] tmr232/brutal-ida 在IDA 7.3中禁用Undo/Redo
-
[23星][7y] [C++] cr4sh/ida-ubigraph IDA Pro plug-in and tools for displaying 3D graphs of procedures using UbiGraph
-
[17星][2y] [Py] tmr232/graphgrabber 获取IDA图的全分辨率图像
-
[5星][2y] [Py] handsomematt/ida_func_ptr 右键菜单中快速拷贝函数指针定义
- [208星][1m] [Py] patois/idacyber 交互式数据可视化插件
- [150星][1y] [Py] ax330d/hrdev 反编译输出增强: 使用Python Clang解析标准的IDA反编译结果
- 重复区段: IDA->插件->反编译器 |
- [105星][2y] [Py] danigargu/idatropy 使用idapython和matplotlib的功能生成熵和直方图的图表
- [90星][6m] [Py] patois/hrdevhelper 反编译函数CTree可视化
- 重复区段: IDA->插件->反编译器 |
- [52星][1m] [Py] patois/xray 根据正则表达式对IDA反编译输出的特定内容进行高亮显示
- [20星][4m] [C++] revspbird/hightlight 反编译窗口中代码块和括号高亮
- [5星][3y] [Py] oct0xor/ida_pro_graph_styling call/jump指令高亮显示
- [5星][2y] [C] teppay/ida 指令高亮,黑色主题
- [3星][2y] [Py] andreafioraldi/idaretaddr 在IDA调试器中高亮函数的返回地址
- 重复区段: IDA->插件->函数相关->未分类 |
- [2569星][6m] [Java] google/binnavi 二进制分析IDE, 对反汇编代码的控制流程图和调用图进行探查/导航/编辑/注释.(IDA插件的作用是导出反汇编)
- [231星][2y] [C++] fireeye/simplifygraph 复杂graphs的简化
- [40星][9m] [Py] rr-/ida-images 图像预览插件,辅助查找图像解码函数(运行复杂代码,查看内存中是否存在图像)
- [150星][15d] [Py] ga-ryo/idafuzzy 模糊搜索: 命令/函数/结构体
- 重复区段: IDA->插件->函数相关->导航 |
- [64星][3y] [Py] xorpd/idsearch 搜索工具
- [23星][6m] [Py] alexander-hanel/hansel IDA搜索插件
- [246星][28d] [C++] strazzere/android-scripts Android逆向脚本收集
- 重复区段: Android->工具->ReverseEngineering |
- [161星][2m] [Py] nforest/droidimg Android/Linux vmlinux loader
- [118星][4y] [Py] cvvt/dumpdex 基于IDA python的Android DEX内存dump工具
- 重复区段: Android->工具->IDA |
- [83星][2y] [Py] zhkl0228/androidattacher IDA debugging plugin for android armv7 so
- 重复区段: Android->工具->IDA |
- [39星][5y] [Py] techbliss/adb_helper_qt_super_version All You Need For Ida Pro And Android Debugging
- 重复区段: Android->工具->IDA |
- [39星][2y] [Py] thecjw/ida_android_script 辅助Android调试的IDAPython脚本
- 重复区段: IDA->插件->调试->未分类 |Android->工具->IDA |
- [16星][7y] [C++] strazzere/dalvik-header-plugin Dalvik Header Plugin for IDA Pro
- 重复区段: Android->工具->IDA |
- [177星][2y] [Py] duo-labs/idapython Duo 实验室使用的IDAPython 脚本收集
- 重复区段: IDA->插件->固件 |
- cortex_m_firmware 整理包含ARM Cortex M微控制器固件的IDA Pro数据库
- amnesia 使用字节级启发式在IDA Pro数据库中的未定义字节中查找ARM Thumb指令
- REobjc 在Objective-C的调用函数和被调用函数之间进行适当的交叉引用
- [167星][8y] [Py] zynamics/objc-helper-plugin-ida 辅助Objective-C二进制文件的分析
- [21星][3y] aozhimin/ios-monitor-resources 对各厂商的 iOS SDK 性能监控方案的整理和收集后的资源
- [17星][9y] [C++] alexander-pick/patchdiff2_ida6 patched up patchdiff2 to compile and work with IDA 6 on OSX
- [14星][8y] [Standard ML] letsunlockiphone/iphone-baseband-ida-pro-signature-files IDA签名文件,iPhone基带逆向
- 重复区段: IDA->插件->签名(FLIRT等)->未分类 |
- [168星][1y] [Py] bazad/ida_kernelcache 使用IDA Pro重建iOS内核缓存的C++类
- 重复区段: IDA->插件->结构体->未分类 |
- [140星][8y] stefanesser/ida-ios-toolkit 辅助处理iOS kernelcache的IDAPython收集
- [50星][1y] [Py] synacktiv-contrib/kernelcache-laundering load iOS12 kernelcaches and PAC code in IDA
- [47星][8m] [C] gdbinit/extractmacho IDA plugin to extract Mach-O binaries located in the disassembly or data
- [18星][3y] [C] cocoahuke/iosdumpkernelfix This tool will help to fix the Mach-O header of iOS kernel which dump from the memory. So that IDA or function symbol-related tools can loaded function symbols of ios kernel correctly
- [17星][8y] [C] gdbinit/machoplugin IDA plugin to Display Mach-O headers
- [52星][3y] [Py] tobefuturer/ida-swift-demangle A tool to demangle Swift function names in IDA.
- [17星][3y] [Py] tylerha97/swiftdemang Demangle Swift
- [17星][4y] [Py] gsingh93/ida-swift-demangle 对Swift函数名进行demangle
- 重复区段: IDA->插件->函数相关->demangle |
- [525星][2y] [C] lunixbochs/patchkit 给ELF文件打补丁(命令行+IDA插件)(可编写Python回调,C函数替换等)
- 重复区段: IDA->插件->补丁 |
- IDA插件
- patchkit
- [206星][6y] [C] snare/ida-efiutils 辅助ELF逆向
- [161星][2m] [Py] nforest/droidimg Android/Linux vmlinux loader
- [125星][8m] [Py] danigargu/syms2elf 将IDA Pro和Radare2识别的符号(目前仅函数)导出到ELF符号表
- [92星][3y] [C++] gdbinit/efiswissknife 辅助 (U)EFI reversing 逆向
- [84星][19d] [Py] yeggor/uefi_retool 在UEFI固件和UEFI模块分析中查找专有协议的工具
- [44星][2y] [C] aerosoul94/dynlib 辅助PS4用户模式ELF逆向
- 重复区段: IDA->插件->针对特定分析目标->PS3 |
- [44星][4y] [Py] danse-macabre/ida-efitools 辅助逆向ELF文件
- [43星][4y] [Py] strazzere/idant-wanna ELF header abuse
- [304星][4m] [C++] rolfrolles/hexraysdeob 利用Hex-Rays microcode API破解编译器级别的混淆
- 重复区段: IDA->插件->反混淆 |
- [185星][5m] [C++] chrisps/hexext 通过操作microcode, 优化反编译器的数据
- [65星][1m] [Py] patois/genmc 显示Hex-Rays 反编译器的Microcode,辅助开发Microcode插件
- [54星][3m] [Py] idapython/pyhexraysdeob 工具 RolfRolles/HexRaysDeob 的Python版本
- [19星][9m] [Py] neatmonster/mcexplorer 工具 RolfRolles/HexRaysDeob 的 Python 版本
- [504星][20d] [Py] alexhude/uemu 基于Unicorn的模拟器插件
- [395星][1y] [C++] cseagle/sk3wldbg 用Unicorn引擎做后端的调试插件
- 重复区段: IDA->插件->调试->未分类 |
- [393星][3y] [Py] 36hours/idaemu 基于Unicorn引擎的代码模拟插件
- 重复区段: IDA->插件->辅助脚本编写->未分类 |
- [282星][2m] [Py] fireeye/flare-emu 结合Unicorn引擎, 简化模拟脚本的编写
- 重复区段: IDA->插件->辅助脚本编写->未分类 |
- [202星][2y] [Py] tkmru/nao 移除死代码(dead code), 基于Unicorn引擎
- 重复区段: IDA->插件->反混淆 |
- [126星][3y] [Py] codypierce/pyemu 在IDA中使用x86模拟器
- [1542星][28d] [Py] lifting-bits/mcsema 将x86, amd64, aarch64二进制文件转换成LLVM字节码
- [421星][1m] [C] mcgill-dmas/kam1n0-community 汇编代码管理与分析平台(独立工具+IDA插件)
- 重复区段: IDA->插件->签名(FLIRT等)->未分类 |
- IDA插件
- kam1n0
- [27星][4y] [Scheme] yifanlu/cgen CGEN的Fork,增加了生成IDA IDP模块的支持
- [23星][2y] [Py] tintinweb/unbox Unbox is a convenient one-click unpack and decompiler tool that wraps existing 3rd party applications like IDA Pro, JD-Cli, Dex2Src, and others to provide a convenient archiver liker command line interfaces to unpack and decompile various types of files
-
[492星][7m] [Py] danigargu/heap-viewer 查看glibc堆, 主要用于漏洞开发
-
[376星][2y] [Py] 1111joe1111/ida_ea 用于辅助漏洞开发和逆向
-
[372星][3m] [Py] l4ys/lazyida 若干快速访问功能, 扫描字符串格式化漏洞
-
重复区段: IDA->插件->字符串 |IDA->插件->效率->其他 |
-
-
[138星][8m] [Py] iphelix/ida-sploiter 辅助漏洞研究
-
[134星][1y] [Py] carlosgprado/jarvis 多功能, 带界面,辅助静态分析、漏洞挖掘、动态追踪(Pin)、导入导出等
-
[70星][13d] [Py] patois/mrspicky IDA反编译器脚本,辅助审计对于memcpy() 和memmove()函数的调用
- 重复区段: IDA->插件->反编译器 |
-
[32星][6y] [Py] coldheat/quicksec IDAPython script for quick vulnerability analysis
- [54星][3y] [Py] patois/drgadget 开发和分析ROP链
- [19星][2y] [Py] lucasg/idarop 列举并存储ROP gadgets
- [727星][1y] [Py] keystone-engine/keypatch 汇编/补丁插件, 支持多架构, 基于Keystone引擎
- [525星][2y] [C] lunixbochs/patchkit 给ELF文件打补丁(命令行+IDA插件)(可编写Python回调,C函数替换等)
- 重复区段: IDA->插件->ELF |
- IDA插件
- patchkit
- [89星][5y] [Py] iphelix/ida-patcher 二进制文件和内存补丁
- [42星][3y] [C++] mrexodia/idapatch IDA plugin to patch IDA Pro in memory.
- [31星][4m] [Py] scottmudge/debugautopatch Patching system improvement plugin for IDA.
- [16星][8y] [C++] jkoppel/reprogram Patch binaries at load-time
- [0星][8m] [Py] tkmru/genpatch 生成用于打补丁的Python脚本
- [123星][2y] [Shell] feicong/ida_for_mac_green IDAPro 绿化增强版 (macOS)
- [34星][6m] angelkitty/ida7.0
- [16星][2y] jas502n/ida7.0-pro IDA7.0 下载
- [125星][8m] [Py] danigargu/syms2elf 将IDA Pro和Radare2识别的符号(目前仅函数)导出到ELF符号表
- [11星][2y] [C++] fireundubh/ida7-functionstringassociate FunctionStringAssociate plugin by sirmabus, ported to IDA 7
- [3星][2y] [Py] andreafioraldi/idaretaddr 在IDA调试器中高亮函数的返回地址
- 重复区段: IDA->插件->效率->显示增强 |
- [2星][5m] [Py] farzonl/idapropluginlab3 通过静态分析使用的函数,描述恶意代码的行为
- [291星][3m] [Py] a1ext/auto_re 自动化函数重命名
- [119星][5y] [C++] zyantific/retypedef 函数名称替换,可以自定义规则
- [95星][2y] [Py] gaasedelen/prefix IDA 插件,为函数添加前缀
- [48星][3y] [Py] alessandrogario/ida-function-tagger 根据函数使用的导入表,对函数进行标记
- [23星][12m] [Py] howmp/comfinder 查找标记COM组件中的函数
- 重复区段: IDA->插件->针对特定分析目标->未分类 |
- [3星][4y] [Py] ayuto/discover_win 对比Linux和Windows二进制文件,对Windows文件未命名的函数进行自动重命名
- 重复区段: IDA->插件->签名(FLIRT等)->未分类 |
- [180星][6m] [Py] hasherezade/ida_ifl 交互式函数列表
- [150星][15d] [Py] ga-ryo/idafuzzy 模糊搜索: 命令/函数/结构体
- 重复区段: IDA->插件->效率->搜索 |
- [99星][1y] [Py] darx0r/stingray 递归查找函数和字符串
- 重复区段: IDA->插件->字符串 |IDA->插件->效率->其他 |
- [81星][15d] [Py] ax330d/functions-plus 解析函数名称,按命名空间分组,将分组结果以树的形式展示
- 重复区段: IDA->插件->效率->其他 |
- [34星][3y] [Py] darx0r/reef 显示"由指定函数发起的"交叉应用。可以理解为函数内部引用的其他函数
- [17星][4y] [Py] gsingh93/ida-swift-demangle 对Swift函数名进行demangle
- 重复区段: IDA->插件->Apple->Swift |
- [14星][1y] [Py] ax330d/exports-plus 修复IDA不显示全部导出项以及不对导出项名称进行demangle的问题
- [931星][25d] [OCaml] airbus-seclab/bincat 二进制代码静态分析工具。值分析(寄存器、内存)、污点分析、类型重建和传播(propagation)、前向/后向分析
- 重复区段: IDA->插件->结构体->未分类 |
- [868星][2y] [C++] illera88/ponce 简化污点分析+符号执行
- [23星][5m] [Py] jonathansalwan/x-tunnel-opaque-predicates IDA+Triton plugin in order to extract opaque predicates using a Forward-Bounded DSE. Example with X-Tunnel.
- 重复区段: IDA->插件->反混淆 |
-
[1365星][3m] [Py] fireeye/flare-floss 自动从恶意代码中提取反混淆后的字符串
- 重复区段: IDA->插件->反混淆 |
- floss
- IDA插件
-
[372星][3m] [Py] l4ys/lazyida 若干快速访问功能, 扫描字符串格式化漏洞
-
重复区段: IDA->插件->效率->其他 |IDA->插件->漏洞->未分类 |
-
-
[181星][2m] [Py] joxeankoret/idamagicstrings 从字符串常量中提取信息
-
[130星][2y] [Py] comsecuris/ida_strcluster 扩展IDA的字符串导航功能
- 重复区段: IDA->插件->效率->其他 |
-
[99星][1y] [Py] darx0r/stingray 递归查找函数和字符串
- 重复区段: IDA->插件->效率->其他 |IDA->插件->函数相关->导航 |
-
[45星][5y] [Py] kyrus/ida-translator 将IDB数据库中的任意字符集转换为Unicode,然后自动调用基于网页的翻译服务(当前只有谷歌翻译)将非英文语言翻译为英文
-
[4星][3y] [C#] andreafioraldi/idagrabstrings 在指定地址区间内搜索字符串,并将其映射为C结构体
- 重复区段: IDA->插件->结构体->未分类 |
-
[4星][8m] [C] lacike/gandcrab_string_decryptor 解密 GandCrab v5.1-5.3 中的字符串
- 重复区段: IDA->插件->针对特定分析目标->特定样本家族 |
- [449星][2m] [Py] polymorf/findcrypt-yara 使用Yara规则查找加密常量
- 重复区段: IDA->插件->签名(FLIRT等)->Yara |
- [136星][25d] [Py] you0708/ida 查找加密常量
- [42星][7y] [C++] vlad902/findcrypt2-with-mmx 对findcrypt2插件的增强,支持MMX AES指令
- 2019.12 [kienbigmummy] REVERSING WITH IDA FROM SCRATCH (P27)
- 2019.12 [kienbigmummy] REVERSING WITH IDA FROM SCRATCH (P26)
- 2019.12 [knownsec] 使用 IDA 处理 U-Boot 二进制流文件
- 2019.12 [venus] 使用 IDA 处理 U-Boot 二进制流文件
- 2019.11 [hexblog] Extending IDA processor modules for GDB debugging
- 2019.11 [0x48] 使用IDA处理U-Boot二进制流文件
- 2019.11 [aliyun] 使用IDA microcode去除ollvm混淆(上)
- 2019.10 [cisco] New IDA Pro plugin provides TileGX support
- 2019.09 [cisco] GhIDA: Ghidra decompiler for IDA Pro
- 2019.09 [cn0xroot] Fix IDA Crash bug on osx 10.14
- 2019.08 [hexblog] IDA 7.4: IDAPython and Python 3
- 2019.08 [hexblog] IDA 7.4: Turning off IDA 6.x compatibility in IDAPython by default
- 2019.06 [hitbsecconf] #HITB2019AMS D1T2 - fn_fuzzy: Fast Multiple Binary Diffing Triage With IDA - Takahiro Haruyama
- 2019.05 [aliyun] 欺骗IDA F5参数识别
- 2019.05 [aliyun] 混淆IDA F5的一个小技巧-x64
- 2018.11 [4hou] 使用IDAPython自动映射二进制文件替换默认函数名
- 2018.10 [WarrantyVoider] Ida Pro Tutorial - Compare Reverse Engineering
- 2018.06 [freebuf] MindshaRE:如何利用IDA Python浏览WINDOWS内核
- 2018.05 [WarrantyVoider] Tutorial - Debugging In Source Code With IDA Pro
- 2018.03 [BinaryAdventure] x86 In-Depth 4: Labeling Structs Properly in IDA Pro
- 2017.12 [BinaryAdventure] Understanding the IDAPython API Docs
- 2016.01 [freebuf] 适用于IDA Pro的CGEN框架介绍
- 2015.12 [] 某公司泄露版IDA pro6.8去除局域网检测
- 2015.10 [pediy] [原创]基于IDA Python的Dex Dump
- 2012.11 [pediy] [原创]分享一个QuickTime静态分析IDAPython脚本
- 2009.03 [pediy] [原创]如何将idc脚本移植成IDA plugin程序
- 2006.11 [pediy] [翻译]008使用IDA PRO的跟踪特性
- 2018.05 [tradahacking] 使用IDA和辅助工具比较二进制文件
- 2018.04 [pediy] [翻译]IDAPython-Book(Alexander Hanel)
- 2018.03 [hexblog] IDA on non-OS X/Retina Hi-DPI displays
- 2018.03 [pediy] [翻译]IDA v6.5 文本执行
- 2018.02 [pediy] [原创]逆向技术之熟悉IDA工具
- 2018.01 [pediy] [原创]ARM Linux下搭建IDA Pro远程调试环境
- 2018.01 [pediy] [翻译]对抗IDA Pro调试器ARM反汇编的技巧
- 2017.12 [OALabs] Debugging shellcode using BlobRunner and IDA Pro
- 2017.12 [pediy] [原创]IDA7.0 Mac 插件编译指南
- 2017.12 [pediy] [原创]IDA 插件- FRIEND 的安装和使用
- 2017.12 [BinaryAdventure] IDAPython Tutorial with example script
- 2017.11 [OALabs] How To Defeat Anti-VM and Anti-Debug Packers With IDA Pro
- 2017.11 [pediy] [原创]IDAPython脚本分享 - 自动在JNI_OnLoad下断点
- 2017.11 [pediy] [求助]IDA Pro调试so,附加完毕,跳到目标so基址,但是内容都是DCB伪指令?
- 2017.11 [OALabs] IDA Pro Malware Analysis Tips
- 2017.10 [hexblog] IDA and common Python issues
- 2017.10 [pediy] [分享]IDA + VMware 调试win7 x64
- 2017.06 [pediy] [翻译]IDA Hex-Rays反编译器使用的一些小技巧
- 2017.06 [qmemcpy] IDA series, part 2: debugging a .NET executable
- 2017.06 [qmemcpy] IDA series, part 1: the Hex-Rays decompiler
- 2017.05 [3gstudent] 逆向分析——使用IDA动态调试WanaCrypt0r中的tasksche.exe
- 2017.05 [pediy] [原创] IDA导入Jni.h
- 2017.05 [oct0xor] Advanced Ida Pro Instruction Highlighting
- 2017.05 [repret] 静态分析提高 Fuzzing 的代码覆盖率:使用 IDA 脚本枚举所有 CMP 指令及与CMP 相关的 JUMP 指令,生成反转 CMP 条件的字典,Fuzzing 时由 KFUZZ 注入。
- 2017.04 [osandamalith] 使Windows Loader直接执行ShellCode,IDA载入文件时崩溃,而且绕过大多数杀软。
- 2017.04 [hexacorn] IDA, hotpatched functions and signatures that don’t work…
- 2017.04 [] Remote debugging in IDA Pro by http tunnelling
- 2017.03 [pediy] [翻译]如何让 IDA Pro 使用我们提供的 Python 版本以及如何在 Chroot 的环境中运行 IDA Pro
- 2017.01 [kudelskisecurity] SANS Holiday Hack Challenge 2016
- 2016.12 [adelmas] API Hooking with IDA Pro
- 2016.12 [hexacorn] IDA, function alignment and signatures that don’t work…
- 2016.10 [] Build IDA Pro KeyPatch for Fedora Linux
- 2016.05 [lucasg] Do not load dll from System32 directly into IDA
- 2016.04 [hexacorn] Creating IDT/IDS files for IDA from MS libraries with symbols
- 2016.02 [pediy] [原创]翻译,IDA调试Dalvik
- 2016.01 [pediy] [原创]Android 5.0 + IDA 6.8 调试经验分享
- 2016.01 [insinuator] Dynamic IDA Enrichment (aka. DIE)
- 2016.01 [360] 在OSX上编译非osx ida pro插件
- 2016.01 [adventuresincyberchallenges] SANS Holiday Hack Quest 2015
- 2015.12 [yifan] CGEN for IDA Pro
- 2015.12 [pediy] 调试篇---安卓arm/x86平台之IDA or GDB长驱直入
- 2015.12 [hexacorn] IDAPython – making strings decompiler-friendly
- 2015.12 [pediy] [原创]IDA Pro 6.8 安装密码爆破的可行性分析
- 2015.11 [govolution] Very first steps with IDA
- 2015.08 [pediy] [原创]一步步搭建ida pro动态调试SO环境。
- 2015.07 [hexblog] Hack of the day #0: Somewhat-automating pseudocode HTML generation, with IDAPython.
- 2015.06 [msreverseengineering] Transparent Deobfuscation with IDA Processor Module Extensions
- 2015.02 [pediy] [原创]使用IDA PRO+OllyDbg+PEview 追踪windows API 动态链接库函数的调用过程。
- 2014.12 [hexblog] Augmenting IDA UI with your own actions.
- 2014.10 [vexillium] SECURE 2014 slide deck and Hex-Rays IDA Pro advisories published
- 2014.10 [pediy] [原创]解决IDA的F5(hexray 1.5)不能用于FPU栈用满的情况
- 2014.08 [3xp10it] ida插件使用备忘录
- 2014.08 [3xp10it] ida通过usb调试ios下的app
- 2014.08 [3xp10it] ida批量下断点追踪函数调用
- 2014.08 [3xp10it] ida插件使用备忘录
- 2014.08 [3xp10it] ida插件mynav
- 2014.08 [3xp10it] ida通过usb调试ios下的app
- 2014.08 [3xp10it] ida批量下断点追踪函数调用
- 2014.07 [hexblog] IDA Dalvik debugger: tips and tricks
- 2014.04 [hexblog] Extending IDAPython in IDA 6.5: Be careful about the GIL
- 2014.03 [zdziarski] The Importance of Forensic Tools Validation
- 2014.03 [evilsocket] Programmatically Identifying and Isolating Functions Inside Executables Like IDA Does.
- 2014.02 [silentsignal] From Read to Domain Admin – Abusing Symantec Backup Exec with Frida
- 2013.12 [hexblog] Interacting with IDA through IPC channels
- 2013.06 [trustwave] 使用IDA调试Android库
- 2013.05 [v0ids3curity] Defeating anti-debugging techniques using IDA and x86 emulator plugin
- 2013.05 [hexblog] Loading your own modules from your IDAPython scripts with idaapi.require()
- 2013.04 [hexblog] Installing PIP packages, and using them from IDA on a 64-bit machine
- 2013.03 [pediy] [原创]IDA Demo6.4破解笔记
- 2012.11 [redplait] pyside for ida pro 6.3 - part 2
- 2012.10 [redplait] AVX/XOP instructions processor extender for IDA Pro
- 2012.10 [redplait] IDA Pro 6.3 SDK is broken ?
- 2012.10 [redplait] pyside for ida pro 6.3
- 2012.09 [redplait] IDA loader of .dcu files from XE3
- 2012.08 [tencent] 浅谈IDA脚本在漏洞挖掘中的应用
- 2012.07 [cr4] VMware + GDB stub + IDA
- 2012.06 [pediy] [原创]PRX loader for IDA
- 2012.06 [pediy] [翻译]API Call Tracing - PEfile, PyDbg and IDAPython
- 2012.05 [redplait] dcu files loader for ida pro v2
- 2012.05 [redplait] dcu files loader for ida pro
- 2012.03 [redplait] updated perl binding for IDA Pro
- 2012.03 [pediy] [原创]IDA批量模式
- 2012.02 [pediy] [原创]IDA Android Remote Debug
- 2012.01 [pediy] [原创]IDA 6.1 bool 及 默认对齐 sizeof 设置永久修复
- 2011.12 [redplait] IDA 5.60 PICode analyzer plugin for win64
- 2011.10 [reverse] How to create IDA C/C++ plugins with Xcode
- 2011.10 [pediy] [转帖]IDA PRO 6.1 远程调试 Android
- 2011.09 [pediy] [推荐]IDA sp-analysis failed 不能F5的 解决方案之(一)
- 2011.08 [pediy] [原创]用IDA Pro + OD 来分析扫雷
- 2011.08 [pediy] [原创]IDA + GDBServer实现iPhone程序远程调试
- 2011.08 [redplait] perl inside IDA Pro
- 2011.07 [redplait] несколько pdb в ida pro
- 2011.07 [pediy] [原创]IDA + Debug 插件 实现64Bit Exe脱壳
- 2011.06 [pediy] [翻译]使用VMWare GDB和IDA调试Windows内核
- 2011.05 [pediy] [分享]IDA 6.1 版本不能F5的解决办法
- 2011.05 [pediy] [原创]IDAPython+OdbgScript动态获取程序执行流程
- 2011.03 [pediy] [原创]Ida Pro Advanced 6.0 中木马分析
- 2011.03 [pediy] [原创]IDA SDK合并jmp乱序插件代码示例阅读
- 2011.01 [hexblog] IDA & Qt: Under the hood
- 2010.12 [pediy] [原创]ida 静态分析 破除时间限制
- 2010.10 [pediy] [下载]IDA pro代码破解揭秘的随书例子下载
- 2010.10 [hexblog] Calculating API hashes with IDA Pro
- 2010.09 [publicintelligence] (U//FOUO) FBI Warning: Extremists Likely to Retaliate Against Florida Group’s Planned “International Burn A Koran Day”
- 2010.08 [mattoh] Exporting IDA function for IDC Script Usage
- 2010.07 [hexblog] Implementing command completion for IDAPython
- 2010.07 [hexblog] Running scripts from the command line with idascript
- 2010.06 [hexblog] Extending IDC and IDAPython
- 2010.04 [hexblog] Kernel debugging with IDA Pro / Windbg plugin and VirtualKd
- 2010.03 [hexblog] Using custom viewers from IDAPython
- 2010.01 [hexblog] Debugging ARM code snippets in IDA Pro 5.6 using QEMU emulator
- 2009.12 [pediy] [原创]Symbian_Remote_Debugger_With_IDA
- 2009.10 [pediy] [原创]IDA学习笔记
- 2009.09 [hexblog] Develop your master boot record and debug it with IDA Pro and the Bochs debugger plugin
- 2009.02 [hexblog] Advanced Windows Kernel Debugging with VMWare and IDA’s GDB debugger
- 2008.10 [evilcodecave] IDA Pro Enhances Hostile Code Analysis Support
- 2008.09 [pediy] [原创]ShellCode Locator for IDA 5.2
- 2008.08 [evilcodecave] IDA Debugger Malformed SEH Causes Crash
- 2008.04 [pediy] [原创]idb_2_pat for ida pro V5.2
- 2007.08 [pediy] [原创]基于 ida 的反汇编转换 Obj 的可行性 笔记(1)
- 2007.04 [pediy] [翻译]Pinczakko的AwardBIOS逆向工程指导
- 2007.02 [pediy] IDA Plugin 编写基础
- 2006.09 [pediy] [翻译]Using IDA Pro's Debugger
- 2006.09 [pediy] [翻译]Customizing IDA Pro
- 2006.08 [msreverseengineering] Defeating HyperUnpackMe2 with an IDA Processor Module
- 2004.11 [pediy] 又说 IDA 边界修改插件
- 2019.07 [kienbigmummy] Cách export data trong IDA
- 2019.07 [hexacorn] Batch decompilation with IDA / Hex-Rays Decompiler
- 2019.06 [openanalysis] Disable ASLR for Easier Malware Debugging With x64dbg and IDA Pro
- 2019.06 [OALabs] Disable ASLR For Easier Malware Debugging With x64dbg and IDA Pro
- 2019.06 [openanalysis] Reverse Engineering C++ Malware With IDA Pro: Classes, Constructors, and Structs
- 2019.06 [OALabs] Reverse Engineering C++ Malware With IDA Pro
- 2019.03 [aliyun] IDA Pro7.0使用技巧总结
- 2018.06 [checkpoint] Scriptable Remote Debugging with Windbg and IDA Pro
- 2015.07 [djmanilaice] 在PyCharm中编写IDAPython脚本时自动提示
- 2015.07 [djmanilaice] 使用IDA自动打开当前目录下的DLL和EXE
- 2018.10 [checkpoint] Labeless Part 6: How to Resolve Obfuscated API Calls in the Ngioweb Proxy Malware - Check Point Research
- 2018.10 [checkpoint] Labeless Part 5: How to Decrypt Strings in Boleto Banking Malware Without Reconstructing Decryption Algorithm. - Check Point Research
- 2018.10 [checkpoint] Labeless Part 4: Scripting - Check Point Research
- 2018.08 [checkpoint] Labeless Part 3: How to Dump and Auto-Resolve WinAPI Calls in LockPos Point-of-Sale Malware - Check Point Research
- 2018.08 [checkpoint] Labeless Part 2: Installation - Check Point Research
- 2018.08 [checkpoint] Labeless Part 1: An Introduction - Check Point Research
- 2019.11 [kienbigmummy] REVERSING WITH IDA FROM SCRATCH (P25)
- 2019.10 [kienbigmummy] REVERSING WITH IDA FROM SCRATCH (P24)
- 2019.10 [tradahacking] REVERSING WITH IDA FROM SCRATCH (P23)
- 2019.09 [kienbigmummy] REVERSING WITH IDA FROM SCRATCH (P21)
- 2019.08 [kienbigmummy] REVERSING WITH IDA FROM SCRATCH (P20)
- 2019.08 [kienbigmummy] REVERSING WITH IDA FROM SCRATCH (P19)
- 2019.07 [kienbigmummy] REVERSING WITH IDA FROM SCRATCH (P18)
- 2019.07 [kienbigmummy] REVERSING WITH IDA FROM SCRATCH (P17)
- 2019.06 [kienbigmummy] REVERSING WITH IDA FROM SCRATCH (P16)
- 2019.06 [kienbigmummy] REVERSING WITH IDA FROM SCRATCH (P15)
- 2019.05 [kienbigmummy] REVERSING WITH IDA FROM SCRATCH (P14)
- 2019.05 [kienbigmummy] REVERSING WITH IDA FROM SCRATCH (P13)
- 2019.04 [kienbigmummy] REVERSING WITH IDA FROM SCRATCH (P12)
- 2019.04 [kienbigmummy] REVERSING WITH IDA FROM SCRATCH (P11)
- 2019.03 [kienbigmummy] REVERSING WITH IDA FROM SCRATCH (P10)
- 2019.03 [kienbigmummy] REVERSING WITH IDA FROM SCRATCH (P9)
- 2019.03 [kienbigmummy] REVERSING WITH IDA FROM SCRATCH (P8)
- 2019.03 [kienbigmummy] REVERSING WITH IDA FROM SCRATCH (P7)
- 2019.03 [tradahacking] REVERSING WITH IDA FROM SCRATCH (P6)
- 2019.03 [kienbigmummy] REVERSING WITH IDA FROM SCRATCH (P5)
- 2019.03 [kienbigmummy] REVERSING WITH IDA FROM SCRATCH (P4)
- 2019.02 [kienbigmummy] REVERSING WITH IDA FROM SCRATCH (P3)
- 2019.02 [kienbigmummy] REVERSING WITH IDA FROM SCRATCH (P2)
- 2019.02 [kienbigmummy] REVERSING WITH IDA FROM SCRATCH (P1)
- 2016.06 [paloaltonetworks] Using IDAPython to Make Your Life Easier, Part6
- 2016.01 [paloaltonetworks] Using IDAPython to Make Your Life Easier, Part5
- 2016.01 [paloaltonetworks] Using IDAPython to Make Your Life Easier, Part4
- 2016.01 [paloaltonetworks] Using IDAPython to Make Your Life Easier, Part3
- 2015.12 [paloaltonetworks] Using IDAPython to Make Your Life Easier, Part2
- 2015.12 [paloaltonetworks] Using IDAPython to Make Your Life Easier, Part1
- 2016.01 [freebuf] IDAPython:让你的生活更美好(五)
- 2016.01 [freebuf] IDAPython:让你的生活更美好(四)
- 2016.01 [freebuf] IDAPython:让你的生活更美好(三)
- 2016.01 [freebuf] IDAPython:让你的生活更美好(二)
- 2016.01 [freebuf] IDAPython:让你的生活更美好(一)
- 2019.01 [ly0n] Reversing C code with IDA part V
- 2019.01 [ly0n] Reversing C code with IDA part IV
- 2019.01 [ly0n] Reversing C code with IDA part III
- 2018.12 [ly0n] Reversing C code with IDA part II
- 2018.01 [ly0n] Reversing C code with IDA part I
- 2019.10 [vmray] VMRay IDA Plugin v1.1: Streamlining Deep-Dive Malware Analysis
- 2019.10 [talosintelligence] New IDA Pro plugin provides TileGX support
- 2019.09 [talosintelligence] GhIDA: Ghidra decompiler for IDA Pro
- 2019.05 [carbonblack] fn_fuzzy: Fast Multiple Binary Diffing Triage with IDA
- 2019.04 [] climacros – IDA productivity tool
- 2019.04 [] QScripts – IDA Scripting productivity tool
- 2019.03 [] Daenerys: IDA Pro and Ghidra interoperability framework
- 2019.03 [freebuf] Ponce:一键即可实现符号执行(IDA插件)
- 2019.01 [talosintelligence] Dynamic Data Resolver (DDR) - IDA Plugin
- 2018.11 [4hou] FLARE脚本系列:使用idawasm IDA Pro插件逆向WebAssembly(Wasm)模块
- 2018.10 [aliyun] 用idawasm IDA Pro逆向WebAssembly模块
- 2018.10 [fireeye] FLARE Script Series: Reverse Engineering WebAssembly Modules Using the idawasm IDA Pro Plugin
- 2018.10 [vmray] Introducing the IDA Plugin for VMRay Analyzer
- 2018.10 [aliyun] IDA-minsc在Hex-Rays插件大赛中获得第二名(2)
- 2018.10 [aliyun] IDA-minsc在Hex-Rays插件大赛中获得第二名(1)
- 2018.10 [aliyun] 通过两个IDAPython插件支持A12 PAC指令和iOS12 kernelcache 重定位
- 2018.09 [ptsecurity] How we developed the NIOS II processor module for IDA Pro
- 2018.09 [talosintelligence] IDA-minsc Wins Second Place in Hex-Rays Plugins Contest
- 2018.09 [cisco] IDA-minsc Wins Second Place in Hex-Rays Plugins Contest
- 2018.09 [msreverseengineering] Weekend Project: A Custom IDA Loader Module for the Hidden Bee Malware Family
- 2018.06 [dougallj] 编写IDA反编译插件之: 处理VMX指令
- 2018.05 [hexblog] IDAPython: wrappers are only wrappers
- 2018.05 [freebuf] HeapViewer:一款专注于漏洞利用开发的IDA Pro插件
- 2018.03 [pediy] [翻译]使用 IDAPython 写一个简单的x86模拟器
- 2018.03 [] Using Z3 with IDA to simplify arithmetic operations in functions
- 2018.02 [] Writing a simple x86 emulator with IDAPython
- 2018.01 [fireeye] FLARE IDA Pro Script Series: Simplifying Graphs in IDA
- 2017.12 [ret2] What's New in Lighthouse v0.7
- 2017.12 [OALabs] Using Yara Rules With IDA Pro - New Tool!
- 2017.11 [hasherezade] IFL - Interactive Functions List - a plugin for IDA Pro
- 2017.06 [reverse] EFISwissKnife 介绍
- 2017.04 [redplait] etwex - ida plugin for Etw traces IIDs searching
- 2017.04 [360] IDAPython:一个可以解放双手的 IDA 插件
- 2017.03 [duksctf] Make IDA Pro Great Again
- 2017.03 [redplait] ida plugin for RFG fixups processing
- 2017.02 [argus] Collaborative Reverse Engineering with PSIDA - Argus Cyber Security
- 2016.01 [eugenekolo] A walk through the binary with IDA
- 2015.12 [360] 适用于IDA Pro的CGEN框架
- 2015.12 [freebuf] FLARE IDA Pro的脚本系列:自动化提取函数参数
- 2015.04 [nul] VMProtect + IDA Pro 做一回强悍的加密
- 2015.03 [joxeankoret] Diaphora, a program diffing plugin for IDA Pro
- 2014.10 [devttys0] A Code Signature Plugin for IDA
- 2014.09 [freebuf] 火眼(FireEye)实验室FLARE IDA Pro脚本系列:MSDN注释插件
- 2014.08 [3xp10it] ida插件mynav
- 2014.05 [oct0xor] Deci3dbg - Ida Pro Debugger Module for Playstation 3
- 2013.11 [quarkslab] IDA processor module
- 2013.06 [redplait] IDA loader of .dcu files from XE4
- 2012.07 [reverse] ExtractMachO: an IDA plugin to extract Mach-O binaries from disassembly
- 2011.11 [reverse] Display Mach-O headers plugin for IDA
- 2011.04 [hexblog] VirusTotal plugin for IDA Pro
- 2010.05 [joxeankoret] MyNav, a python plugin for IDA Pro
- 2019.03 [360] 为CHIP-8编写IDA processor module
- 2018.10 [ptsecurity] Modernizing IDA Pro: how to make processor module glitches go away
- 2018.08 [360] Lua程序逆向之为Luac编写IDA Pro处理器模块
- 2018.09 [dustri] IDAPython vs. r2pipe
- 2008.10 [pediy] [翻译]The IDA Pro Book 第六章
- 2008.10 [pediy] [翻译](20081030更新)The IDA Pro Book 第12章:使用FLIRT签名识别库
- 2008.10 [pediy] [翻译]The IDA Pro Book(第二章)
- 2008.10 [pediy] [翻译]The IDA Pro book 第5章---IDA DATA DISPLAY
- 2008.10 [pediy] [翻译]The IDA Pro Book(第一章)
- 2009.01 [pediy] [原创]Reverse Engineering Code with IDA Pro第七章中文译稿
- 2008.06 [pediy] [翻译]Reverse Engineering Code with IDA Pro(第一、二章)
- 2019.01 [pediy] [原创]IDA7.2安装包分析
- 2019.01 [pediy] [原创]IDA 在解析 IA64 中的 brl 指令时存在一个 Bug
- 2018.11 [hexblog] IDA 7.2 – The Mac Rundown
- 2018.10 [pediy] [原创] 修复 IDA Pro 7.0在macOS Mojave崩溃的问题
- 2019.11 [4hou] 反作弊游戏如何破解,看看《黑色沙漠》逆向分析过程:使用 IDAPython 和 FLIRT 签名恢复 IAT
- 2019.11 [aliyun] 使用IDA microcode去除ollvm混淆(下)
- 2019.06 [devco] 破密行動: 以不尋常的角度破解 IDA Pro 偽隨機數
- 2019.05 [360] IDAPython实战项目——DES算法识别
- 2019.04 [venus] 使用 IDA Pro 的 REobjc 模块逆向 Objective-C 二进制文件
- 2019.01 [ly0n] Cracking with IDA (redh@wk 2.5 crackme)
- 2018.11 [somersetrecon] Introduction to IDAPython for Vulnerability Hunting - Part 2
- 2018.11 [pediy] [原创]IDA动态调试ELF
- 2018.06 [pediy] [翻译]在IDA中使用Python Z3库来简化函数中的算术运算
- 2018.03 [duo] Reversing Objective-C Binaries With the REobjc Module for IDA Pro
- 2006.05 [pediy] Themida v1008 驱动程序分析,去除花指令的 IDA 文件
- 2019.04 [360] 两种姿势批量解密恶意驱动中的上百条字串
- 2019.03 [cyber] 使用IDAPython分析Trickbot
- 2019.01 [OALabs] Lazy String Decryption Tips With IDA PRO and Shade Ransomware Unpacked!
- 2018.09 [4hou] Hidden Bee恶意软件家族的定制IDA装载模块开发
- 2018.09 [4hou] 用IDAPython解密Gootkit中的字符串
- 2018.05 [OALabs] Unpacking Gootkit Part 2 - Debugging Anti-Analysis Tricks With IDA Pro and x64dbg
- 2018.04 [OALabs] Unpacking VB6 Packers With IDA Pro and API Hooks (Re-Upload)
- 2018.03 [OALabs] Unpacking Gootkit Malware With IDA Pro and X64dbg - Subscriber Request
- 2018.01 [OALabs] Unpacking Pykspa Malware With Python and IDA Pro - Subscriber Request Part 1
- 2017.11 [OALabs] Unpacking Process Injection Malware With IDA PRO (Part 2)
- 2017.11 [OALabs] Unpacking Process Injection Malware With IDA PRO (Part 1)
- 2017.06 [hackers] Reverse Engineering Malware, Part 3: IDA Pro Introduction
- 2017.05 [4hou] 逆向分析——使用IDA动态调试WanaCrypt0r中的tasksche.exe
- 2017.05 [3gstudent] 逆向分析——使用IDA动态调试WanaCrypt0r中的tasksche.exe
- 2012.06 [trustwave] 使用IDAPython对Flame的字符串进行反混淆
- 2018.07 [360] 如何使用 IDAPython 寻找漏洞
- 2018.07 [somersetrecon] 如何使用IDAPython挖掘漏洞
- 2019.10 [amossys] 探秘Hex-Rays microcode
- 2019.05 [aliyun] 混淆IDA F5的一个小技巧-x86
- [18649星][10d] [Java] nationalsecurityagency/ghidra 软件逆向框架
- [59星][9m] nationalsecurityagency/ghidra-data Ghidra源代码存储库的配套存储库,作为放置可改善Ghidra的数据集的地方
- [49星][2m] [Shell] bkerler/ghidra_installer 为Ghidra在Ubuntu 18.04 / 18.10上设置OpenJDK 11,以及针对4K的扩展
- [27星][3m] [Dockerfile] dukebarman/ghidra-builder Docker映像,用于从源代码构建Ghidra 逆向框架
- [455星][9m] [YARA] ghidraninja/ghidra_scripts Ghidra脚本
- binwalk 对当前程序运行BinWalk, 标注找到的内容
- yara 使用Yara查找加密常量
- swift_demangler 自动demangle Swift函数名
- golang_renamer 恢复stripped Go二进制文件的函数名
- [204星][8m] [Java] rolfrolles/ghidrapal Ghidra 程序分析库(无文档)
- [83星][16d] allsafecybersecurity/awesome-ghidra A curated list of awesome Ghidra materials
- [53星][9m] aldelaro5/ghidra-gekko-broadway-lang 在Nintendo GameCube和Nintendo Wii中分别使用的Gekko和Broadway CPU变体的Ghidra语言定义
- [51星][2m] [Makefile] blacktop/docker-ghidra Ghidra 客户端/服务器的Docker镜像
- [36星][2m] [Java] ayrx/jnianalyzer 可与Android NDK库一起使用的Ghidra脚本:解析FindNativeJNIMethods的输出,并将函数签名应用于二进制文件中的所有匹配函数。
- [34星][2m] [Py] pagalaxylab/ghidra_scripts Ghidra脚本
- [19星][9m] [Java] kant2002/ghidra As it is obvious from the name this is version of NSA Ghidra which actually could be built from sources
- [18星][2m] [Java] threatrack/ghidra-patchdiff-correlator This project tries to provide additional Ghidra Version Tracking Correlators suitable for patch diffing.
- [16星][5m] hedgeberg/rl78_sleigh An implementation of the RL78 ISA for Ghidra SRE
- [12星][3m] [Java] threatrack/ghidra-fid-generator Code for generating Ghidra FidDb files (currently only for static libraries available in the CentOS repositories)
- [5星][8m] [Py] 0xd0cf11e/ghidra Anything related to Ghidra
- [123星][11d] [Java] al3xtjames/ghidra-firmware-utils 辅助PC固件逆向的各种模块
- [108星][1m] [Java] astrelsky/ghidra-cpp-class-analyzer C++类和运行时类型信息(RTTI)分析器
- [94星][7m] [Java] felberj/gotools 辅助Golang二进制逆向
- [42星][2m] [Py] kc0bfv/pcode-emulator Ghidra的PCode模拟器
- [90星][3m] [Java] adubbz/ghidra-switch-loader Nintendo Switch loader for Ghidra
- [79星][2m] [Py] leveldown-security/svd-loader-ghidra
- [65星][24d] [Java] beardypig/ghidra-emotionengine Ghidra Processor for the Play Station 2's Emotion Engine MIPS based CPU
- [56星][5m] [Assembly] xyzz/ghidra-mep Toshiba MeP processor module for GHIDRA
- [54星][1m] [Java] cuyler36/ghidra-gamecube-loader A Nintendo GameCube binary loader for Ghidra
- [53星][10m] [Java] jogolden/ghidraps4loader A Ghidra loader for PlayStation 4 binaries.
- [44星][3m] [Java] nalen98/ebpf-for-ghidra eBPF Processor for Ghidra
- [34星][6m] [Java] idl3r/ghidravmlinuxloader
- [32星][9d] [Java] zerokilo/n64loaderwv Ghidra Loader Module for N64 ROMs
- [30星][5m] cturt/gameboy_ghidrasleigh Ghidra Processor support for Nintendo Game Boy
- [28星][9d] [Java] zerokilo/xexloaderwv Ghidra Loader Module for X360 XEX Files
- [27星][2m] vgkintsugi/ghidra-segasaturn-processor A Ghidra processor module for the Sega Saturn (SuperH SH-2)
- [25星][9m] [Assembly] thog/ghidra_falcon Support of Nvidia Falcon processors for Ghidra (WIP)
- [19星][7m] guedou/ghidra-processor-mep Toshiba MeP-c4 for Ghidra
- [15星][2m] [Java] neatmonster/mclf-ghidra-loader Ghidra loader module for the Mobicore trustlet and driver binaries
- [7星][4m] [Java] ballon-rouge/rx-proc-ghidra Renesas RX processor module for Ghidra
- [5星][6m] [CSS] lcq2/griscv RISC-V processor plugin for Ghidra
- [5星][9d] [Java] zerokilo/c64loaderwv Ghidra Loader Module for C64 programs
- [24星][9m] [Java] jonas-schievink/ghidraxbe A Ghidra extension for loading Xbox Executables (.xbe files)
- [18星][10m] [Java] jayfoxrox/ghidra-xbox-extensions Tools to analyze original Xbox files in the Ghidra SRE framework
- [175星][14d] [C++] radareorg/r2ghidra-dec Ghidra反编译器与Radare2深度集成
- 重复区段: Radare2->插件->与其他工具交互->IDA |
- [36星][5m] [Java] radare/ghidra-r2web Ghidra插件,启动r2 web服务器, 使r2可与其交互
- [299星][4m] [Py] cisco-talos/ghida 在IDA中集成Ghidra反编译器
- 重复区段: IDA->插件->导入导出->Ghidra |
- [238星][9m] [Py] daenerys-sre/source 使IDA和Ghidra脚本通用, 无需修改
- 重复区段: IDA->插件->导入导出->Ghidra |
- [88星][4m] [Py] cisco-talos/ghidraaas 通过REST API暴露Ghidra分析服务, 也是GhIDA的后端
- 重复区段: IDA->插件->导入导出->Ghidra |
- [54星][9m] [Py] nwmonster/applysig Apply IDA FLIRT signatures for Ghidra
- [47星][2m] [Py] utkonos/lst2x64dbg Extract labels from IDA .lst or Ghidra .csv file and export x64dbg database.
- 重复区段: IDA->插件->导入导出->Ghidra |x64dbg->插件->新添加的 |
- [102星][4m] [Java] 0ffffffffh/dragondance 在Ghidra中进行代码覆盖情况的可视化
- 重复区段: DBI->IntelPin->工具->与其他工具交互->未分类 |
- Ghidra插件
- coverage-pin 使用Pin收集信息
- [42星][2m] [Java] revolver-ocelot-saa/ghidrax64dbg 从Ghidra中提取注释,导入到X32/X64 dbg数据库
- 重复区段: x64dbg->插件->新添加的 |
- [78星][10m] [Py] elliiot/ghidra_darknight DarkNight theme for Ghidra
- [40星][27d] [Py] vdoo-connected-trust/ghidra-pyi-generator 为整个Ghidra API生成.pyi类型stub,在PyCharm中使用,以增强Ghidra脚本开发体验
- [19星][5m] [Java] edmcman/ghidra-scala-loader Ghidra扩展,家在Scala编写的Ghidra脚本
- 2019.12 [shogunlab] Here Be Dragons: Reverse Engineering with Ghidra - Part 1 [Data, Functions & Scripts]
- 2019.11 [freebuf] 使用Ghidra分析phpStudy后门
- 2019.10 [4hou] 使用 Ghidra 分析 phpStudy 后门
- 2019.10 [knownsec] 使用 Ghidra 分析 phpStudy 后门
- 2019.10 [venus] 使用 Ghidra 分析 phpStudy 后门
- 2019.10 [WarrantyVoider] C64LoaderWV - Loading C64 programs into Ghidra
- 2019.08 [pentestpartners] CVE-2019-12103 – Analysis of a Pre-Auth RCE on the TP-Link M7350, with Ghidra!
- 2019.08 [xpnsec] Analysing RPC With Ghidra and Neo4j
- 2019.04 [X0x6d696368] ghidra_scripts: GoogleSearch.py (to lookup function names via Google)
- 2019.04 [X0x6d696368] ghidra_scripts: SimpleStackStrings.py (to reassemble "stack strings")
- 2019.04 [X0x6d696368] ghidra_scripts: colorCallGraphCallsTo.py (using SetBackroundColor and traversing the call graph)
- 2019.04 [4hou] 利用GHIDRA逆向Tytera MD380的固件
- 2019.04 [jeanmichel] First steps with Ghidra: crackme01
- 2019.03 [GynvaelEN] Hacking Livestream #74: Ghidra
- 2019.01 [sans] How to Train Your Dragon: Ghidra Basics
- 2019.09 [dustri] Radare2, IDA Pro, and Binary ninja, a metaphoric comparison
- 2019.05 [vimeo] Three Heads are Better Than One: Mastering Ghidra - Alexei Bulazel, Jeremy Blackthorne - INFILTRATE 2019
- 2019.04 [X0x6d696368] Ghidra: Stack Depth (to detect stack manipulation)
- 2019.04 [X0x6d696368] Ghidra: Version Tracking
- 2019.04 [X0x6d696368] Ghidra: Export Symbols and Load External Libraries (to resolve imported function names)
- 2019.04 [X0x6d696368] Ghidra: Data Type Manager / Archives and Parse C Source... (resolve function signatures)
- 2019.04 [X0x6d696368] Ghidra: Generate Checksum... (to extract hashes of embedded malware artifacts)
- 2019.04 [msreverseengineering] An Abstract Interpretation-Based Deobfuscation Plugin for Ghidra
- 2019.04 [X0x6d696368] Ghidra: FunctionID (to identify libraries and code reuse)
- 2019.04 [X0x6d696368] Ghidra: Server / Shared Projects (using ghidra-server.org)
- 2019.04 [X0x6d696368] Ghidra: Bytes View (to patch binary and export to a working PE file)
- 2019.04 [X0x6d696368] Ghidra: Fixing Bugs (Fixing PE section import size alignment)
- 2019.04 [X0x6d696368] Ghidra: Clear Flow and Repair, and Patch Instruction (to defeat anti-disassembly)
- 2019.04 [X0x6d696368] Ghidra: Scripting (Python) (a quick introduction by implementing pipeDecoder.py)
- 2019.04 [X0x6d696368] Ghidra: Decompile and compile (to quickly reimplement malware decoding functions)
- 2019.04 [X0x6d696368] Ghidra: EditBytesScript (to fix/manipulate PE header to load ShadowHammer setup.exe sample)
- 2019.04 [X0x6d696368] Ghidra: Extract and Import ... (to extract resources from PE binaries)
- 2019.04 [X0x6d696368] Ghidra: YaraGhidraGUIScript (to generate a YARA signature for threat/retro hunting)
- 2019.04 [X0x6d696368] Ghidra: XORMemoryScript (to XOR decode strings)
- 2019.04 [yoroi] Ghidra SRE: The AZORult Field Test
- 2019.03 [nsfocus] Ghidra Software Reverse Engineering Framework逆向工具分析
- 2019.03 [sans] Tip: Ghidra & ZIP Files
- 2019.03 [cybersecpolitics] Ghidra: A meta changer?
- 2019.03 [freecodecamp] How I solved a simple CrackMe challenge with the NSA’s Ghidra
- 2019.03 [] Ghidra: A quick overview for the curious
- 2019.03 [freebuf] RSA 2019丨NSA内部开源反汇编工具集Ghidra
- 2019.03 [n0where] NSA Software Reverse Engineering Framework: Ghidra
- 2019.03 [malwaretech] Video: First Look at Ghidra (NSA Reverse Engineering Tool)
- 2019.03 [MalwareTech] First Look at Ghidra (NSA Reverse Engineering Tool)
- 2019.01 [linuxjournal] GitHub Announces that Free Accounts Now Can Create Private Repositories, Bash-5.0 Released, iPhone Apps Linked to Golduck Malware, Godot Game Engine Reaches 3.1 Beta, NSA to Open-Source Its GHIDRA Reverse-Engineering Tool
- 2019.10 [securityaffairs] Ghidra 9.0.4及之前版本的代码执行漏洞
- 2019.10 [4hou] CVE-2019-16941: NSA Ghidra工具RCE漏洞
- 2019.03 [venus] Ghidra 从 XXE 到 RCE
- 2019.03 [tencent] Ghidra 从 XXE 到 RCE
- 2019.09 [venus] 使用 Ghidra 对 iOS 应用进行 msgSend 分析
- 2019.09 [4hou] 使用Ghidra对iOS应用进行msgSend分析
- 2019.09 [WarrantyVoider] X360 XEX Decompiling With Ghidra
- 2019.08 [WarrantyVoider] N64 ROM Decompiling With Ghidra - N64LoaderWV
- 2019.08 [4hou] 基于Ghidra和Neo4j的RPC分析技术
- 2019.04 [X0x6d696368] Ghidra: Search Program Text... (to find XOR decoding functions in malware)
- 2019.04 [shogunlab] Here Be Dragons: Reverse Engineering with Ghidra - Part 0 [Main Windows & CrackMe]
- 2019.03 [GhidraNinja] Reverse engineering with #Ghidra: Breaking an embedded firmware encryption scheme
- 2019.03 [GhidraNinja] Ghidra quickstart & tutorial: Solving a simple crackme
- 2019.11 [4hou] 使用Ghidra对WhatsApp VOIP Stack 溢出漏洞的补丁对比分析
- 2019.09 [4hou] 利用Ghidra分析TP-link M7350 4G随身WiFi的RCE漏洞
- 2019.08 [aliyun] CVE-2019-12103 使用Ghidra分析TP-Link M7350上的预认证RCE
- 2019.06 [dawidgolak] IcedID aka #Bokbot Analysis with Ghidra.
- 2019.04 [aliyun] 利用Ghidra分析恶意软件Emotet
- 2019.04 [X0x6d696368] Ghidra: Shadow Hammer (Stage 1: Setup.exe) complete static Analysis
- 2019.04 [X0xd0cf11e] Analyzing Emotet with Ghidra — Part 2
- 2019.04 [X0x6d696368] Ghidra: Android APK (it's basically dex2jar with a .dex decompiler)
- 2019.04 [X0xd0cf11e] Analyzing Emotet with Ghidra — Part 1
- 2019.03 [GhidraNinja] Reversing WannaCry Part 1 - Finding the killswitch and unpacking the malware in #Ghidra
- 2019.03 [HackerSploit] Malware Analysis With Ghidra - Stuxnet Analysis
- 2019.03 [sans] Analysing meterpreter payload with Ghidra
- 2019.11 [deadc0de] 使用Python编写Ghidra脚本示例
- 2019.04 [X0x6d696368] ghidra_scripts: RC4Decryptor.py
- 2019.04 [aliyun] 如何开发用于漏洞研究的Ghidra插件,Part 1
- 2019.04 [somersetrecon] Ghidra Plugin Development for Vulnerability Research - Part-1
- 2019.03 [wololo] PS4 release: GhidraPS4Loader and Playstation 4 Flash tool
- [34576星][1m] [C++] x64dbg/x64dbg Windows平台x32/x64调试器
- [1672星][7m] [C++] yegord/snowman Snowman反编译器,支持x86, AMD64, ARM。有独立的GUI工具、命令行工具、IDA/Radare2/x64dbg插件,也可以作为库使用
- 重复区段: IDA->插件->反编译器 |
- IDA插件
- snowman QT界面
- nocode 命令行工具
- nc 核心代码,可作为库使用
- [1341星][1m] [C] x64dbg/x64dbgpy Automating x64dbg using Python, Snapshots:
- [1133星][2y] [C++] x64dbg/gleebug Debugging Framework for Windows.
- [972星][2m] [Py] x64dbg/docs x64dbg文档
- [471星][13d] [C] bootleg/ret-sync 在反汇编工具和调试器之间同步调试会话
- [363星][9m] fr0gger/awesome-ida-x64-olly-plugin IDA x64DBG OllyDBG 插件收集
- 重复区段: IDA->插件->收集 |
- [163星][2m] [Py] x64dbg/x64dbgida x64dbg插件,用于IDA数据导入导出
- 重复区段: IDA->插件->导入导出->未分类 |
- [78星][12d] [C] horsicq/nfdx64dbg Plugin for x64dbg Linker/Compiler/Tool detector.
- [77星][3m] [C] ahmadmansoor/advancedscript Add More Features for x64dbg Script System,with some Functions which will help Plugin Coder
- [75星][4y] [C++] x64dbg/xedparse A MASM-like, single-line plaintext assembler
- [72星][2y] [C] 0ffffffffh/api-break-for-x64dbg x64dbg plugin to set breakpoints automatically to Win32/64 APIs
- [71星][2y] [Py] x64dbg/mona Fork of mona.py with x64dbg support
- [70星][12d] [C] horsicq/stringsx64dbg Strings plugin for x64dbg
- [47星][2m] [Py] utkonos/lst2x64dbg Extract labels from IDA .lst or Ghidra .csv file and export x64dbg database.
- [43星][7m] [YARA] x64dbg/yarasigs Various Yara signatures (possibly to be included in a release later).
- [42星][2m] [Java] revolver-ocelot-saa/ghidrax64dbg 从Ghidra中提取注释,导入到X32/X64 dbg数据库
- 重复区段: Ghidra->插件->与其他工具交互->调试器 |
- [41星][12d] [C] horsicq/pex64dbg pe 查看
- [40星][3y] [C++] x64dbg/interobfu Intermediate x86 instruction representation for use in obfuscation/deobfuscation.
- [38星][3y] [C] changeofpace/force-page-protection This x64dbg plugin sets the page protection for memory mapped views in scenarios which cause NtProtectVirtualMemory to fail.
- [38星][3y] [C++] kurapicabs/x64_tracer x64dbg conditional branches logger [Plugin]
- [38星][3y] [CSS] thundercls/x64dbg_vs_dark x64dbg stylesheet like visual studio dark theme
- [37星][3y] [C] changeofpace/pe-header-dump-utilities This x64dbg plugin adds several commands for dumping PE header information by address.
- [29星][1y] [Assembly] mrfearless/apiinfo-plugin-x86 APIInfo Plugin (x86) - A Plugin For x64dbg
- [29星][3y] [Py] x64dbg/x64dbgbinja Official x64dbg plugin for Binary Ninja
- [28星][2y] [C] x64dbg/plugintemplate Plugin template for x64dbg. Releases:
- [28星][2y] [C] x64dbg/slothbp Collaborative Breakpoint Manager for x64dbg.
- [27星][2y] atom0s/ceautoasm-x64dbg An x64dbg plugin that allows users to execute Cheat Engine auto assembler scripts within x64dbg.
- [25星][1y] [Assembly] mrfearless/apisearch-plugin-x86 APISearch Plugin (x86) - A Plugin For x64dbg
- [24星][3y] [C++] chausner/1337patch Simple command-line tool to apply patches exported by x64dbg to running processes
- [20星][2y] [Py] techbliss/x64dbg_script_editor x64dbg Script editor v2.0
- [19星][5y] [C] x64dbg/staticanalysis Static analysis plugin for x64dbg (now deprecated).
- [17星][2y] [C#] thundercls/xhotspots xHotSpots plugin for x64dbg
- [16星][11m] [C] mrfearless/x64dbg-plugin-template-for-visual-studio x64dbg plugin template for visual studio
- [15星][4y] [C] realgam3/x64dbg-python Automating x64dbg using Python
- [13星][8m] [C] mrexodia/driver_unpacking Source code for the "Kernel driver unpacking with x64dbg" blog post.
- [13星][1y] [Assembly] mrfearless/x64dbg-plugin-sdk-for-x64-assembler x64dbg Plugin SDK For x64 Assembler
- [12星][2y] [C] blaquee/slothemu unicorn emulator for x64dbg
- [12星][1y] [Assembly] mrfearless/apisearch-plugin-x64 APISearch Plugin (x64) - A Plugin For x64dbg
- [12星][1y] [Assembly] mrfearless/copytoasm-plugin-x86 CopyToAsm (x86) - A Plugin For x64dbg
- [12星][2y] [C] thundercls/magicpoints MagicPoints plugin for x64dbg
- [12星][3y] [C] x64dbg/capstone_wrapper C++ wrapper for capstone (x86 only)
- [12星][2m] [C] x64dbg/qtplugin Plugin demonstrating how to link with Qt.
- [12星][3y] [C] x64dbg/testplugin Example plugin for x64dbg.
- [11星][1y] [Assembly] mrfearless/x64dbg-plugin-sdk-for-x86-assembler x64dbg Plugin SDK For x86 Assembler
- [9星][3y] [C++] jdavidberger/chaiscriptplugin Plugin which enables chai scripts to run inside of x64dbg
- [9星][1y] [Assembly] mrfearless/today-plugin-x64 Today Plugin (x64) - A Plugin For x64dbg
- [4星][3y] [C] mrexodia/traceplugin Very simple trace plugin example for x64dbg.
- [4星][1y] [Assembly] mrfearless/autocmdline-plugin-x86 AutoCmdLine Plugin (x86) - A Plugin For x64dbg
- [4星][1y] [Assembly] mrfearless/copytoasm-plugin-x64 CopyToAsm (x64) - A Plugin For x64dbg
- [4星][1y] [Assembly] mrfearless/today-plugin-x86 Today Plugin (x86) - A Plugin For x64dbg
- [4星][2y] thomasthelen/upxunpacker Scripts for x64dbg to find the OEP of exe files packed with UPX
- [4星][1y] [CSS] x64dbg/blog Blog for x64dbg.
- [3星][1y] [Assembly] mrfearless/autocmdline-plugin-x64 AutoCmdLine Plugin (x64) - A Plugin For x64dbg
- [3星][3y] stonedreamforest/x64dbg_theme_relaxyoureyes Relax Your Eyes
- [3星][2y] [C#] x64dbg/pluginmanager Plugin manager plugin for x64dbg.
- [2星][1y] [Assembly] mrfearless/codeshot-plugin-x86 CodeShot Plugin (x86) - A Plugin For x64dbg
- [2星][1y] [Assembly] mrfearless/stepint3-plugin-x86 StepInt3 Plugin (x86) - A Plugin For x64dbg
- [2星][1y] [C] phidelpark/x64dbgplugins 디버거 x64dbg 플러그인
- [2星][2y] [C] x64dbg/dbgit Simple plugin to automatically add x64dbg databases to version control.
- [1星][2y] [C++] lllshamanlll/x64dbg_cpp_template Simple, easy to use template plugin for x64dbg
- [1星][1y] [Assembly] mrfearless/stepint3-plugin-x64 StepInt3 Plugin (x64) - A Plugin For x64dbg
- [1星][2y] [C++] x64dbg/snowmandummy Dummy DLL for snowman.
- [0星][2y] [C] x64dbg/getcharabcwidthsi_cache Plugin to improve performance of QWindowsFontEngine::getGlyphBearings.
- 2019.02 [freebuf] 使用x64dbg分析微信并获取所有联系人信息
- 2018.03 [freebuf] 使用x64dbg分析微信聊天函数并实现发信息
- 2018.03 [360] 使用x64dbg脱壳之开源壳upx
- 2018.02 [360] 使用x64dbg分析微信防多开功能
- 2018.02 [360] 使用x64dbg 分析 TIM2.0 QQ撤销功能
- 2018.02 [KirbiflintCracking] Patching a Keygenme with x64dbg [Learning Cracking]
- 2018.01 [KirbiflintCracking] Cracking & Keygen a crackme with x64dbg [Learning Cracking]
- 2018.01 [KirbiflintCracking] Cracking the new Steam Stub drm with x64dbg [Learning Cracking]
- 2018.01 [KirbiflintCracking] Cracking a simple crackme & bypassing Anti-debugger protection with x64dbg [Learning Cracking]
- 2017.12 [KirbiflintCracking] Cracking some Crackmes with x64dbg [Learning Cracking]
- 2017.12 [KirbiflintCracking] Cracking a simple Crackme with x64dbg [Learning cracking]
- 2017.10 [x64dbg] Limitations in x64dbg
- 2017.09 [pediy] [翻译]消息断点在x64dbg中的应用 by lantie@15PB
- 2017.07 [pediy] [原创]使用x64dbg+VS2015 Spy++去除WinRAR5.40(64位)广告弹框
- 2017.06 [seowhistleblower] Channel Update + Let's Hack: Sniper Elite 4 (Cheat Engine and x64dbg Tutorial)
- 2016.10 [x64dbg] Architecture of x64dbg
- 2016.07 [x64dbg] x64dbg plugin SDK
- 2016.07 [adelmas] Introducing x64dbg and Pizzacrypts Ransomware Unpacking
- 2015.12 [pediy] [原创]源码编译x64dbg
- 2015.10 [pediy] [原创]win7X64DBGPORT移位数据
- 2015.01 [reverseengineeringtips] An Introduction To x64dbg
- [75星][5y] [C++] quangnh89/ollycapstone This is a plugin for OllyDbg 1.10 to replace the old disasm engine by Capstone disassembly/disassembler framework.
- [48星][8y] [C] stephenfewer/ollysockettrace OllySocketTrace is a plugin for OllyDbg to trace the socket operations being performed by a process.
- [45星][7m] thomasthelen/ollydbg-scripts Unpacking scripts for Ollydbg.
- [41星][1y] [Batchfile] romanzaikin/ollydbg-v1.10-with-best-plugins-and-immunity-debugger-theme- Make OllyDbg v1.10 Look like Immunity Debugger & Best Plugins
- [41星][8y] [C] stephenfewer/ollyheaptrace OllyHeapTrace is a plugin for OllyDbg to trace the heap operations being performed by a process.
- [38星][8y] [C] stephenfewer/ollycalltrace OllyCallTrace is a plugin for OllyDbg to trace the call chain of a thread.
- [24星][6y] [C++] epsylon3/odbgscript OllyDBG Script Engine
- [22星][3y] [Py] ehabhussein/ollydbg-binary-execution-visualizer reverse engineering, visual binary analysis
- [21星][5y] [C++] lynnux/holyshit ollydbg plugin, the goal is to make life easier. The project is DEAD!
- [15星][8y] [C] zynamics/ollydbg-immunitydbg-exporter Exporters for OllyDbg and ImmunityDbg for use with zynamics BinNavi <= 3.0
- [14星][5y] [C++] sinsoul/ollight A Code highlighting plugin for OllyDbg 2.01.
- [9星][2y] [Assembly] dentrax/dll-injection-with-assembly DLL Injection to Exe with Assembly using OllyDbg
- [1星][2y] [Assembly] infocus7/assembly-simple-keygen First time using Ollydbg for Reverse Engineering
- 2019.04 [freebuf] 缓冲区溢出实战教程系列(三):利用OllyDbg了解程序运行机制
- 2018.10 [pediy] [原创]使用“PE文件加区段工具”、“LordPE”、“WinHex”、“OllyDbg”为PE文件添加section、dll(API)
- 2018.10 [pediy] [原创]Ollydbg插件的编写流程
- 2018.03 [pediy] [原创]业余时间开发的类IDA静态反汇编工具(仿Ollydbg界面)(内有传送门)
- 2018.01 [kienbigmummy] OllyDbg_tut32
- 2018.01 [pediy] 如何实现自己的ollydbg调试器 (1) 界面的实现
- 2017.12 [hackers] Reverse Engineering Malware, Part 5: OllyDbg Basics
- 2017.10 [4hou] 工具推荐:逆向破解利器OllyDbg
- 2017.07 [ColinHardy] Three and a half ways to unpack malware using Ollydbg
- 2016.12 [360] 利用OllyDbg跟踪分析Process Hollowing
- 2016.12 [airbuscybersecurity] Following Process Hollowing in OllyDbg
- 2015.11 [pediy] [原创][开源]OllyDbg 2.x插件编写教程
- 2015.11 [pediy] [原创]科普文之如何编写ollydbg插件
- 2015.11 [pediy] [翻译]Ollydbg2.0X版本帮助手册中文翻译
- 2015.08 [pediy] [原创]《使用OllyDbg从零开始Cracking》第14课练习完整解答
- 2015.01 [pediy] [翻译]使用OllyDbg从零开始Cracking 第五十八章-EXECryptor v2.2.50.h脱壳
- 2014.11 [reversec0de] OllyDbg Plugin Converter v0.1b
- 2014.10 [pediy] [翻译]使用OllyDbg从零开始Cracking 第四十四章-ACProtect V1.09脱壳(修复AntiDump)
- 2014.10 [pediy] [翻译]使用OllyDbg从零开始Cracking 第四十三章-ACProtect V1.09脱壳(编写脚本修复IAT)
- 2014.10 [pediy] 使用OllyDbg从零开始Cracking 第四十二章-ACProtect V1.09脱壳(寻找OEP,绕过硬件断点的检测,修复Stolen code)
- 2014.08 [pediy] [求助]旧帖新读之OllyDBG入门系列(五)CrackMe算法分析
- 2014.07 [pediy] [原创]OllyDbg命令栏插件缓冲区溢出
- 2014.05 [pediy] [原创]Android平台的ollydbg即将到来,求gikdbg.art内测伙伴!
- 2014.04 [pediy] 使用OllyDbg从零开始Cracking 第十章-断点
- 2014.04 [pediy] 使用OllyDbg从零开始Cracking 第九章-基本概念
- 2014.04 [pediy] [开源]OllyDbg 2.01 的代码即时高亮插件
- 2014.04 [zairon] My new Ollydbg plugin: Sequential Dumper
- 2014.03 [zairon] Ollydbg plugin development: Findmemory needs Listmemory?
- 2014.03 [pediy] [原创]iOS平台的ollydbg即将到来,求gikdbg内测伙伴!
- 2014.02 [pediy] 使用OllyDbg从零开始Cracking第八章
- 2014.02 [sans] Is OllyDbg Version 2 Ready for Malware Analysis?
- 2014.02 [pediy] [翻译]使用OllyDbg从零开始Cracking 第七章-call,ret
- 2014.02 [pediy] 使用OllyDbg从零开始Cracking(已完结)
- 2014.02 [pediy] [翻译]使用OllyDbg从零开始Cracking 第六章-比较和条件跳转指令
- 2014.02 [pediy] [翻译]使用OllyDbg从零开始Cracking 第五章-数学指令
- 2014.02 [pediy] [翻译]使用OllyDbg从零开始Cracking 第四章-汇编指令
- 2013.09 [toolswatch] New Tool for Visualizing Binaries With Ollydbg and Graphvis released
- 2013.09 [doar] Pinpointing Heap-related Issues: OllyDbg2 Off-by-one Story
- 2013.08 [pediy] [原创]基于VT技术的OllyDbg插件Ddvp
- 2013.05 [pediy] [原创]公布过SafengineChallenge悬赏壳的脚本及OLLYDBG
- 2013.02 [pediy] [原创]OllyDBG 数据转换和反汇编代码插件2013-3-10 更新 支持OD2.01h
- 2011.10 [pediy] [原创]为OllyDbg增添“内存硬件条件断点”功能(1)
- 2011.09 [pediy] [未收录]OllyDbg小改01
- 2011.08 [pediy] [原创]让 OllyDbg 1.10 自动适应并创建 UDD 和 插件 路径
- 2011.03 [pediy] [原创]逆向patch,突破ollydbg 32插件限制
- 2011.02 [pediy] [分享]共享一个Ollydbg小插件带源码
- 2010.10 [pediy] [原创]Ollydbg之SetUnhandledExceptionFilter调试
- 2010.08 [pediy] [原创]一行代码检测程序是否使用OllyDBG启动
- 2010.05 [pediy] [原创]使用OllyDbg调试源代码级C程序
- 2010.03 [pediy] [分享]Ollydbg 硬件断点笔记
- 2009.10 [pediy] [翻译]使用OllyDbg从零开始Cracking 第三章
- 2009.07 [pediy] Anti OllyDbg
- 2009.07 [pediy] [翻译]OllyDbg插件开发手册全部翻译件
- 2009.06 [pediy] [翻译][原创]OllyDbg命令行插件帮助
- 2009.01 [gamelinux] EDB : OllyDbg for Linux… Im in LOVE
- 2009.01 [pediy] [求助]自己做的加密函数导入表,少部分程序只在Ollydbg等调试器下正常运行,高手帮着分析一下为什么?
- 2009.01 [pediy] [求助]OllyDBG的标题汉化问题[附带目前网上很少的非标汉化工具破解版]
- 2008.05 [pediy] [原创]OllyDBG分析报告系列(5)---内存补丁
- 2008.05 [pediy] [原创]OllyDBG分析报告系列(2)---内存断点
- 2008.03 [pediy] [原创]给ollydbg自动添加注释的插件
- 2007.07 [pediy] [下载]OllyDBG入门教程--chm版(看雪论坛)
- 2007.06 [pediy] [原创]关于《OllyDBG 入门系列(五)-消息断点及 RUN 跟踪》的补充
- 2007.06 [pelock] Kaspersky Anti-Virus v6.0.2 vs OllyDbg
- 2007.04 [pediy] 用OllyDbg手脱RLPack V1.17加壳的DLL
- 2007.03 [pediy] 翻译 ollyDBG tutorial.原创
- 2007.02 [pediy] [原创]OllyDBG (Condition) Log Hardware BreakPoint
- 2007.01 [pediy] [初级]用实例讲解OllyICE(OllyDBG)破解一个商业时间限制软件[原创]
- 2006.12 [pediy] 兼容VC,Softice快捷键标准的ollydbg,F5,F8,F10,Ctrl+F5
- 2006.11 [pediy] [原创]从Ollydbg说起-----WinDbg用户态调试教程{看雪学院2006金秋读书季}
- 2006.10 [pediy] [分享]献给初学者---OllyDBG入门教程(收藏版)
- 2006.10 [pediy] [分享]OllyDbg.Disassembler.for.Delphi
- 2006.09 [pediy] OllyDBG1.1条件记录断点中传递命令到命令行插件功能的使用探索
- 2006.04 [pediy] 特定码――用OllyDBG手脱Enigma Protector V1.12加壳的试炼品
- 2006.04 [pediy] [分享]给Ollydbg的增加实用的快捷键操作功能(4.25更新)
- 2006.04 [pediy] [原创]OllyDBG 入门系列(七)-汇编功能
- 2006.03 [pediy] 解决ollydbg调试程序cpu应用率高达100%的问题
- 2006.02 [pediy] [分享]打包OllyDBG 入门系列及一些基础精华(2006-05-10修正)
- 2006.02 [pediy] [原创]OllyDBG 入门系列(五)-消息断点及 RUN 跟踪
- 2006.02 [pediy] [原创]OllyDBG 入门系列(四)-内存断点
- 2006.02 [pediy] [原创]OllyDBG 入门系列(三)-函数参考
- 2006.02 [pediy] [原创]OllyDBG 入门系列(二)-字串参考
- 2006.02 [pediy] [原创]OllyDBG 入门系列(一)-认识OllyDBG
- 2005.12 [pediy] [分享]OllyDBG中快速定位VB按钮的处理程序
- 2005.12 [pediy] 用Ollydbg手脱SafeDisc V2.43.000加壳的DLL
- 2005.12 [pediy] 用Ollydbg手脱Armadillo加壳的DLL――Visual.Assist.X.V10.2.1437.0
- 2005.10 [pediy] ExeCryptor 2.2.X 的 Anti Ollydbg 小结
- 2005.09 [pediy] 用Ollydbg手脱tElock V0.98加壳的DLL(菜鸟练习篇)
- 2005.09 [pediy] OllyDbg + ASProtect SKE 2.X +代码变形
- 2005.08 [pediy] 藏好自己的 OllyDbg
- 2005.08 [pediy] Diy OllyDbg's Loaddll.exe
- 2005.08 [pediy] 使用 OLLYDBG 咄入 Xprotector
- 2005.08 [pediy] [分享]利用OllyDbg进行源码级调试(Win32汇编语言)
- 2005.07 [pediy] 关于调试的几个基础问题,是ollydbg的,有点不明白,在此虚心请教
- 2005.05 [pediy] 用Ollydbg手脱Armadillo加壳的DLL
- 2005.05 [pediy] [原创]使用OllyDbg 分析 USB HID 设备接口协议
- 2005.03 [pediy] 用Ollydbg手脱Packman V0.0.0.1加壳的DLL
- 2005.02 [pediy] [原创]OllyDbg增加填充Nop指令功能
- 2004.12 [pediy] 用Ollydbg手脱ACProtect V1.41加壳的DLL
- 2004.12 [pediy] 用Ollydbg手脱Petite V2.2加壳的DLL
- 2004.12 [pediy] [圣诞贺礼]OllyDbg中文帮助文档
- 2004.12 [pediy] ReloX修复DLL脱壳重定位表的简便方法――用Ollydbg手脱Neolite加壳的DLL
- 2004.12 [pediy] [原创]打造自己喜欢的 Ollydbg
- 2004.11 [pediy] 用Ollydbg手脱PECompact双层加壳的DLL --Psinthk.dll
- 2004.11 [pediy] OllyDbg的help-怎样开始调试(翻译)
- 2004.11 [pediy] 用Ollydbg手脱Softlocx V5.0.0.6加壳的OCX
- 2004.10 [pediy] 用Ollydbg手脱Visual Protect V3.54加壳的DLL
- 2004.10 [pediy] 用OllyDbg手动脱DLL的tELock变形壳
- 2004.10 [pediy] 用OllyDbg 1.10 手脱 chap708.exe之Mission Impassable?
- 2004.08 [pediy] [译]The other ways to detect OllyDbg 检测OllyDbg的另类方法
- 2004.08 [pediy] 用Ollydbg手脱CrypKey V5.7[Stealth]加壳的DLL――CKI32h.DLL
- 2004.07 [pediy] 转贴:OllyDbg Debugger消息格式串处理漏洞
- 2004.07 [pediy] 用Ollydbg手脱EncryptPE V1.2003.5.18加壳的DLL
- 2004.06 [pediy] 用Ollydbg手脱 SVK Protector V1.32 加壳的DLL
- 2004.06 [pediy] 用Ollydbg手脱 幻影 V2.33 加壳的DLL
- 2004.06 [pediy] 用Ollydbg手脱tElock V0.98加壳的DLL
- 2004.06 [pediy] 用Ollydbg手脱ASPack加壳的DLL
- 2004.06 [pediy] 用Ollydbg手脱ASProtect V1.23RC4加壳的DLL
- 2004.06 [pediy] 用Ollydbg手脱JDPack[铁甲] V1.01加壳的DLL
- 2004.05 [pediy] 用Ollydbg手脱UPX加壳的DLL
- 2004.05 [pediy] 用Ollydbg手脱Armadillo V3.60加壳的DLL
- 2004.05 [pediy] 用Ollydbg手脱PECompact加壳的DLL
- 2004.05 [pediy] 转载: 用其它方式检查出 OllyDbg
- [946星][2y] [HTML] chybeta/software-security-learning Software-Security-Learning
- [564星][6m] [C#] fremag/memoscope.net Dump and analyze .Net applications memory ( a gui for WinDbg and ClrMd )
- [389星][2y] [C++] swwwolf/wdbgark WinDBG Anti-RootKit Extension
- [279星][1m] [Py] hugsy/defcon_27_windbg_workshop DEFCON 27 workshop - Modern Debugging with WinDbg Preview
- [230星][9m] [C++] microsoft/windbg-samples Sample extensions, scripts, and API uses for WinDbg.
- [190星][8m] [Py] corelan/windbglib Public repository for windbglib, a wrapper around pykd.pyd (for Windbg), used by mona.py
- [157星][3y] [Py] theevilbit/exploit_generator Automated Exploit generation with WinDBG
- [141星][1y] [Py] bruce30262/twindbg PEDA-like debugger UI for WinDbg
- [136星][27d] [C#] chrisnas/debuggingextensions Host of debugging-related extensions such as post-mortem tools or WinDBG extensions
- [135星][5y] [C] goldshtn/windbg-extensions Various extensions for WinDbg
- [123星][18d] [JS] 0vercl0k/windbg-scripts A bunch of JavaScript extensions for WinDbg.
- [97星][1m] [C++] fdiskyou/iris WinDbg extension to display Windows process mitigations
- [89星][2y] [HTML] sam-b/windbg-plugins Any useful windbg plugins I've written.
- [79星][6y] [C++] tandasat/findpg Windbg extension to find PatchGuard pages
- [77星][3y] [HTML] szimeus/evalyzer Using WinDBG to tap into JavaScript and help with deobfuscation and browser exploit detection
- [72星][25d] [C++] rodneyviana/netext WinDbg extension for data mining managed heap. It also includes commands to list http request, wcf services, WIF tokens among others
- [69星][2y] [C++] lynnux/windbg_hilight A windbg plugin to hilight text in Disassembly and Command windows. Support x86 and x64.
- [67星][3m] davidfowl/windbgcheatsheet This is a cheat sheet for windbg
- [64星][1y] vagnerpilar/windbgtree A command tree based on commands and extensions for Windows Kernel Debugging.
- [62星][2m] [JS] hugsy/windbg_js_scripts Toy scripts for playing with WinDbg JS API
- [60星][3m] [C++] imugee/pegasus reverse engineering extension plugin for windbg
- [59星][3y] [C++] markhc/windbg_to_c Translates WinDbg "dt" structure dump to a C structure
- [58星][3y] rehints/windbg
- [51星][2y] [Py] cisco-talos/dotnet_windbg
- [51星][4y] [C++] fishstiqz/poolinfo kernel pool windbg extension
- [50星][2y] [C#] zodiacon/windbgx An attempt to create a friendly version of WinDbg
- [45星][2y] [Py] kukfa/bindbg Binary Ninja插件, 将Windbg的静态/动态调试同步至Binary Ninja
- [45星][4y] [C++] pstolarz/dumpext WinDbg debugger extension library providing various tools to analyse, dump and fix (restore) Microsoft Portable Executable files for both 32 (PE) and 64-bit (PE+) platforms.
- [43星][3y] [C++] andreybazhan/dbgext Debugger extension for the Debugging Tools for Windows (WinDbg, KD, CDB, NTSD).
- [43星][1y] bulentrahimkazanci/windbg-cheat-sheet A practical guide to analyze memory dumps of .Net applications by using Windbg
- [40星][11m] [C#] kevingosse/windbg-extensions Extensions for the new WinDbg
- [37星][2y] [C] long123king/tokenext A windbg extension, extracting token related contents
- [34星][7m] [C++] seancline/pyext WinDbg Extensions for Python
- [31星][3y] osandamalith/apimon A simple API monitor for Windbg
- [28星][7y] [C++] cr4sh/dbgcb Engine for communication with remote kernel debugger (KD, WinDbg) from drivers and applications
- [28星][2y] [C++] dshikashio/pybag CPython module for Windbg's dbgeng plus additional wrappers.
- [28星][2y] [C++] fdfalcon/typeisolationdbg A little WinDbg extension to help dump the state of Win32k Type Isolation structures.
- [28星][3y] long123king/grep Grep-like WinDbg extension
- [27星][3m] [C++] progmboy/win32kext windbg plugin for win32k debugging
- [22星][4m] wangray/windbg-for-gdb-users "Pwntools does not support Windows. Use a real OS ;)" — Zach Riggle, 2015
- [21星][5y] stolas/windbg-darktheme A dark theme for WinDBG.
- [21星][5y] [Py] windbgscripts/pykd This contains Helpful PYKD (Python Extension for Windbg) scripts
- [18星][3y] [Py] ajkhoury/windbg2struct Takes a Windbg dumped structure (using the 'dt' command) and formats it into a C structure
- [15星][6y] pccq2002/windbg windbg open source
- [14星][3y] [C] lowleveldesign/lldext LLD WinDbg extension
- [14星][1y] [JS] osrdrivers/windbg-exts Various WinDbg extensions and scripts
- [13星][3y] [C++] evandowning/windbg-trace Use WinDBG to trace the Windows API calls of any Portable Executable file
- [12星][1y] [Py] wu-wenxiang/tool-windbg-pykd-scripts Pykd scripts collection for Windbg
- [11星][1y] [C] 0cch/luadbg Lua Extension for Windbg
- [11星][6y] baoqi/uni-trace Universal Trace Debugger Engine. Currently, only support windbg on Windows, but the long term goal is to also support GDB or LLDB
- [10星][1y] [C++] jkornev/cfgdump Windbg extension that allows you analyze Control Flow Guard map
- [10星][3y] [C] pstolarz/asprext ASProtect reverse engineering & analysis WinDbg extension
- [10星][4y] [C] pstolarz/scriptext WinDbg scripting language utilities.
- [9星][2y] [C#] indy-singh/automateddumpanalysis A simple tool that helps you run common diagnostics steps instead of battling with WinDbg.
- [8星][2y] abarbatei/windbg-info collection of links related to using and improving windbg
- [7星][8y] [C] pcguru34/windbgshark Automatically exported from code.google.com/p/windbgshark
- [7星][10m] [C#] xquintana/dumpreport Console application that creates an HTML report from a Windows user-mode dump file, using WinDBG or CDB debuggers. Although it's been mainly designed for crash dump analysis of Windows applications developed in C++, it can also be used to read hang dumps or .Net dumps.
- [6星][5y] lallousx86/windbg-scripts Windbg scripts
- [5星][6y] [Py] bannedit/windbg
- [5星][5y] [C++] dshikashio/pywindbg Python Windbg extension
- [5星][2m] repnz/windbg-cheat-sheet My personal cheat sheet for using WinDbg for kernel debugging
- [5星][3y] [Py] saaramar/nl_windbg Base library for Windows kernel debugging
- [5星][2y] [Py] seancline/pythonsymbols A WinDbg symbol server for all recent versions of CPython.
- [2星][4y] [C] tenpoku1000/windbg_logger カーネルデバッグ中の Visual Studio 内蔵 WinDbg の通信内容を記録するアプリケーションとデバイスドライバです。
- [2星][2y] [C++] vincentse/watchtrees Debugger extension for the Windows Debugging Tools (WinDBG, KD, CDB, NTSD). It add commands to manage watches.
- [0星][10m] [C++] kevingosse/lldb-loadmanaged LLDB plugin capable of executing plugins written for WinDbg/ClrMD
- [0星][9m] [C++] lomomike/nethelps NetHelps - WinDbg extension, helps to view some .Net internals information
- 2019.10 [freebuf] Iris:一款可执行常见Windows漏洞利用检测的WinDbg扩展
- 2019.08 [lowleveldesign] Synthetic types and tracing syscalls in WinDbg
- 2019.08 [benoit] Portable WinDbg
- 2019.07 [osr] How L1 Terminal Fault (L1TF) Mitigation and WinDbg Wasted My Morning (a.k.a. Yak Shaving: WinDbg Edition)
- 2019.06 [360] 《Dive into Windbg系列》Explorer无法启动排查
- 2019.05 [nul] 一个Windbg/cdb极其缓慢的例子
- 2019.04 [360] 《Dive into Windbg系列》AudioSrv音频服务故障
- 2019.04 [freebuf] 如何为WinDbg编写ClrMD插件
- 2019.03 [aliyun] 为WinDbg和LLDB编写ClrMD扩展
- 2019.03 [offensive] Development of a new Windows 10 KASLR Bypass (in One WinDBG Command)
- 2019.02 [OALabs] WinDbg Basics for Malware Analysis
- 2019.01 [TheSourceLens] Windows Internals - Processes Part 6 of 20 - Process related windbg commands.
- 2019.01 [TheSourceLens] Introduction to Windbg Series 1 Part 23 - Time travellers tracing ( IDNA )
- 2018.09 [pediy] [原创] 《软件调试》分页机制windbg例子分析(各种填坑)
- 2018.08 [pediy] [翻译]WinDbg内核调试配置方法介绍
- 2018.06 [pediy] [原创]让Windbg在驱动入口前断下来
- 2018.05 [criteo] Extending the new WinDbg, Part 3 – Embedding a C# interpreter
- 2018.04 [whereisk0shl] Windbg logviewer.exe缓冲区溢出漏洞
- 2018.04 [nettitude] WinDbg: using pykd to dump private symbols
- 2018.02 [comae] YARA scans in WinDbg
- 2018.01 [360] 《Dive into Windbg系列》Wireshark的卡死与崩溃
- 2018.01 [criteo] Extending the new WinDbg, Part 2 – Tool windows and command output
- 2018.01 [biosengineer] 紀錄一下WinDbg裡面比較常用到的指令集
- 2017.12 [pediy] [原创] 实现 windbg !vad 功能 ,也可以说成是内核枚举进程模块
- 2017.11 [nsfocus] windbg jsprovider.dll的一个BUG
- 2017.10 [pediy] [讨论]WinDbg、IDA下都有哪些有用、好玩的插件?
- 2017.10 [ixiacom] Debugging Malware with WinDbg
- 2017.10 [Cooper] Hack.lu 2017 Let’s Play with WinDBG & .NET by Paul Rascagneres
- 2017.10 [360] 利用WinDbg脚本对抗反调试技术
- 2017.09 [360] 利用WinDbg本地内核调试器攻陷 Windows 内核
- 2017.09 [criteo] Extending the new WinDbg, Part 1 – Buttons and commands
- 2017.08 [4hou] 利用WinDbg和wscript.exe分析JavaScript脚本
- 2017.08 [360] 如何使用windbg调试javascript
- 2017.08 [pediy] [分享]基于WinDbg调试引擎编写的调试器,支持python
- 2017.08 [talosintelligence] 使用 Windbg (借助64位的wscript.exe) 分析 JavaScript 脚本
- 2017.07 [360] 使用Windbg分析.NET恶意软件
- 2017.07 [pediy] [分享]VirtualKD+IDA+VM+Windbg调试无PDB内核驱动
- 2017.07 [talosintelligence] 使用 WinDBG 的 SOS 扩展分析 .NET 程序
- 2017.06 [criteo] ClrMD Part 5 – How to use ClrMD to extend SOS in WinDBG
- 2017.06 [hasherezade] Stealing an Access Token using WinDbg
- 2017.05 [pediy] [原创]OD_WINDBG 附加功能的区别(1)- 用户层
- 2017.05 [osr] WinDbg, Debugger Objects, and JavaScript! Oh, My!
- 2017.03 [welivesecurity] How to configure WinDbg for kernel debugging
- 2017.03 [nul] 02 - Machine to Machine - 自动化WinDBG分析过程
- 2017.03 [venus] WinDbg 漏洞分析调试(三)之 CVE-2014-6332
- 2017.02 [GynvaelEN] Hacking Livestream #11: Challenge! Solve a crackme using only WinDbg
- 2017.01 [venus] WinDbg 漏洞分析调试(二)
- 2017.01 [venus] WinDbg 漏洞分析调试(一)
- 2016.10 [theevilbit] Exploit generation and JavaScript analysis automation with WinDBG
- 2016.10 [Cooper] Hack.lu 2016 Exploit generation and JavaScript analysis automation with WinDBG
- 2016.09 [securityintelligence] Fighting Fire With WinDBG: Breaking URLZone’s Anti-VM Armor
- 2016.06 [lowleveldesign] .natvis files and type templates in WinDbg
- 2016.06 [lowleveldesign] !injectdll – a WinDbg extension for DLL injection
- 2016.06 [thembits] Loffice - Analyzing malicious documents using WinDbg
- 2016.05 [freebuf] 使用Windbg和Python进行堆跟踪
- 2016.05 [PowerShellConferenceEU] PowerShell in WinDbg (Staffan Gustafsson)
- 2016.04 [pediy] [原创]Windbg和IDA脚本辅助分析
- 2016.03 [freebuf] 使用WinDbg调试Windows内核(二)
- 2016.03 [freebuf] 使用WinDbg调试Windows内核(一)
- 2016.03 [contextis] An Introduction to Debugging the Windows Kernel with WinDbg
- 2016.02 [govolution] Memdumps, Volatility, Mimikatz, VMs – Part 3: WinDBG Mimikatz Extension
- 2016.01 [freebuf] Windbg入门实战讲解
- 2015.12 [djmanilaice] windbg - Dumping a dll from a debugged process to disk
- 2015.10 [pediy] [原创]Windbg跟踪临界区的bug
- 2015.07 [djmanilaice] PID of debugged process in windbg
- 2015.07 [djmanilaice] Forgetting Windbg commands? Too lazy to type? Use .cmdtree in windbg!
- 2015.07 [topsec] 隐藏在windbg下面的攻防对抗
- 2015.06 [pediy] [原创]windbg 脚本化扩展 xcwd
- 2015.01 [jlospinoso] Tools for fixing symbols issues in WinDbg
- 2015.01 [jlospinoso] Tools for fixing symbols issues in WinDbg
- 2015.01 [jlospinoso] Tools for fixing symbols issues in WinDbg
- 2014.12 [nul] windbg 着色
- 2014.11 [codemachine] WinDBG : A rodent killer
- 2014.08 [3xp10it] windbg命令
- 2014.08 [3xp10it] windbg命令
- 2014.06 [TheSourceLens] Introduction to Windbg Series 1 Part 19 - Conditional breakpoints
- 2014.06 [TheSourceLens] Introduction to Windbg Series 1 Part 17 - Command bu or breakpoint unresolved.
- 2014.06 [TheSourceLens] Introduction to Windbg Series 1 Part 15 - Command bp for giving breakpoints
- 2014.06 [TheSourceLens] Introduction to Windbg Series 1 Part 8 - Commands k for callstack or stackback trace
- 2014.06 [TheSourceLens] Introduction to Windbg Series 1 Part 21 - Exceptions And Events
- 2014.06 [TheSourceLens] Introduction to Windbg Series 1 Part 7 - Physical Machine Kernel Debugging With Network Cable
- 2014.06 [TheSourceLens] Introduction to Windbg Series 1 Part 3 - Introduction To debug Symbols
- 2014.06 [TheSourceLens] Introduction to Windbg Series 1 Part 4 - Troubleshooting Symbols mismatch
- 2014.06 [TheSourceLens] Introduction to Windbg Series 1 Part 9 - Commands r for register d for dump memory.
- 2014.06 [TheSourceLens] Introduction to Windbg Series 1 Part 13 - Unassemble code
- 2014.06 [TheSourceLens] Introduction to Windbg Series 1 Part 5 - Introduction to debugger Commands
- 2014.06 [TheSourceLens] Introduction to Windbg Series 1 Part 11 - Command dt - dump type
- 2014.06 [TheSourceLens] Introduction to Windbg Series 1 Part 20 - miscellaneous breakpoint related commands
- 2014.06 [TheSourceLens] Introduction to Windbg Series 1 Part 18 - Command ba or break on access
- 2014.06 [TheSourceLens] Introduction to Windbg Series 1 Part 14 - Command s or search memory
- 2014.06 [TheSourceLens] Introduction to Windbg Series 1 Part 6 - Kernel Debugging With VmPlayer
- 2014.06 [TheSourceLens] Introduction to Windbg Series 1 Part 1 - THE Debugger
- 2014.06 [TheSourceLens] Introduction to Windbg Series 1 Part 10 - Commands dv and .frame
- 2014.06 [TheSourceLens] Introduction to Windbg Series 1 Part 12 - Command e - edit memory
- 2014.06 [TheSourceLens] Introduction to Windbg Series 1 Part 16 - Command bm for break point
- 2014.06 [TheSourceLens] Introduction to Windbg Series 1 Part 2 - Different Modes Of Operations of Windbg
- 2014.06 [TheSourceLens] Introduction to Windbg Series 1 Part 22 - Miscellaneous Commands
- 2013.12 [pediy] [原创]如何在VS2012中编写Windbg插件
- 2013.10 [pediy] [分享][笔记]现学现用之windbg的高级玩法外篇二:干掉QQProtect.sys
- 2013.08 [pediy] [原创]发一个WINDBG脚本
- 2013.08 [yiiyee] Windbg调试命令详解
- 2013.08 [yiiyee] Windbg中查看计算机名
- 2013.07 [yiiyee] 初学Windbg,从主题布局开始
- 2013.04 [pediy] [原创]过TesSafe反WinDbg双机调试
- 2013.04 [debasish] Fuzzing Monitoring with WinDBG Console Debugger(cdb.exe)
- 2013.04 [pediy] [原创]获取系统热键链表windbg脚本 GetHotkeys windbg script
- 2013.04 [pediy] [原创]利用 windbg 脚本动态调试代码
- 2013.03 [pediy] [分享][下载]windbg的python扩展插件PYKD 0.2.0.19 (2013.3.28)
- 2013.01 [corelan] Heap Layout Visualization with mona.py and WinDBG
- 2012.08 [pediy] [分享]Windbg的各种符号服务器
- 2012.05 [pediy] [原创]windbg查看E.KTHREAD,E.KPROCESS
- 2012.04 [pediy] [原创]windbg下断辅助
- 2012.03 [toolswatch] Blackhat Amsterdam 2012 : ToolsTube with Andrey Labunets on Windbgshark
- 2012.03 [toolswatch] WinDBGShark v0.2.3 (Black Hat EU 2012 Edition) Released
- 2011.11 [pediy] [原创]利用windbg脚本调试简单实例
- 2011.09 [pediy] [原创]编写脚本增强windbg堆栈、内存窗口[有码有真相啊]
- 2011.07 [pediy] [原创]再发几个好东西,windbg可编译源码
- 2011.05 [pediy] [求助]HS+TMD 环境下怎么Windbg双机调试...
- 2010.11 [pediy] [原创]小技巧大用处,让WINDBG跑起来
- 2010.10 [redplait] windbg & rpc
- 2010.08 [mattoh] Dumping Kernel Service Table from Windbg
- 2010.08 [mattoh] Setting breakpoint on entry point with Windbg
- 2009.12 [pediy] [求助]更新WINDBG 调试SYS 文件误用 INITCODE添加代码与图片
- 2009.07 [pediy] [原创]WinDbg学习笔记(一)--认识WinDbg
- 2009.07 [pediy] [原创]WinDbg学习笔记(二)--字符串访问断点
- 2009.01 [pediy] [原创]winxp+vpc2007+win2003sp1+windbg
- 2008.12 [pediy] [原创]Windows调试工具入门4 - WinDbg内核调试配置
- 2008.11 [kobyk] Windbg 6.10.3.233 released
- 2008.10 [pediy] 用 WinDbg 内核调试查找隐藏进程
- 2008.08 [rapid7] Improved WinDBG opcode searching
- 2008.08 [rapid7] Byakugan WinDBG Plugin Released!
- 2008.06 [pediy] [原创]Make a Windbg By Yourself(一)
- 2008.05 [pediy] [原创]斗胆发一个辅助使用WinDbg获得内核数据结构的小工具
- 2008.05 [evilcodecave] Disabling VS JIT and Prepairing WinDBG for Unknown Exceptions
- 2008.05 [kobyk] Windbg 6.9.3.113 released
- 2008.05 [biosengineer] WinDbg 查看Log
- 2007.08 [kobyk] Windbg’s integrated managed debugging – an accidental feature?
- 2007.07 [kobyk] How about some Windbg love?
- 2007.06 [pediy] [技巧]在 WinDbg 脚本中使用参数
- 2007.05 [pediy] [分享]方便的 windbg 命令 - !list
- 2007.01 [pediy] WinDbg插件编写――基础篇
- 2007.01 [pediy] 几个常用的 WinDbg 命令
- 2006.12 [pediy] [翻译]Kernel Debugging with WinDbg
- 2006.12 [pediy] WinDBG双机调试之Vista Boot Config 设置,高手勿进.
- 2006.11 [pediy] [原创]Windbg核心调试之dump分析
- 2006.11 [pediy] Windbg基本调试技术
- 2006.11 [pediy] [原创]使用WinDBG进行双机内核调试
- 2006.10 [pediy] 写了个小的 WinDbg 脚本,可以显示 SSDT
- 2006.10 [pediy] WinDbg 帮助文档翻译 - 数值表达式语法
- 2006.10 [pediy] [原创]WINDBG Script简易教程{看雪学院2006金秋读书季}
- 2006.10 [pediy] [分享]关于windbg进行双机调试的一些资料
- 2006.04 [pediy] 翻译:通往WinDbg的捷径(二)
- 2006.04 [pediy] 翻译:通往WinDbg的捷径(一)
- 2006.02 [debuginfo] WinDbg the easy way
- 2006.02 [pediy] [原创]用WinDbg动态脱Reflector
- [6101星][3m] [Java] google/android-classyshark 分析基于Android/Java的App或游戏
- [6094星][5m] [Java] qihoo360/replugin RePlugin - A flexible, stable, easy-to-use Android Plug-in Framework
- [5195星][19d] [Py] mobsf/mobile-security-framework-mobsf Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
- [5084星][15d] [HTML] owasp/owasp-mstg 关于移动App安全开发、测试和逆向的相近手册
- [4882星][24d] [Java] guardianproject/haven 通过Android应用和设备上的传感器保护自己的个人空间和财产而又不损害
- [4776星][12d] [C++] facebook/redex Android App字节码优化器
- [4306星][15d] [Shell] ashishb/android-security-awesome A collection of android security related resources
- [3649星][2m] [C++] anbox/anbox 在常规GNU / Linux系统上引导完整的Android系统,基于容器
- [2314星][1y] [Java] csploit/android cSploit - The most complete and advanced IT security professional toolkit on Android.
- [2120星][9m] [Py] linkedin/qark 查找Android App的漏洞, 支持源码或APK文件
- [2095星][10m] jermic/android-crack-tool
- [2051星][21d] [Py] sensepost/objection runtimemobile exploration
- [2011星][8m] [Py] fsecurelabs/drozer The Leading Security Assessment Framework for Android.
- [1976星][9d] [Java] kyson/androidgodeye AndroidGodEye:A performance monitor tool , like "Android Studio profiler" for Android , you can easily monitor the performance of your app real time in pc browser
- [1925星][7m] [Java] fuzion24/justtrustme An xposed module that disables SSL certificate checking for the purposes of auditing an app with cert pinning
- [1430星][11m] [Java] aslody/legend (Android)无需Root即可Hook Java方法的框架, 支持Dalvik和Art环境
- [1417星][1m] [Java] chrisk44/hijacker Aircrack, Airodump, Aireplay, MDK3 and Reaver GUI Application for Android
- [1366星][3y] [C++] aslody/turbodex 在内存中快速加载dex
- [1241星][3m] [Java] whataa/pandora an android library for debugging what we care about directly in app.
- [1235星][2m] [Java] find-sec-bugs/find-sec-bugs The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)
- [1213星][2m] [JS] megatronking/httpcanary A powerful capture and injection tool for the Android platform
- [1208星][4m] [Java] javiersantos/piracychecker An Android library that prevents your app from being pirated / cracked using Google Play Licensing (LVL), APK signature protection and more. API 14+ required.
- [1134星][1m] [Java] huangyz0918/androidwm 一个支持不可见数字水印(隐写术)的android图像水印库。
- [968星][3y] [Java] androidvts/android-vts Android Vulnerability Test Suite - In the spirit of open data collection, and with the help of the community, let's take a pulse on the state of Android security. NowSecure presents an on-device app to test for recent device vulnerabilities.
- [920星][7y] designativedave/androrat Remote Administration Tool for Android devices
- [903星][5y] [Java] wszf/androrat Remote Administration Tool for Android
- [885星][2m] [C] 504ensicslabs/lime LiME (formerly DMD) is a Loadable Kernel Module (LKM), which allows the acquisition of volatile memory from Linux and Linux-based devices, such as those powered by Android. The tool supports acquiring memory either to the file system of the device or over the network. LiME is unique in that it is the first tool that allows full memory captures f…
- [833星][6y] [C] madeye/gaeproxy GAEProxy for Android (Deprecated)
- [820星][11d] proxymanapp/proxyman Modern and Delightful HTTP Debugging Proxy for macOS, iOS and Android
- [810星][4m] [Scala] antox/antox Android client for Project Tox - Secure Peer to Peer Messaging
- [800星][3m] sh4hin/androl4b 用于评估Android应用程序,逆向工程和恶意软件分析的虚拟机
- [769星][1y] [C] ele7enxxh/android-inline-hook thumb16 thumb32 arm32 inlineHook in Android
- [735星][2y] [Java] gcssloop/encrypt [暂停维护]Android 加密解密工具包。
- [708星][4y] [Py] androbugs/androbugs_framework AndroBugs Framework is an efficient Android vulnerability scanner that helps developers or hackers find potential security vulnerabilities in Android applications. No need to install on Windows.
- [668星][2m] doridori/android-security-reference A W.I.P Android Security Ref
- [666星][7y] [Java] honeynet/apkinspector APKinspector is a powerful GUI tool for analysts to analyze the Android applications.
- [608星][7m] [JS] vincentcox/stacoan StaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications.
- [585星][2y] [Java] hypertrack/hyperlog-android Utility logger library for storing logs into database and push them to remote server for debugging
- [559星][14d] [Shell] owasp/owasp-masvs OWASP 移动App安全标准
- [546星][2m] nordicsemiconductor/android-nrf-connect Documentation and issue tracker for nRF Connect for Android.
- [541星][1y] [Java] jaredrummler/apkparser APK parser for Android
- [540星][7y] [Java] moxie0/androidpinning A standalone library project for certificate pinning on Android.
- [527星][4m] [JS] wooyundota/droidsslunpinning Android certificate pinning disable tools
- [518星][4m] [Java] megatronking/stringfog 一款自动对字节码中的字符串进行加密Android插件工具
- [511星][9d] [Java] happylishang/cacheemulatorchecker Android模拟器检测,检测Android模拟器 ,获取相对真实的IMEI AndroidId 序列号 MAC地址等,作为DeviceID,应对防刷需求等
- [488星][2y] b-mueller/android_app_security_checklist Android App Security Checklist
- [482星][2m] [JS] lyxhh/lxhtoolhttpdecrypt Simple Android/iOS protocol analysis and utilization tool
- [471星][2y] [Smali] sensepost/kwetza Python 脚本,将 Meterpreter payload 注入 Andorid App
- [451星][3y] [C++] vusec/drammer Native binary for testing Android phones for the Rowhammer bug
- [450星][12m] [Kotlin] shadowsocks/kcptun-android kcptun for Android.
- [443星][1m] [TS] shroudedcode/apk-mitm
- [431星][13d] [C] guardianproject/orbot The Github home of Orbot: Tor on Android (Also available on gitlab!)
- [426星][19d] [Py] thehackingsage/hacktronian All in One Hacking Tool for Linux & Android
- [412星][4m] [Java] megatronking/netbare Net packets capture & injection library designed for Android
- [411星][3y] [Java] fourbrother/kstools Android中自动爆破签名工具
- [409星][3m] [CSS] angea/pocorgtfo a "Proof of Concept or GTFO" mirror with extra article index, direct links and clean PDFs.
- [408星][1y] [Java] testwhat/smaliex A wrapper to get de-optimized dex from odex/oat/vdex.
- [405星][3y] [Java] ac-pm/sslunpinning_xposed Android Xposed Module to bypass SSL certificate validation (Certificate Pinning).
- [403星][6y] [Java] isecpartners/introspy-android Security profiling for blackbox Android
- [397星][2y] [Java] routerkeygen/routerkeygenandroid Router Keygen generate default WPA/WEP keys for several routers.
- [382星][2y] [Java] davidbuchanan314/nxloader My first Android app: Launch Fusée Gelée payloads from stock Android (CVE-2018-6242)
- [379星][6m] [Makefile] crifan/android_app_security_crack 安卓应用的安全和破解
- [379星][1y] [CSS] nowsecure/secure-mobile-development A Collection of Secure Mobile Development Best Practices
- [378星][2y] [Java] jaredrummler/androidshell Execute shell commands on Android.
- [373星][3y] [Py] androidhooker/hooker Hooker is an opensource project for dynamic analyses of Android applications. This project provides various tools and applications that can be use to automaticaly intercept and modify any API calls made by a targeted application.
- [358星][5m] b3nac/android-reports-and-resources A big list of Android Hackerone disclosed reports and other resources.
- [358星][5m] [C] the-cracker-technology/andrax-mobile-pentest ANDRAX The first and unique Penetration Testing platform for Android smartphones
- [353星][3y] [ObjC] naituw/hackingfacebook Kill Facebook for iOS's SSL Pinning
- [333星][25d] [Java] datatheorem/trustkit-android Easy SSL pinning validation and reporting for Android.
- [323星][2y] [Kotlin] ollide/intellij-java2smali A plugin for IntelliJ IDEA & Android Studio to easily compile Java & Kotlin files to smali.
- [287星][1y] [C] freakishfox/xanso Android So文件浏览修复工具
- [285星][2y] [Java] simbiose/encryption Encryption is a simple way to encrypt and decrypt strings on Android and Java project.
- [284星][9m] [Py] micropyramid/forex-python Foreign exchange rates, Bitcoin price index and currency conversion using ratesapi.io
- [282星][4y] [Py] fuzzing/mffa Media Fuzzing Framework for Android
- [274星][2y] [Java] mateuszk87/badintent Intercept, modify, repeat and attack Android's Binder transactions using Burp Suite
- [270星][2y] [Java] reoky/android-crackme-challenge A collection of reverse engineering challenges for learning about the Android operating system and mobile security.
- [267星][4m] [Py] amimo/dcc DCC (Dex-to-C Compiler) is method-based aot compiler that can translate DEX code to C code.
- [267星][4y] [C] samsung/adbi Android Dynamic Binary Instrumentation tool for tracing Android native layer
- [267星][2y] [Kotlin] temyco/security-workshop-sample This repository has been desired to show different Android Security Approach implementations using a simple sample project.
- [265星][11d] [Py] den4uk/andriller a collection of forensic tools for smartphones
- [262星][2y] [Java] maxcamillo/android-keystore-password-recover Automatically exported from code.google.com/p/android-keystore-password-recover
- [258星][3y] [Java] flankerhqd/jaadas Joint Advanced Defect assEsment for android applications
- [258星][7y] [Java] isecpartners/android-ssl-bypass Black box tool to bypass SSL verification on Android, even when pinning is used.
- [256星][3y] [C] w-shackleton/android-netspoof Network Spoofer
- [254星][2y] [Java] panhongwei/tracereader android小工具,通过读取trace文件,回溯整个整个程序执行调用树。
- [251星][10m] [C] chef-koch/android-vulnerabilities-overview An small overview of known Android vulnerabilities
- [234星][3m] [C] grant-h/qu1ckr00t A PoC application demonstrating the power of an Android kernel arbitrary R/W.
- [234星][1y] [Ruby] hahwul/droid-hunter (deprecated) Android application vulnerability analysis and Android pentest tool
- [229星][8m] [Java] jieyushi/luffy Android字节码插件,编译期间动态修改代码,改造添加全埋点日志采集功能模块,对常见控件进行监听处理
- [225星][3m] [Java] virb3/trustmealready Disable SSL verification and pinning on Android, system-wide
- [208星][26d] [C] derrekr/fastboot3ds A homebrew bootloader for the Nintendo 3DS that is similar to android's fastboot.
- [202星][1y] [C#] labo89/adbgui Wrapper for Android Debug Bridge (ADB) written in C#
- [200星][2y] [Java] ernw/androtickler Penetration testing and auditing toolkit for Android apps.
- [194星][2y] [Java] panhongwei/androidmethodhook android art hook like Sophix
- [183星][2y] [Smali] sslab-gatech/avpass Tool for leaking and bypassing Android malware detection system
- [180星][3y] [C] kriswebdev/android_aircrack Aircrack-ng command-line for Android. Binaries & source.
- [173星][2m] [Java] calebfenton/apkfile Android app analysis and feature extraction library
- [173星][7y] [Py] trivio/common_crawl_index billions of pages randomly crawled from the internet
- [170星][10m] thehackingsage/hackdroid Penetration Testing Apps for Android
- [167星][24d] [Java] pwittchen/reactivewifi Android library listening available WiFi Access Points and related information with RxJava Observables
- [161星][2m] [Py] nforest/droidimg Android/Linux vmlinux loader
- [161星][1y] [Java] iqiyi/dexsplitter Analyze contribution rate of each module to the apk size
- [160星][10m] [Py] sch3m4/androidpatternlock A little Python tool to crack the Pattern Lock on Android devices
- [160星][4y] [Py] appknox/afe Android Framework for Exploitation, is a framework for exploiting android based devices
- [158星][3y] [Java] googlecloudplatform/endpoints-codelab-android endpoints-codelab-android
- [146星][4m] [PostScript] guardianproject/orfox UPDATE: Orfox is being replaced by Tor Browser for Android. All future work and comments will be handled by Tor Project.
- [145星][3y] [Java] zhouat/inject-hook for android
- [142星][3m] [Py] technicaldada/hackerpro All in One Hacking Tool for Linux & Android (Termux). Hackers are welcome in our blog
- [140星][4m] [Shell] izzysoft/adebar Android DEvice Backup And Report, using Bash and ADB
- [137星][2y] [Java] gnaixx/hidex-hack anti reverse by hack dex file
- [137星][3y] [Java] ysrc/anti-emulator 基于文件特征的Android模拟器检测
- [133星][3y] [C++] chenenyu/androidsecurity Android安全实践
- [130星][1y] [Java] florent37/rxlifecycle Rx binding of stock Android Activities & Fragment Lifecycle, avoiding memory leak
- [130星][2m] pouyadarabi/instagram_ssl_pinning Bypassing SSL Pinning in Instagram Android App
- [127星][4y] [C++] chago/advmp 大自然的搬运工-Android虚拟机保护Demo
- [125星][5y] [Ruby] mttkay/replicant A REPL for the Android Debug Bridge (ADB)
- [124星][2y] [Shell] nccgroup/lazydroid bash script to facilitate some aspects of an Android application assessment
- [123星][5y] jacobsoo/androidslides
- [122星][3m] [Java] aaronjwood/portauthority A handy systems and security-focused tool, Port Authority is a very fast Android port scanner. Port Authority also allows you to quickly discover hosts on your network and will display useful network information about your device and other hosts.
- [116星][1y] [C++] melonwxd/elfhooker 兼容Android 32位和64位。基于EFL文件格式Hook的demo,hook了SurfaceFlinger进程的eglSwapBuffers函数,替换为new_eglSwapBuffers
- [114星][1m] [Java] stringcare/androidlibrary Android library to reveal or obfuscate strings and assets at runtime
- [114星][2y] wpvsyou/mprop 修改Android prop脚本工具
- [113星][2y] [Py] fsecurelabs/drozer-modules leading security testing framework for Android.
- [112星][4y] [Py] androidsecuritytools/lobotomy Android Security Toolkit
- [108星][5y] [Py] mspreitz/adel dumps all important SQLite Databases from a connected Android smartphone to the local disk and analyzes these files in a forensically accurate workflow
- [104星][4m] [JS] adelphes/android-dev-ext Android debugging support for VS Code
- [104星][2y] [Kotlin] heimashi/debug_view_kotlin 用kotlin实现的Android浮层调试控制台,实时的显示内存、FPS、文字log、app启动时间、Activity启动时间
- [102星][6m] [Py] vmavromatis/absolutely-proprietary Proprietary package detector for arch-based distros. Compares your installed packages against Parabola's package blacklist and then prints your Stallman Freedom Index (free/total).
- [101星][9m] [Py] zsdlove/apkvulcheck This is a tool to help androidcoder to check the flaws in their projects.
- [99星][4y] [Java] odrin/droid-watcher [OUTDATED & UNSUPPORTED] Droid Watcher - Android Spy Application
- [95星][4y] [Shell] jlrodriguezf/whatspwn Linux tool used to extract sensitive data, inject backdoor or drop remote shells on android devices.
- [94星][2y] [C++] woxihuannisja/stormhook StormHook is a Android Hook Framework for Dalvik and Art
- [93星][2y] [C++] femto-dev/femto Sequence Indexing and Search
- [93星][1y] [Py] integrity-sa/droidstatx Python tool that generates an Xmind map with all the information gathered and any evidence of possible vulnerabilities identified via static analysis. The map itself is an Android Application Pentesting Methodology component, which assists Pentesters to cover all important areas during an assessment.
- [90星][4y] [C] rchiossi/dexterity Dex manipulation library
- [90星][8m] [JS] adonespitogo/adobot-io Android Spyware Server
- [89星][2m] pouyadarabi/facebook_ssl_pinning Bypassing SSL Pinning in Facebook Android App
- [87星][4y] [Py] necst/aamo AAMO: Another Android Malware Obfuscator
- [86星][5y] [Java] sysdream/fino Android small footprint inspection tool
- [85星][2m] [Java] rikkaapps/wadb A simple switch for adb (Android Debug Bridge) over network.
- [83星][1y] [Kotlin] pvasa/easycrypt Android cryptography library with SecureRandom patches.
- [81星][2m] [Kotlin] linkedin/dex-test-parser Find all test methods in an Android instrumentation APK
- [79星][3y] [Py] dancezarp/tbdex
- [76星][11d] [Py] tp7309/ttdedroid 一键反编译工具One key for quickly decompile apk/aar/dex/jar, support by jadx/dex2jar/enjarify/cfr.
- [74星][3y] wtsxdev/android-security-list Collection of Android security related resources
- [73星][11d] jawz101/mobileadtrackers Taken from DNS logs while actively using Android apps over the years. Formatted in hostfile format.
- [70星][2y] [Java] yolosec/routerkeygenandroid Router Keygen generate default WPA/WEP keys for several routers.
- [69星][2y] [Kotlin] menjoo/android-ssl-pinning-webviews A simple demo app that demonstrates Certificate pinning and scheme/domain whitelisting in Android WebViews
- [68星][1y] [Java] fooock/phone-tracker Phone tracker is an Android library to gather environment signals, like cell towers, wifi access points and gps locations.
- [66星][3y] [Py] crange/crange Crange is a tool to index and cross-reference C/C++ source code
- [66星][3y] [Java] fsecurelabs/drozer-agent The Android Agent for the Mercury Security Assessment Framework.
- [65星][1y] [Py] cryptax/dextools Miscellaenous DEX (Dalvik Executable) tools
- [65星][2y] [Java] isacan/andzu In-App Android Debugging Tool With Enhanced Logging, Networking Info, Crash reporting And More.
- [63星][4y] [Java] ac-pm/proxyon Android Xposed Module to apply proxy for a specific app.
- [63星][28d] [Py] meituan-dianping/lyrebird-android 本程序是一个Lyrebird的插件,用于支持获取Android设备信息。
- [62星][1y] pfalcon/awesome-linux-android-hacking List of hints and Q&As to get most of your Linux/Android device
- [61星][7m] [Java] ajnas/wifips WiFi Based Indoor Positioning System, A MVP android Application
- [61星][6y] [Java] isecpartners/android-killpermandsigchecks Bypass signature and permission checks for IPCs
- [61星][6y] [Java] gat3way/airpirate Android 802.11 pentesting tool
- [60星][3m] [Java] aagarwal1012/image-steganography-library-android
- [60星][2y] [Java] geeksonsecurity/android-overlay-malware-example Harmless Android malware using the overlay technique to steal user credentials.
- [60星][2y] [Java] globalpolicy/phonemonitor A Remote Administration Tool for Android devices
- [59星][13d] [C] watf-team/watf-bank WaTF Bank - What a Terrible Failure Mobile Banking Application for Android and iOS
- [58星][2m] [Java] lizhangqu/android-bundle-support 增强型apk analyzer,支持ap_, ap, aar, aab, jar, so, awb, aab, apks等zip文件使用apk analyzer打开, android studio插件
- [56星][2y] [C] mwpcheung/ssl-kill-switch2 Blackbox tool to disable SSL certificate validation - including certificate pinning - within iOS and OS X Apps
- [55星][3y] [C++] stealth/crash SSH-like strong crypto remote admin shell for Linux, BSD, Android, Solaris and OSX
- [54星][10m] [Py] circl/potiron Potiron - Normalize, Index and Visualize Network Capture
- [54星][5y] [Go] hailocab/logslam A lightweight lumberjack protocol compliant logstash indexer
- [54星][1y] [C] shunix/tinyinjector Shared Library Injector on Android
- [53星][2y] [Java] zyrikby/fsquadra Fast detection of repackaged Android applications based on the comparison of resource files included into the package.
- [52星][2y] [Java] owasp-ruhrpott/owasp-workshop-android-pentest Learning Penetration Testing of Android Applications
- [52星][7m] [C++] virgilsecurity/virgil-crypto Virgil Crypto is a high-level cryptographic library that allows you to perform all necessary operations for secure storing and transferring data and everything required to become HIPAA and GDPR compliant. Crypto Library is written in C++, suitable for mobile and server platforms and supports bindings with: Swift, Obj-C, Java (Android), С#/.NET, …
- [51星][2m] [C] alainesp/hashsuitedroid Hash Suite for Android
- [51星][2m] [Java] guardianproject/tor-android Tor binary and library for Android
- [49星][3y] [Java] necst/heldroid Dissect Android Apps Looking for Ransomware Functionalities
- [47星][5y] [C] mobileforensicsresearch/mem Tool used for dumping memory from Android devices
- [47星][2y] [C] shunix/androidgothook GOT Hook implemented in Android
- [46星][5y] [Java] monstersb/hijackandroidpoweroff Android hijack power off
- [44星][3y] [Java] miracle963/zjdroid 基于Xposed Framewrok的动态逆向分析模块,逆向分析者可以通过ZjDroid完成以下工作: DEX文件的内存dump 基于Dalvik关键指针的内存BackSmali,有效破解加固应用 敏感API的动态监控 指定内存区域数据dump 获取应用加载DEX信息。 获取指定DEX文件加载类信息。 dump Dalvik java堆信息。 在目标进程动态运行lua脚本。
- [43星][2y] [JS] intoli/slice A JavaScript implementation of Python's negative indexing and extended slice syntax.
- [42星][2y] [PHP] paragonie/hpkp-builder Build HTTP Public-Key-Pinning headers from a JSON file (or build them programmatically)
- [41星][2y] [Java] alepacheco/androrw PoC Ransomware for android
- [40星][3y] [JS] naman14/gnome-android-tool Gnome shell extension for adb tools
- [39星][2y] [Java] tiked/androrw PoC Ransomware for android
- [39星][19d] [C] intel/kernelflinger the Intel UEFI bootloader for AndroidTM/BrilloTM
- [39星][3m] [TS] whid-injector/whid-mobile-connector Android Mobile App for Controlling WHID Injector remotely.
- [38星][2y] [Py] aptnotes/tools Tools to interact with APTnotes reporting/index.
- [38星][5y] [Py] jakev/oat2dex-python Extract DEX files from an ART ELF binary
- [38星][2y] [HTML] keenrivals/bugsite-index Index of websites publishing bugs along the lines of heartbleed.com
- [36星][11m] [Py] pilgun/acvtool ACVTool is a novel tool for measuring black-box code coverage of Android applications.
- [34星][8m] [Py] claudiugeorgiu/riskindroid 基于机器学习技术,对Android App进行定量风险分析
- [33星][7y] [C] nwhusted/auditdandroid A Fork of Auditd geared specifically for running on the Android platform. Includes system applications, AOSP patches, and kernel patches to maximize the audit experience.
- [33星][2y] [Xtend] splondike/polipoid Android wrapper for the polipo proxy
- [32星][2y] amoghbl1/tor-browser Orfox - A Tor Browser for Android
- [32星][5y] [Py] jonmetz/androfuzz A fuzzing utility for Android that focuses on reporting and delivery portions of the fuzzing process
- [32星][2y] knoobdev/bypass-facebook-ssl-pinning Bypassing ssl pinning for facebook android app
- [32星][3y] [Py] mdegrazia/osx-quicklook-parser Parse the Mac Quickook index.sqlite database
- [32星][3y] [Shell] mseclab/ahe17 Android Hacking Event 2017 Write-up
- [32星][5y] [Py] xurubin/aurasium Practical security policy enforcement for Android apps via bytecode rewriting and in-place reference monitor
- [31星][4y] [C] ctxis/kgdb-android Patches to the Nexus 6 (Shamu) kernel source to allow KGDB over serial debug cable
- [31星][7m] [Java] jehy/rutracker-free Android thin client for rutracker.org, using Tor to avoid block.
- [29星][2y] [C] wangyinuo/memdump android下的内存dump工具,可以dump so文件
- [28星][6y] [MATLAB] vedaldi/visualindex A simple demo of visual object matching using VLFeat
- [28星][4m] [Go] cs8425/go-adbbot android bot based on adb and golang
- [27星][2y] [Java] coh7eiqu8thabu/slocker Source code of the SLocker Android ransomware
- [26星][3y] [Java] whyalwaysmea/mobilesafe 这是一个android版的手机卫士,包含一下功能:1.手机防盗 2. 黑名单设置 3.软件管理 4.进程管理 5.流量统计 6.缓存清理 7.手机杀毒 8.来电归属地显示 9.号码归属地查询 10.程序锁
- [26星][24d] fkie-cad/destroid Fighting String Encryption in Android Malware
- [25星][3y] [Shell] amoghbl1/orfox This is my repository for the orfox browser, a browser that uses tor to communicate and Firefox for Android as it's base.
- [25星][3y] [Java] calebfenton/androidemulatordetect Android Emulator Detection
- [25星][5y] [Py] fygrave/dnslyzer DNS traffic indexer and analyzer
- [25星][1y] [Java] sryze/wirebug Toggle Wi-Fi debugging on Android without a USB cable (needs root)
- [25星][5y] wirelesscollege/securitytools android安全工具大全
- [25星][29d] victorkifer/clicker Wireless Presenter for Android and iOS, supports Windows, Linux and OS X
- [24星][8m] appspector/android-sdk AppSpector is a debugging service for mobile apps
- [24星][5y] [Py] burningcodes/dexconfuse 简易dex混淆器
- [23星][3y] [Py] skiddietech/hidaaf Python - Human Interface Device Android Attack Framework
- [22星][2y] [JS] feedhenry/mobile-security FeedHenry Mobile Security
- [22星][1m] [Java] orhun/k3pler Android network connection blocker and packet analyzer built on top of local HTTP proxy.
- [22星][7y] brycethomas/liber80211 802.11 monitor mode for Android without root.
- [20星][2y] [C#] vr-house/eazy-arcore-interface Eazy ARCore Interface is a Unity3D plugin which makes development and debugging of ARCore projects easier. Specifically, it simulates how ARCore works in an Android device inside of Unity3D editor. Thus, it allows for faster development of ARCore apps, without the need to build and deploy to the device in order to test fuctionality
- [20星][11m] [Kotlin] hacker1024/android-wifi-qr-code-generator An android app that generates QR codes from your saved wifi networks.
- [19星][2y] [Java] panagiotisdrakatos/t0rlib4android A minimal android controller library for Tor
- [18星][3y] [Java] open-android/leakcanarydemo 内存泄漏检测工具,支持android studio eclipse
- [18星][1y] [Shell] plowsec/android-ducky Rubber Ducky with Android
- [16星][7m] zyrikby/stadyna Addressing the Problem of Dynamic Code Updates in the Security Analysis of Android Applications
- [15星][2y] [Kotlin] ttymsd/traffic-monitor traffic debugging library for android
- [13星][1y] [C] gtoad/android_inline_hook_arm_example
- [13星][5y] seattleandrew/digibrutedroid A 4-Digit PIN Brute Force attack for USB-OTG Android devices
- [12星][2y] [Java] 1van/activityhijacker Hijack and AntiHijack for Android activity.
- [12星][12m] [C++] vito11/camerahook An prototype to hook android camera preview data of third-party and system apps
- [10星][1y] [C] gtoad/android_inline_hook_thumb_example
- [10星][3m] [Rust] timvisee/apbf Tool to brute force Android security pattern through TWRP recovery.
- [10星][2y] [Java] yesterselga/password-strength-checker-android Check password strength (Weak, Medium, Strong, Very Strong). Setting optional requirements by required length, with at least 1 special character, numbers and letters in uppercase or lowercase.
- [7星][5y] [Perl] pentestpartners/android android
- [7星][2m] [Rust] superandroidanalyzer/abxml-rs Android binary XML decoding library in Rust.
- [6星][4y] [Java] cspf-founder/dodovulnerablebank Insecure Vulnerable Android Application that helps to learn hacing and securing apps
- [6星][12m] [Py] datadancer/hiafuzz Hybrid Interface Aware Fuzz for Android Kernel Drivers
- [6星][4y] praveshagrawal/droid-toolkit A complete toolkit for Android Hacking
- [6星][1y] [Java] nishchalraj/passwordstrengthbar An android library to show the password strength using four strength bars with colours set for each.
- [5星][10m] [Java] ioactive/aosp-downloadproviderheadersdumper PoC Exploiting Headers Disclosure in Android's Download Provider (CVE-2018-9546)
- [5星][6y] [Java] lanrat/wifi_recovery A simple android application to retrieve saved WIFI passwords
- [5星][2y] [TeX] pietroborrello/android-malware-detection Detecting malicious android programs through ML techniques
- [5星][2y] rev-code/androidclient Android remote administration client
- [5星][8d] [YARA] qeeqbox/analyzer Threat intelligence framework for extracting artifacts and IoCs from Windows, Linux, Android, iPhone, Blackberry, macOS binaries and more
- [4星][1y] [Py] 51j0/android-storage-extractor A tool to extract local data storage of an Android application in one click.
- [4星][7y] [Java] asudhak/android-malware Android Malware POC for CSC591
- [4星][2y] [Java] flintx/airmanager 第九届全国大学生信息安全竞赛 参赛作品 Android部分
- [4星][2y] [Java] fooock/shodand Console and Android native Shodan application. Developed using MVP architecture, RxJava, Butterknife, zxing and more! Looking for collaborators, join now!
- [4星][2y] [TeX] gelldur/msc-thesis Master's Thesis: Decompiling Android OS applications
- [4星][6y] [C] lance0312/vulnapp A vulnerable Android app
- [4星][4y] [C] mono-man/kgdb-android Patches to the Nexus 6 (Shamu) kernel source to allow KGDB over serial debug cable
- [4星][8m] [Java] netdex/android-hid-script An Android app that allows you to script HID emulation tasks.
- [4星][3y] [OpenEdge ABL] sp2014/android-malware-detector A machine learning based Android malware detection model.
- [4星][3y] [Java] b00sti/wifi-analyzer Analyzer 802.11 networks - android app [to refactor]
- [4星][6y] [Py] sushant-hiray/android-malware-detection Storehouse of scripts/code snippets corresponding to the current RnD project.
- [3星][7y] [Java] alaasalman/aids Proof of concept Android Intrusion Detection System.
- [3星][2y] [Java] alexeyzatsepin/cp-tester Android application for finding vulnerabilities in all of content providers based on SQLite databases on your device with sql-injection
- [3星][3y] [Kotlin] alilotfi/virustotalclient VirusTotal for Android checks the applications installed in your Android phone against VirusTotal (
- [3星][Py] btx3/ipwebcam-destroyer Android IP Webcam DoS Tool
- [3星][10m] d4wu/unity3d-android-reverse-demo
- [3星][6y] [C] hiikezoe/libfb_mem_exploit CVE-2013-2596 exploit for android
- [3星][2y] [Java] leetcodes/poc-android-malware A simple andorid malware uploading basic info to remote server
- [3星][5y] [Py] niejuhu/pocs Android漏洞验证程序
- [3星][9m] [Java] pangodream/claudioremote Simple android App to show Claudio remote configuration capabilities
- [3星][3y] prashantmi/android-h Android Hacker is a software based on ADB (Android Debug Bridge) and can compromise any "Android Device"
- [3星][1y] [Shell] wazehell/android-usb-pwn simple script to pwn android phone with physical access
- [3星][2y] [Java] threedr3am/ctf-android-writeup 很久以前参加CTF比赛做出来的部分Android逆向题目wp(瞎写,自用记录)
- [3星][6y] zoobab/busybox-static-for-android A static busybox for android
- [3星][3y] [Py] zyrikby/fsquadra2 Evaluation of Resource-based App Repackaging Detection in Android
- [3星][12y] [C] bcopeland/android_packetspammer packetspammer for android
- [3星][8m] [Visual Basic .NET] pericena/apkdcx Los programas nos ayudara a poder descomprimir o descompilar las aplicaciones que son desarrollada en Android, con la extensión”.apk “para poder modificar el código y mejorar la aplicación.
- [2星][2y] androidtamer/awesome_android_pentest Awesome android Pentest tools collection
- [2星][10m] [Shell] b15mu7h/androidmalwarezoo A Collection of Android Malware
- [2星][12m] [Java] b3nac/injuredandroid A vulnerable Android application that shows simple examples of vulnerabilities in a ctf style.
- [2星][3y] [Py] kr1shn4murt1/exploit-ms-17-010 Exploit para vulnerabilidad ms17-010 desde android
- [2星][5y] [Py] lanninghuanxue/droidj A System for Android Malware Detection and Analysis
- [2星][5y] [D] monstersb/arpdetection Arp attack detection for android
- [2星][2y] [TeX] neutze/master-latex-thesis Master's Thesis "Analysis of Android Cracking Tools and Investigations in Counter Measurements for Developers" at Fakultät für Informatik of Technische Universität München
- [2星][5y] [Java] nodoraiz/latchhooks Hack for Android app hooking using latch
- [2星][2y] [Py] pypygeek/amiv Android Malware Info Visibility Tool
- [2星][6y] yangwenbo/resetpin POC of Android Fragment Injection vulnerability, about reset PIN
- [2星][2m] [C++] bootak/touchlogger-android-client Log all gestures on android phone without root permissions (developer options enabled required!)
- [1星][1y] [Shell] backtrackcroot/androidtoolbox A android decompile tool set.
- [1星][3y] [Java] ctf/ctf-android Source code for CTF's Android app
- [1星][3y] [C++] cvvt/challenge_for_ctf Source code of android challenges for capturing the flag
- [1星][7y] [C] gerasiov/abootimg-android Android build of abootimg
- [1星][6y] huyle333/androidmitllctf2013 BUILDS Team 2 Android code from the MIT LL CTF 2013 for future reference. A list of APK files with different functions.
- [1星][8y] [Java] rajasaur/ctfdroid Android app for talking to Forge
- [1星][4y] [Java] sushanthikshwaku/antiv Anti virus app for android using VirusTotal
- [1星][2y] [Py] tum-i22/localizing-android-malicious-behaviors Initial implementation of a method to localize malicious behaviors from API call traces of Android apps
- [1星][8y] utkanos/android_device_htc_rezound working POC device for building bootable recovery
- [1星][8y] utkanos/android_device_htc_vigor poc cwmr port for htc rezound
- [1星][12m] [Java] oxagast/ansvif_android An Android frontend for ansvif fuzzing
- [1星][4y] [C] ru-faraon/pixiewps-android
- [1星][6y] [PHP] akibsayyed/poc-android-malware-files PHP Files for Android malware
- [0星][5y] [Java] anonim1133/ctf Simple Android app to play Caputre The Flag. By using GPS and wifi it allows you to "capture the flags".
- [0星][3y] [Java] artwyman/android_ctf
- [0星][2y] [Py] bizdak/silverboxcc Reverse engineered android malware, and this is a C&C server for it
- [0星][7m] [Py] brant-ruan/idf4apev Integrated Detection Framework for Android's Privilege Escalation Vulnerabilites
- [0星][4y] [C] c0d3st0rm/android_kernel_tesco_ht7s3 Android kernel source for Tesco's first Hudl (HT7S3). This is here only for reference, as Tesco don't host kernel sources anymore, and is unbuildable - the kernel configs are missing and so are some of the essential parts of the kernel, eg WiFi drivers.
- [0星][2y] chicharitomu14/android-hover-attack-document A document about Android Hover Attack in Chinese, organized from the paper “Using Hover to Compromise the Confidentiality of User Input on Android”
- [0星][7y] ctfk/cl.ctfk Android CTF Game
- [0星][6y] [Java] ctz/android-keystore POC for Android keystore leak
- [0星][5m] [Perl] debos99/droidvenom DroidVenom is simple perl script for creating custom payload for android
- [0星][6y] [C] enjens/android_kernel_sony_pollux_windy_stock Stock kernel with kexec patches for Sony Tablet Z WIFI
- [0星][4y] [Py] eward9/android-backdoor-factory
- [0星][3y] [Java] fathulkirom22/androidctf
- [0星][6y] [Groovy] jhong01/ctfpro Android Capture the Flag Pro
- [0星][5y] [Java] kappaetakappa/robot-ctf-android Controller software for the Expo project
- [0星][10m] [Smali] moviet/space-ghost A simple example source codes of an initial android app cloner
- [0星][1y] paradox5566/evihunter EviHunter is a static program analysis tool for parsing the evidentiary data from Android apps.
- [0星][5y] preethams2/m_analysis Android malware tuts
- [0星][5y] qwertgfdvgjh/xmanager xManager-手机安全卫士/练手Android项目,自己独立开发
- [0星][3y] [Java] sanjeet990/android-antivirus-project This is an Antivirus project for Android that I created for my college project.
- [0星][3y] serval-snt-uni-lu/hookranker Automatically Locating Malicious Payload in Piggybacked Android Apps (A Hook Ranking Approach)
- [0星][2y] [Java] toulousehackingconvention/bestpig-reverse-android-serial THC CTF 2018 - Reverse - Android serial
- [0星][7y] [C] tvall43/android_kernel_grouper kernel for the Google Asus Nexus 7 (2012) Wifi (insane naming system, right?)
- [0星][5y] vaginessa/kali_launcher_android_app Android Application to launch Kali Android chroot.
- [0星][6m] [C] alex91ar/gdb-multiarch Patched GDB-Multiarch to debug android Kernels.
- [183星][30d] [Kotlin] iammert/applocker
- [157星][2m] [Java] reddr/libscout Third-party library detector for Java/Android apps
- [154星][4m] [Java] rednaga/axmlprinter Library for parsing and printing compiled Android manifest files
- [149星][2y] [Py] mhelwig/apk-anal Android APK analyzer based on radare2 and others.
- 重复区段: Radare2->插件->新添加的 |
- [146星][10m] [Java] lanchon/haystack Signature Spoofing Patcher for Android
- [142星][2m] [Java] joshjdevl/libsodium-jni (Android) Networking and Cryptography Library (NaCL) JNI binding. JNI is utilized for fastest access to native code. Accessible either in Android or Java application. Uses SWIG to generate Java JNI bindings. SWIG definitions are extensible to other languages.
- [139星][3m] nathanchance/android-kernel-clang Information on compiling Android kernels with Clang
- [137星][9m] [Py] ale5000-git/tingle Android patcher
- [136星][3y] [Batchfile] eliteandroidapps/whatsapp-key-db-extractor Allows WhatsApp users to extract their cipher key and databases on non-rooted Android devices.
- [132星][5y] [C] hiteshd/android-rootkit A rootkit for Android. Based on "Android platform based linux kernel rootkit" from Phrack Issue 68
- [129星][3m] [Shell] exalab/anlinux-resources Image and Script for LinuxOnAndroid App
- [127星][2m] osm0sis/android-busybox-ndk Keeping track of instructions and patches for building busybox with the Android NDK
- [122星][4y] irsl/adb-backup-apk-injection Android ADB backup APK Injection POC
- [121星][7y] [Py] liato/android-market-api-py A Python port of the java Android Market API.
- [120星][10m] [Java] securityfirst/umbrella_android Digital and Physical Security Advice App
- [120星][2m] [C++] stealth/lophttpd lots of performance (or lots of porn, if you prefer) httpd: Easy, chrooted, fast and simple to use HTTP server for static content. Runs on Linux, BSD, Android and OSX/Darwin. It's free but if you like it, consider donating to the EFF:
- [119星][1m] [Kotlin] babylonhealth/certificate-transparency-android Certificate transparency for Android and Java
- [118星][4m] [Java] andprox/andprox Native Android Proxmark3 client (no root required)
- [117星][2m] [Java] auth0/lock.android Android Library to authenticate using Auth0 and with a Native Look & Feel
- [117星][3y] [Java] rafaeltoledo/android-security An app showcase of some techniques to improve Android app security
- [114星][7m] [Py] alexmyg/andropytool A framework for automated extraction of static and dynamic features from Android applications
- [113星][4y] [Java] evilsocket/pdusms PoC app for raw pdu manipulation on Android.
- [109星][2y] [C] pbatard/bootimg-tools Android boot.img creation and extraction tools [NOTE: This project is NO LONGER maintained]
- [104星][19d] [Py] virb3/apk-utilities Tools and scripts to manipulate Android APKs
- [104星][12m] [Java] varunon9/remote-control-pc Control Laptop using Android. Remote control PC consists of android as well as desktop app written in Java to control laptop using phone.
- [103星][9m] [C++] quarkslab/android-restriction-bypass PoC to bypass Android restrictions
- [99星][11m] winterssy/miui-purify 个人兴趣项目存档,使用 apktool 魔改 MIUI ROM,去除 MIUI 系统新增的广告。
- [97星][4y] [Java] zencodex/hack-android Collection tools for hack android, java
- [95星][4m] [Java] dexpatcher/dex2jar Unofficial dex2jar builds
- [92星][18d] [Py] imtiazkarimik23/atfuzzer "Opening Pandora's Box through ATFuzzer: Dynamic Analysis of AT Interface for Android Smartphones" ACSAC 2019
- [91星][3y] [Java] 5gsd/aimsicdl AIMSICD Lite (Android IMSI-Catcher Detector) - reloaded!
- [90星][3y] [Java] mingyuan-xia/patdroid A Program Analysis Toolkit for Android
- [90星][8y] [Java] securitycompass/androidlabs Android security labs
- [88星][1y] [ObjC] cmackay/google-analytics-plugin Cordova Google Analytics Plugin for Android & iOS
- [88星][3m] [Scala] rsertelon/android-keystore-recovery A tool to recover your lost Android keystore password
- [86星][3y] [Py] ucsb-seclab/baredroid bare-metal analysis on Android devices
- [85星][7y] [Java] thomascannon/android-sms-spoof PoC app which takes advantage of Android's SmsReceiverService being exported to fake an incoming SMS with no permissions.
- [84星][2y] [Kotlin] viktordegtyarev/callreclib Call Recorder fix for Android 7 and Android 6
- [81星][4y] [Py] android-dtf/dtf Android Device Testing Framework ("dtf")
- [80星][12m] [Java] thelinuxchoice/droidtracker Script to generate an Android App to track location in real time
- [79星][3m] [Py] sashs/filebytes Library to read and edit files in the following formats: Executable and Linking Format (ELF), Portable Executable (PE), MachO and OAT (Android Runtime)
- [77星][8d] [HTML] android-x86/android-x86.github.io Official Website for Android-x86 Project
- [77星][2y] [C++] daizhongyin/securitysdk Android安全SDK,提供基础的安全防护能力,如安全webview、IPC安全通信、应用和插件安全更新、威胁情报搜集等等
- [77星][19d] [Py] nightwatchcybersecurity/truegaze Static analysis tool for Android/iOS apps focusing on security issues outside the source code
- [76星][3y] [Py] moosd/needle Android framework injection made easy
- [75星][3y] [Java] guardianproject/cacheword a password caching and management service for Android
- [74星][3m] [Ruby] devunwired/apktools Ruby library for reading/parsing APK resource data
- [73星][2y] [C++] vusec/guardion Android GuardION patches to mitigate DMA-based Rowhammer attacks on ARM
- [71星][4y] [Py] programa-stic/marvin-django Marvin-django is the UI/database part of the Marvin project. Marvin is a platform for security analysis of Android apps.
- [70星][2y] androidtamer/androidtamer We Use Github Extensively and openly. So it becomes dificult to track what's what and what's where. This repository is a master repo to Help with that.
- [69星][23d] [Java] auth0/auth0.android Android toolkit for Auth0 API
- [68星][1y] [Shell] kiyadesu/android walk into Android security step by step
- [66星][11m] [Py] yelp/parcelgen Helpful tool to make data objects easier for Android
- [65星][5y] [Java] guardianproject/trustedintents library for flexible trusted interactions between Android apps
- [65星][6y] [Java] ibrahimbalic/androidrat Android RAT
- [65星][6y] [C++] trevd/android_root Got Root!
- [65星][8y] [C] robclemons/arpspoof Android port of Arpspoof
- [64星][3m] [Java] flankerhqd/bindump4j A portable utility to locate android binder service
- [64星][7y] [C] hiikezoe/android_run_root_shell
- [62星][2y] [C] wlach/orangutan Simulate native events on Android-like devices
- [61星][7y] [Java] intrepidusgroup/iglogger Class to help with adding logging function in smali output from 3rd party Android apps.
- [58星][5y] [C] poliva/dexinfo A very rudimentary Android DEX file parser
- [58星][2m] [Kotlin] m1dr05/istheapp Open-source android spyware
- [57星][2y] [Java] amotzte/android-mock-location-for-development allows to change mock location from command line on real devices
- [56星][1y] [C] jduck/canhazaxs A tool for enumerating the access to entries in the file system of an Android device.
- [55星][1y] [JS] enovella/androidtrainings Mobile security trainings based on android
- [55星][6m] [Java] pnfsoftware/jeb2-androsig Android Library Code Recognition
- [55星][11d] [Java] gedsh/invizible Android application for Internet privacy and security
- [55星][3y] [Java] giovannicolonna/msfvenom-backdoor-android Android backdoored app, improved source code of msfvenom android .apk
- [53星][2y] [Java] modzero/modjoda Java Object Deserialization on Android
- [53星][2m] [Py] nelenkov/android-device-check Check Android device security settings
- [53星][3y] [Shell] nvssks/android-responder Scripts for running Responder.py in an Android (rooted) device.
- [53星][5y] [Java] thuxnder/androiddevice.info Android app collecting device information and submiting it to
- [53星][1m] [Py] ucsb-seclab/agrigento Agrigento is a tool to identify privacy leaks in Android apps by performing black-box differential analysis on the network traffic.
- [50星][5y] [Java] retme7/broadanywhere_poc_by_retme_bug_17356824 a poc of Android bug 17356824
- [48星][3y] [Shell] osm0sis/apk-patcher Patch APKs on-the-fly from Android recovery (Proof of Concept)
- [48星][5y] [C++] sogeti-esec-lab/android-fde Tools to work on Android Full Disk Encryption (FDE).
- [48星][7y] tias/android-busybox-ndk Keeping track of instructions and patches for building busybox with the android NDK
- [47星][3y] [Py] alessandroz/pupy Python编写的远控、后渗透工具,跨平台(Windows, Linux, OSX, Android)
- [47星][6m] [Java] tlamb96/kgb_messenger An Android CTF practice challenge
- [46星][5m] [Py] cryptax/angeapk Encrypting a PNG into an Android application
- [46星][1y] [Java] kaushikravikumar/realtimetaxiandroiddemo PubNub Demo that uses a Publish/Subscribe model to implement a realtime map functionality similar to Lyft/Uber.
- [44星][2y] [Java] m301/rdroid [Android RAT] Remotely manage your android phone using PHP Interface
- [43星][11m] [Kotlin] cbeuw/cloak-android Android client of Cloak
- [42星][3m] [Java] nowsecure/cybertruckchallenge19 Android security workshop material taught during the CyberTruck Challenge 2019 (Detroit USA).
- [41星][4y] [C] sesuperuser/super-bootimg Tools to edit Android boot.img. NDK buildable, to be usable in an update.zip
- [41星][2y] [Shell] xtiankisutsa/twiga twiga:枚举 Android 设备,获取了解其内部部件和漏洞利用的信息
- [40星][2y] [Java] ivianuu/contributer Inject all types like views or a conductor controllers with @ContributesAndroidInjector
- [40星][7y] [C++] taintdroid/android_platform_dalvik Mirror of git://android.git.kernel.org/platform/dalvik.git with TaintDroid additions (mirror lags official Android)
- [40星][5y] [Java] tacixat/cfgscandroid Control Flow Graph Scanning for Android
- [40星][12m] [Java] thelinuxchoice/droidcam Script to generate an Android App to take photos from Cameras
- [39星][5y] [C] cyanogenmod/android_external_openssl OpenSSL for Android
- [39星][1y] [Py] sundaysec/andspoilt Run interactive android exploits in linux.
- [38星][8m] [Java] pnfsoftware/jnihelper jeb-plugin-android-jni-helper
- [37星][13d] [Java] cliqz-oss/browser-android CLIQZ for Android
- [37星][4y] [Java] julianschuette/condroid Symbolic/concolic execution of Android apps
- [35星][6m] [Py] bkerler/dump_avb_signature Dump Android Verified Boot Signature
- [35星][6y] [C#] redth/android.signature.tool Simple GUI tool for Mac and Windows to help find the SHA1 and MD5 hashes of your Android keystore's and apk's
- [35星][3y] [Java] serval-snt-uni-lu/droidra Taming Reflection to Support Whole-Program Analysis of Android Apps
- [34星][2y] hardenedlinux/armv7-nexus7-grsec Hardened PoC: PaX for Android
- [34星][11m] [Kotlin] cbeuw/goquiet-android GoQuiet plugin on android
- [33星][1y] [C] jp-bennett/fwknop2 A replacement fwknop client for android.
- [33星][3y] [Java] riramar/pubkey-pin-android Just another example for Android Public Key Pinning (based on OWASP example)
- [33星][7m] [Shell] robertohuertasm/apk-decompiler Small Rust utility to decompile Android apks
- [32星][2y] dweinstein/dockerfile-androguard docker file for use with androguard python android app analysis tool
- [30星][4m] [Py] azmatt/anaximander Python Code to Map Cell Towers From a Cellebrite Android Dump
- [30星][8m] [Java] pnfsoftware/jeb2-plugin-oat Android OAT Plugin for JEB
- [30星][3y] [Java] amitshekhariitbhu/applock Android Application for app lock
- [29星][1y] [C] calebfenton/native-harness-target Android app for demonstrating native library harnessing
- [29星][1m] [JS] fsecurelabs/android-keystore-audit
- [28星][3y] [Java] martinstyk/apkanalyzer Java tool for analyzing Android APK files
- [27星][4y] [C] anarcheuz/android-pocs
- [27星][3m] [Py] cryptax/droidlysis Property extractor for Android apps
- [27星][3m] grapheneos/os_issue_tracker Issue tracker for GrapheneOS Android Open Source Project hardening work. Standalone projects like Auditor, AttestationServer and hardened_malloc have their own dedicated trackers.
- [26星][1y] [Ruby] ajitsing/apktojava View android apk as java code in gui
- [25星][3y] zyrikby/android_permission_evolution Analysis of the evolution of Android permissions. This repository contains the results presented in the paper "Small Changes, Big Changes: An Updated View on the Android Permission System".
- [25星][11m] [Visual Basic .NET] modify24x7/ultimate-advanced-apktool v4.1
- [24星][2y] [Java] commonsguy/autofillfollies Demonstration of security issues with Android 8.0 autofill
- [24星][1y] [C++] zsshen/yadd Yet another Android Dex bytecode Disassembler: a static Android app disassembler for fast class and method signature extraction and code structure visualization.
- [24星][4y] [Java] stealthcopter/steganography Android Steganography Library
- [24星][2m] [Java] snail007/goproxy-ss-plugin-android goproxy安卓全局代理,ss goproxy安卓插件, goproxy :
- [22星][1m] [Smali] aress31/sci Framework designed to automate the process of assembly code injection (trojanising) within Android applications.
- [21星][7y] [C] 0xroot/whitesnow An experimental rootkit for Android
- [21星][1y] [Smali] dan7800/vulnerableandroidapporacle
- [20星][10m] [Rust] gamozolabs/slime_tree Worst Android kernel fuzzer
- [20星][5y] snifer/l4bsforandroid Repositorio de APK para Hacking y Seguridad
- [19星][3m] [C] cybersaxostiger/androiddump A tool pulls loaded binaries ordered by memory regions
- [19星][2m] [Java] h3xstream/find-sec-bugs The FindBugs plugin for security audits of Java web applications and Android applications. (Also work with Scala and Groovy projects)
- [19星][5y] [Java] juxing/adoreforandroid Transplant adore rootkit for Android platform.
- [19星][5y] [C++] trustonic/trustonic-tee-user-space Android user space components for the Trustonic Trusted Execution Environment
- [18星][3y] [C] freddierice/farm-root Farm root is a root for android devices using the dirty cow vulnerability
- [18星][7y] [Java] jseidl/goldeneye-mobile GoldenEye Mobile Android Layer 7 HTTP DoS Test Tool
- [18星][4y] [Java] meleap/myo_andoridemg We got the Myo's EMG-data on Android by hacking bluetooth.
- [18星][6y] [Java] taufderl/whatsapp-sniffer-android-poc proof of concept app to show how to upload and decrypt WhatsApp backup database
- [18星][30d] jqorz/biquge_crack 笔趣阁_Android_去广告修改版(免费看小说!无广告!秒开无等待!)反编译学习
- [17星][3y] bemre/bankbot-mazain 针对Android设备的开源手机银行木马BankBot / Mazain分析
- [17星][6y] [Py] thomascannon/android-fde-decryption Cracking and decrypting Android Full Device Encryption
- [17星][6y] [Java] fsecurelabs/mwr-android A collection of utilities for Android applications.
- [16星][2y] androidtamer/tools This website will be holding list / details of each and every tool available via Android Tamer
- [16星][4y] lewisrhine/kotlin-for-android-developers-zh Kotlin for android developers in chinese.
- [15星][2y] [C++] chenzhihui28/securitydemo ndk进行简单的签名校验,密钥保护demo,android应用签名校验
- [15星][4m] hyrathon/hitcon2019 Slides(In both CN and EN) & WP(outdated) of my topic in HITCON 2019 about bug hunting in Android NFC
- [15星][7y] [Vim script] jlarimer/android-stuff Random scripts and files I use for Android reversing
- [15星][2y] [Java] tanprathan/sievepwn An android application which exploits sieve through android components.
- [13星][2y] anelkaos/ada Android Automation Tool
- [13星][2y] [Scala] fschrofner/glassdoor glassdoor is a modern, autonomous security framework for Android APKs. POC, unmaintained unfortunately.
- [13星][6y] [Shell] k3170makan/droidsploit A collection of scripts to find common application vulnerabilities in Android Applications
- [13星][5y] [Py] lifeasageek/morula Morula is a secure replacement of Zygote to fortify weakened ASLR on Android
- [13星][1y] [Shell] theyahya/android-decompile
- [12星][3m] [Py] clviper/droidstatx Python tool that generates an Xmind map with all the information gathered and any evidence of possible vulnerabilities identified via static analysis. The map itself is an Android Application Pentesting Methodology component, which assists Pentesters to cover all important areas during an assessment.
- [12星][1y] [JS] integrity-sa/android Repository with research related to Android
- [12星][7y] [Java] jeffers102/keystorecracker Helps retrieve forgotten keystore passwords using your commonly used segments. Great for those forgotten Android keystore passphrases, which is exactly why I created this tool in the first place!
- [12星][3y] [Java] miguelmarco/zcashpannel An android front-end to the zcash wallet through onion services
- [12星][5y] [Java] poliva/radare-installer Application to easily download and install radare2 on android devices
- [12星][3y] [Py] zyrikby/bboxtester Tool to measure code coverage of Android applications when their source code is not available
- [11星][7m] [Java] radare/radare2-installer Application to easily download and install radare2 on android devices
- [11星][1y] [Java] wishihab/wedefend-android ⛔
- [11星][1y] [Java] zjsnowman/hackandroid Android安全之 Activity 劫持与反劫持
- [11星][2y] [Java] mandyonze/droidsentinel Analizador de tráfico para dispositivos Android potencialmente comprometidos como parte de una botnet orientado a detectar ataques DDoS.
- [10星][5y] [C] christianpapathanasiou/defcon-18-android-rootkit-mindtrick Worlds first Google Android kernel rootkit as featured at DEF CON 18
- [10星][4y] [Java] cyberscions/digitalbank Android Digital Bank Vulnerable Mobile App
- [9星][3y] [C++] android-art-intel/nougat ART-Extension for Android Nougat
- [9星][5y] [Shell] bbqlinux/android-udev-rules
- [9星][2y] [Java] djkovrik/comicser Udacity Android Developer Nanodegree - Capstone project.
- [9星][4y] [C] ele7enxxh/fakeodex modify field(modWhen, crc) in android odex file;安卓APP“寄生兽”漏洞
- [9星][2y] [Java] optimistanoop/android-developer-nanodegree This repo contains all 8 Apps developed during Udacity Android Developer Nanodegree. These all Apps met expectation during code review process of Udacity Android Developer Nanodegree.
- [9星][1y] [C#] preemptive/protected-todoazureauth Example of protecting a Xamarin.Android app with Dotfuscator’s Root Check
- [9星][7m] [Go] shosta/androsectest Automate the setup of your Android Pentest and perform automatically static tests
- [9星][1y] [Kotlin] smartnsoft/android-monero-miner A minimal SDK that lets an integrator add a Monero Miner using the Javascript miner created by CoinHive. The Monero Miner can be used with any CoinHive address and is a proof of concept of an alternative to ad banners and interstitials for mobile app developers that want to get retributed for their work without spamming their users with bad adve…
- [8星][7y] [Py] agnivesh/aft [Deprecated] Android Forensic Toolkit
- [8星][4y] [Java] appknox/vulnerable-application Test Android Application.
- [8星][2y] [JS] checkmarx/webviewgoat A deliberately vulnerable Android application to demonstrate exfiltration scenarios
- [8星][11m] [C] hcamael/android_kernel_pwn android kernel pwn
- [8星][6y] [Java] fsecurelabs/mwr-tls A collection of utilities for interacting with SSL and X509 Certificates on Android.
- [7星][5y] [CSS] dhirajongithub/owasp_kalp_mobile_project OWASP KALP Mobile Project is an android application developed for users to view OWASP Top 10 (WEB and MOBILE) on mobile devices.
- [7星][2y] [Py] sathish09/xender2shell 利用 web.xender.com 入侵用户的 Android 手机
- [7星][2m] [C++] amrashraf/androshield An ASP.NET web application that responsible of detecting and reporting vulnerabilities in android applications by static and dynamic analysis methodologies.
- [6星][2y] [C#] advancedhacker101/android-c-sharp-rat-server This is a plugin for the c# R.A.T server providing extension to android based phone systems
- [6星][12m] as0ler/android-examples APK's used as example Apps for decompiling
- [6星][5m] [Py] h1nayoshi/smalien Information flow analysis tool for Android applications
- [6星][2y] [Py] silentsignal/android-param-annotate Android parameter annotator for Dalvik/Smali disassembly
- [6星][3y] [Java] theblixguy/scanlinks Block unsafe and dangerous links on your Android device!
- [6星][5y] vaginessa/pwn-pad-arsenal-tools Penetration Testing Apps for Android Devices
- [14557星][13d] [Java] tencent/tinker Tinker is a hot-fix solution library for Android, it supports dex, library and resources update without reinstall apk.
- [6684星][3y] [C++] alibaba/andfix AndFix is a library that offer hot-fix for Android App.
- [3462星][27d] [Java] meituan-dianping/robust Robust is an Android HotFix solution with high compatibility and high stability. Robust can fix bugs immediately without a reboot.
- [1117星][6m] [Java] manbanggroup/phantom 唯一零 Hook 稳定占坑类 Android 热更新插件化方案
- [5080星][2m] [Java] meituan-dianping/walle Android Signature V2 Scheme签名下的新一代渠道包打包神器
- [1663星][2y] [Shell] juude/droidreverse android 逆向工程工具集
- [72星][9m] wufengxue/android-reverse 安卓逆向工具汇总
- [12285星][11d] [Java] signalapp/signal-android A private messenger for Android.
- [8756星][2m] [Java] android-hacker/virtualxposed A simple app to use Xposed without root, unlock the bootloader or modify system image, etc.
- [2559星][7m] taichi-framework/taichi A framework to use Xposed module with or without Root/Unlock bootloader, supportting Android 5.0 ~ 10.0
- [2034星][12d] [Java] elderdrivers/edxposed Elder driver Xposed Framework.
- [1726星][1y] [Java] ac-pm/inspeckage Android Package Inspector - dynamic analysis with api hooks, start unexported activities and more. (Xposed Module)
- [1655星][2m] [Java] tiann/epic Dynamic java method AOP hook for Android(continution of Dexposed on ART), Supporting 4.0~10.0
- [1494星][2y] [Kotlin] gh0u1l5/wechatmagician WechatMagician is a Xposed module written in Kotlin, that allows you to completely control your Wechat.
- [1296星][2m] [Java] android-hacker/exposed A library to use Xposed without root or recovery(or modify system image etc..).
- [839星][5y] halfkiss/zjdroid 基于Xposed Framewrok的动态逆向分析模块
- [790星][8m] [Java] blankeer/mdwechat 一个能让微信 Material Design 化的 Xposed 模块
- [669星][12d] [Java] ganyao114/sandhook Android ART Hook/Native Inline Hook/Single Instruction Hook - support 4.4 - 10.0 32/64 bit - Xposed API Compat
- [478星][2m] [Java] tornaco/x-apm 应用管理 Xposed
- [424星][3y] [Makefile] mindmac/androideagleeye An Xposed and adbi based module which is capable of hooking both Java and Native methods targeting Android OS.
- [322星][1y] [C] smartdone/dexdump 一个用来快速脱一代壳的工具(稍微改下就可以脱类抽取那种壳)(Android)
- [309星][1m] bigsinger/androididchanger Xposed Module for Changing Android Device Info
- [309星][13d] [Java] ganyao114/sandvxposed Xposed environment without root (OS 5.0 - 10.0)
- [283星][2y] [C++] rovo89/android_art Android ART with modifications for the Xposed framework.
- [214星][1y] [Kotlin] paphonb/androidp-ify [Xposed] Use features introduced in Android P on your O+ Device!
- [204星][1y] [C] gtoad/android_inline_hook Build an so file to automatically do the android_native_hook work. Supports thumb-2/arm32 and ARM64 ! With this, tools like Xposed can do android native hook.
- [127星][2y] [Java] bmax121/budhook An Android hook framework written like Xposed,based on YAHFA.
- [120星][3y] [Java] rastapasta/pokemon-go-xposed
- [79星][4m] [Go] tillson/git-hound GitHound pinpoints exposed API keys on GitHub using pattern matching, commit history searching, and a unique result scoring system. A batch-catching, pattern-matching, patch-attacking secret snatcher.
- [71星][1m] [Java] lianglixin/sandvxposed Xposed environment without root (OS 5.0 - 10.0)
- [64星][10m] [FreeMarker] dvdandroid/xposedmoduletemplate Easily create a Xposed Module with Android Studio
- [64星][8d] uniking/dingding 免root远程钉钉打卡,支持wifi和gps定位,仅支持android系统。本项目出于学习目的,仅用于学习玩耍,请于24小时后自行删除。xposed, crack,package,dingtalk,remote control
- [49星][11m] [Py] hrkfdn/deckard Deckard performs static and dynamic binary analysis on Android APKs to extract Xposed hooks
- [38星][10m] [Java] egguncle/xposednavigationbar Xposed导航栏功能拓展模块
- [36星][8m] [Py] anantshri/ds_store_crawler_parser a parser + crawler for .DS_Store files exposed publically
- [34星][5y] [Java] wooyundota/intentmonitor Tool based xposed can monitor the android intents
- [28星][5y] [Java] mindmac/xposedautomation A demo to show how to install Xposed and enable Xposed based module automatically
- [26星][5y] [Java] twilightgod/malwarebuster This is a Xposed module. It helps to prevent malwares to register service/receiver which were disabled in My Android Tools before.
- [1793星][8m] [C++] wrbug/dumpdex Android脱壳
- [1620星][3y] [Makefile] drizzlerisk/drizzledumper 是一款基于内存搜索的Android脱壳工具。
- [1465星][3m] [C++] vaibhavpandeyvpz/apkstudio Open-source, cross platform Qt based IDE for reverse-engineering Android application packages.
- [1036星][3y] [C++] zyq8709/dexhunter General Automatic Unpacking Tool for Android Dex Files
- [811星][4m] [C] strazzere/android-unpacker Android Unpacker presented at Defcon 22: Android Hacker Protection Level 0
- [712星][2m] [YARA] rednaga/apkid Android Application Identifier for Packers, Protectors, Obfuscators and Oddities - PEiD for Android
- [366星][3m] [Java] patrickfav/uber-apk-signer A cli tool that helps signing and zip aligning single or multiple Android application packages (APKs) with either debug or provided release certificates. It supports v1, v2 and v3 Android signing scheme has an embedded debug keystore and auto verifies after signing.
- [322星][6m] [Shell] 1n3/reverseapk Quickly analyze and reverse engineer Android packages
- [298星][2y] [Shell] checkpointsw/android_unpacker A (hopefully) generic unpacker for packed Android apps.
- [189星][3y] [Py] drizzlerisk/tunpacker TUnpacker是一款Android脱壳工具
- [187星][3y] [Py] andy10101/apkdetecter Android Apk查壳工具及源代码
- [148星][3y] [Py] drizzlerisk/bunpacker BUnpacker是一款Android脱壳工具
- [105星][4y] [Java] liuyufei/sslkiller SSLKiller is used for killing SSL verification functions on Android client side. With SSLKiller, You can intercept app's HTTPS communication packages between the client and server.
- [104星][3y] [Java] cvvt/apptroy An Online Analysis System for Packed Android Malware
- [89星][2y] [ObjC] wooyundota/dumpdex Android Unpack tool based on Cydia
- [68星][5y] [Py] ajinabraham/xenotix-apk-reverser Xenotix APK Reverser is an OpenSource Android Application Package (APK) decompiler and disassembler powered by dex2jar, baksmali and jd-core.
- [30星][8m] [Java] cristianturetta/mad-spy We developed a malware for educational purposes. In particular, our goal is to provide a PoC of what is known as a Repacking attack, a known technique widely used by malware cybercrooks to trojanize android apps. The answer to solve this particular goal boils down in the simplicity of APK decompiling and smali code injection.
- [22星][13d] [Py] botherder/snoopdroid Extract packages from an Android device
- [10星][2y] [Shell] nickdiego/docker-ollvm Easily build and package Obfuscator-LLVM into Android NDK.
- [1500星][27d] [C] iqiyi/xhook a PLT (Procedure Linkage Table) hook library for Android native ELF
- [1494星][9d] [C++] jmpews/dobby a lightweight, multi-platform, multi-architecture hook framework.
- [804星][25d] [C++] aslody/whale Hook Framework for Android/IOS/Linux/MacOS
- [530星][7m] [Java] aslody/andhook Android dynamic instrumentation framework
- [400星][3y] [Java] pqpo/inputmethodholder 通过hook监听系统键盘显示
- [361星][8m] [C] turing-technician/fasthook Android ART Hook
- [216星][3y] [Java] zhengmin1989/wechatsportcheat 手把手教你当微信运动第一名 – 利用Android Hook进行微信运动作弊
- [190星][4y] [C++] aslody/elfhook modify PLT to hook api, supported android 5\6.
- [123星][9m] [Java] turing-technician/virtualfasthook Android application hooking tool based on FastHook + VirtualApp
- [58星][3y] [Java] nightoftwelve/virtualhookex Android application hooking tool based on VirtualHook/VirtualApp
- [54星][3y] [Rust] nccgroup/assethook LD_PRELOAD magic for Android's AssetManager
- [36星][27d] [C++] chickenhook/chickenhook A linux / android / MacOS hooking framework
- [1492星][1y] [C++] f1xpl/openauto AndroidAuto headunit emulator
- [532星][7m] [Java] limboemu/limbo Limbo is a QEMU-based emulator for Android. It currently supports PC & ARM emulation for Intel x86 and ARM architecture. See our wiki
- [471星][3m] [Java] strazzere/anti-emulator Android Anti-Emulator
- [428星][2y] [Py] evilsocket/smali_emulator This software will emulate a smali source file generated by apktool.
- [202星][3y] [Py] mseclab/nathan Android Emulator for mobile security testing
- [168星][12m] [Py] mnkgrover08-zz/whatsapp_automation Whatsapp Automation is a collection of APIs that interact with WhatsApp messenger running in an Android emulator, allowing developers to build projects that automate sending and receiving messages, adding new contacts and broadcasting messages multiple contacts.
- [148星][5y] [C] strazzere/android-lkms Android Loadable Kernel Modules - mostly used for reversing and debugging on controlled systems/emulators
- [27星][2y] [Shell] gustavosotnas/avd-launcher Front-end to Android Virtual Devices (AVDs) emulator from Google.
- [16星][1y] [Py] abhi-r3v0/droxes A simple script to turn an Android device/emulator into a test-ready box.
- [161星][2m] [Py] nforest/droidimg Android/Linux vmlinux loader
- [118星][4y] [Py] cvvt/dumpdex 基于IDA python的Android DEX内存dump工具
- 重复区段: IDA->插件->Android |
- [83星][2y] [Py] zhkl0228/androidattacher IDA debugging plugin for android armv7 so
- 重复区段: IDA->插件->Android |
- [39星][5y] [Py] techbliss/adb_helper_qt_super_version All You Need For Ida Pro And Android Debugging
- 重复区段: IDA->插件->Android |
- [39星][2y] [Py] thecjw/ida_android_script 辅助Android调试的IDAPython脚本
- 重复区段: IDA->插件->Android |IDA->插件->调试->未分类 |
- [16星][7y] [C++] strazzere/dalvik-header-plugin Dalvik Header Plugin for IDA Pro
- 重复区段: IDA->插件->Android |
- [10794星][1m] [Java] konloch/bytecode-viewer A Java 8+ Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More)
- [6762星][10m] [Java] amitshekhariitbhu/android-debug-database A library for debugging android databases and shared preferences - Make Debugging Great Again
- [527星][5y] [Py] swdunlop/andbug Android Debugging Library
- [468星][7y] [Shell] kosborn/p2p-adb Phone to Phone Android Debug Bridge - A project for "debugging" phones... from other phones.
- [123星][3y] [C++] cheetahsec/avmdbg a lightweight debugger for android virtual machine.
- [106星][6y] [Java] isecpartners/android-opendebug Make any application debuggable
- [98星][4y] [Py] cx9527/strongdb gdb plugin for android debugging
- [65星][6y] [Py] anbc/andbug Android Debugging Library
- [57星][3y] [C] gnaixx/anti-debug Android detect debugger
- [56星][5m] [Shell] wuseman/wbruter Crack your non-rooted android device pin code with 100% guarantee aslong as usb debugging has been enable. Wbruter also has support for parallel ssh brute forcing via pssh
- [22星][1y] [C++] gtoad/android_anti_debug An example of android anti-debug.
- [429星][4m] [Shell] ashishb/android-malware Collection of android malware samples
- [347星][3m] [Java] droidefense/engine Droidefense: Advance Android Malware Analysis Framework
- [192星][4y] [HTML] faber03/androidmalwareevaluatingtools Evaluation tools for malware Android
- [123星][2y] [Java] brompwnie/uitkyk Android Frida库, 用于分析App查找恶意行为
- 重复区段: DBI->Frida->工具->新添加的 |
- [117星][7y] [C] secmobi/amatutor Android恶意代码分析教程
- [97星][2y] [Lua] niallmcl/deep-android-malware-detection Code for Deep Android Malware Detection paper
- [82星][5y] [Py] maldroid/maldrolyzer Simple framework to extract "actionable" data from Android malware (C&Cs, phone numbers etc.)
- [67星][10m] dkhuuthe/madlira Malware detection using learning and information retrieval for Android
- [65星][1y] [Py] mwleeds/android-malware-analysis This project seeks to apply machine learning algorithms to Android malware classification.
- [65星][4y] [C++] soarlab/maline Android Malware Detection Framework
- [59星][6m] [Py] hgascon/adagio Structural Analysis and Detection of Android Malware
- [49星][3y] [HTML] mburakergenc/malware-detection-using-machine-learning Malware detection project on Android devices using machine learning classification algorithms.
- [49星][2y] [java] toufikairane/andromalware Android Malware for educational purpose
- [46星][1y] [Py] maoqyhz/droidcc Android malware detection using deep learning, contains android malware samples, papers, tools etc.
- [40星][2y] [Java] miwong/intellidroid A targeted input generator for Android that improves the effectiveness of dynamic malware analysis.
- [40星][1y] traceflight/android-malware-datasets Popular Android malware datasets
- [33星][5y] [Shell] vt-magnum-research/antimalware Dynamic malware analysis for the Android platform
- [29星][2y] virqdroid/android_malware
- [27星][3y] fouroctets/android-malware-samples Android Malware Samples
- [24星][3y] [Py] bunseokbot/androtools Android malware static & dynamic analysis and automated action (deprecated)
- [19星][2y] [Py] namk12/malware-detection Deep Learning Based Android Malware Detection Framework
- [15星][3y] [Java] darrylburke/androidmalwareexample Proof of Concept example of Android Malware used for Research Purposes
- [13星][5y] [JS] cheverebe/android-malware Injected malicious code into legitimate andoid applications. Converted a keyboard app into a keylogger and an MP3 downloader into an image thief.
- [13星][6m] [HTML] fmind/euphony Harmonious Unification of Cacophonous Anti-Virus Vendor Labels for Android Malware
- [13星][9m] [Py] vinayakumarr/android-malware-detection Android malware detection using static and dynamic analysis
- [11星][3m] [Py] jacobsoo/amtracker Android Malware Tracker
- [11星][2y] [Py] tlatkdgus1/android-malware-analysis-system Android Malware Detection based on Deep Learning
- [9星][4y] [Java] acprimer/malwaredetector android malwarre detector
- [9星][2y] [Py] mldroid/csbd The repository contains the python implementation of the Android Malware Detection paper: "Empirical assessment of machine learning-based malware detectors for Android: Measuring the Gap between In-the-Lab and In-the-Wild Validation Scenarios"
- [7星][3y] [Java] waallen/http-sms-android-malware HTTP and SMS spam testing application
- [6星][7y] [Java] ssesha/malwarescanner Android app performing hash based malware detection
- [6星][3y] [Py] tuomao/android_malware_detection
- [6星][8y] [Java] twitter-university/antimalware An Android Eclipse project demonstrating how to build a simple anti-malware application
- [6星][1y] [Py] aliemamalinezhad/machine-learning android-malware-classification using machine learning algorithms
- [3078星][2m] [Java] calebfenton/simplify Generic Android Deobfuscator
- [294星][4m] [C] shadowsocks/simple-obfs-android A simple obfuscating tool for Android
- [76星][4y] [Java] enovella/jebscripts A set of JEB Python/Java scripts for reverse engineering Android obfuscated code
- [12星][1m] [Py] omirzaei/androdet AndrODet: An Adaptive Android Obfuscation Detector
- [11星][1y] [Java] miwong/tiro TIRO - A hybrid iterative deobfuscation framework for Android applications
- [9285星][1m] [Java] ibotpeaches/apktool A tool for reverse engineering Android apk files
- [2053星][1m] [Java] genymobile/gnirehtet Gnirehtet provides reverse tethering for Android
- [585星][3m] [C++] secrary/andromeda Andromeda - Interactive Reverse Engineering Tool for Android Applications [This project is not maintained anymore]
- [554星][3y] [Java] linchaolong/apktoolplus apk 逆向分析工具
- [545星][20d] maddiestone/androidappre Android App Reverse Engineering Workshop
- [331星][7y] [Java] brutall/brut.apktool A tool for reverse engineering Android apk files
- [267星][10m] [Dockerfile] cryptax/androidre 用于Android 逆向的 Docker 容器
- [246星][28d] [C++] strazzere/android-scripts Android逆向脚本收集
- 重复区段: IDA->插件->Android |
- [102星][3y] feicong/android-app-sec ISC 2016安全训练营-安卓app逆向与安全防护 ppt
- [54星][6m] [Smali] hellohudi/androidreversenotes Android逆向笔记---从入门到入土
- [54星][9y] [Emacs Lisp] nelhage/reverse-android Reverse-engineering tools for Android applications
- [32星][3y] nextco/android-decompiler A hight quality list of tools to reverse engineering code from android.
- [16星][3m] [Smali] freedom-wy/reverse_android 安卓从开发到逆向
- [11星][2y] [Smali] yifengyou/android-software-security-and-reverse-analysis Android软件安全与逆向分析
- [6星][2y] [CSS] oscar0812/apktoolfx A GUI for Apktool to make reverse engineering of android apps a breeze.
- 2019.12 [aliyun] Android智能终端系统的安全加固(上)
- 2019.11 [venus] Android勒索病毒分析(上)
- [2540星][10m] [ObjC] nygard/class-dump Generate Objective-C headers from Mach-O files.
- [2389星][2y] [Py] secretsquirrel/the-backdoor-factory 为PE, ELF, Mach-O二进制文件添加Shellcode后门
- [2140星][2m] [Py] jonathansalwan/ropgadget This tool lets you search your gadgets on your binaries to facilitate your ROP exploitation. ROPgadget supports ELF, PE and Mach-O format on x86, x64, ARM, ARM64, PowerPC, SPARC and MIPS architectures.
- [1471星][3y] [ObjC] polidea/ios-class-guard Simple Objective-C obfuscator for Mach-O executables.
- [856星][3y] [C++] 0vercl0k/rp rp++ is a full-cpp written tool that aims to find ROP sequences in PE/Elf/Mach-O x86/x64 binaries. It is open-source and has been tested on several OS: Debian / Windows 8.1 / Mac OSX Lion (10.7.3). Moreover, it is x64 compatible and supports Intel syntax. Standalone executables can also be directly downloaded.
- [399星][2m] [Logos] limneos/classdump-dyld Class-dump any Mach-o file without extracting it from dyld_shared_cache
- [331星][3y] [C] steakknife/unsign Remove code signatures from OSX Mach-O binaries (note: unsigned binaries cannot currently be re-codesign'ed. Patches welcome!)
- [269星][5y] [C] conradev/dumpdecrypted Dumps decrypted mach-o files from encrypted iPhone applications from memory to disk. This tool is necessary for security researchers to be able to look under the hood of encryption.
- [265星][8m] [ObjC] devaukz/macho-kit A C/Objective-C library for parsing Mach-O files.
- [238星][3y] aidansteele/osx-abi-macho-file-format-reference Mirror of OS X ABI Mach-O File Format Reference
- [197星][2y] [ObjC] alonemonkey/dumpdecrypted Dumps decrypted mach-o files from encrypted applications、framework or app extensions.
- [178星][4m] [ObjC] yulingtianxia/apporderfiles The easiest way to generate order files for Mach-O using Clang. Improving App Performance.
- [150星][2y] [C] alexdenisov/bitcode_retriever Retrieves Bitcode from Mach-O binaries
- [148星][14d] [Rust] m4b/faerie Magical ELF and Mach-o object file writer backend
- [137星][2y] [ObjC] bluecocoa/class-dump Generate Objective-C headers from Mach-O files.
- [124星][8m] [Swift] devaukz/macho-explorer A graphical Mach-O viewer for macOS. Powered by Mach-O Kit.
- [105星][2y] [C++] tyilo/macho_edit Command line utility for modifying Mach-O binaries in various ways.
- [100星][4y] [Py] jonathansalwan/abf Abstract Binary Format Manipulation - ELF, PE and Mach-O format
- [62星][7y] [C] gdbinit/osx_boubou A PoC Mach-O infector via library injection
- [48星][5m] [ObjC] dcsch/macho-browser Mac browser for Mach-O binaries (macOS, iOS, watchOS, and tvOS)
- [39星][5y] [C] x43x61x69/codeunsign A Mach-O binary codesign remover.
- [35星][3y] [Py] airbus-seclab/elfesteem ELF/PE/Mach-O parsing library
- [31星][1m] [Rust] flier/rust-macho Mach-O File Format Parser for Rust
- [20星][3y] [Py] njsmith/machomachomangler Tools for mangling Mach-O and PE binaries
- [20星][11m] [C] geosn0w/machdump A very basic C Mach-O Header Dump tool written for practicing purposes. Works With x86 and x86_64 binaries
- [17星][4m] [JS] indutny/macho Mach-O parser for node.js
- [11星][7y] [C] gdbinit/calcspace Small util to calculate available free space in mach-o binaries for code injection
- [10星][4y] [OCaml] m4b/bin2json Converts ELF, mach-o, or PE binaries to a JSON representation
- 2017.11 [pnfsoftware] Having Fun with Obfuscated Mach-O Files
- 2017.03 [lse] Playing with Mach-O binaries and dyld
- 2017.03 [lse] Playing with Mach-O binaries and dyld
- 2017.02 [venus] Mach-O 脱壳技巧一则
- 2016.05 [turingh] nlist-Mach-O文件重定向信息数据结构分析
- 2016.05 [pediy] [原创]初探Mach-O学习小记(附源码)
- 2016.03 [turingh] OSX内核加载mach-o流程分析
- 2016.03 [pediy] [原创]Mach-O动态连接的简单分析(延时绑定)
- 2016.03 [turingh] Mach-O的动态链接相关知识
- 2016.03 [pediy] [原创]Mach-O格式分析
- 2016.03 [turingh] mach-o格式分析
- 2016.03 [pediy] [原创]dyld加载mach-o文件分析
- 2016.03 [turingh] dyld中mach-o文件加载的简单分析
- 2014.09 [pediy] [原创]mach-o文件格式学习记录
- 2014.09 [cerbero] Stripping symbols from a Mach-O
- 2014.08 [secureallthethings] Patching the Mach-o Format the Simple and Easy Way
- 2013.06 [cerbero] Mach-O support (including Universal Binaries and Apple Code Signatures)
- 2013.05 [volatility] MoVP II - 1.1 - Mach-O Address Space
- 2013.03 [reverse] OS.X/Boubou – Mach-O infector PoC source code
- 2012.02 [reverse] A little more fun with Mach-O headers: adding and spoofing a constructor
- 2012.02 [reverse] Anti-disassembly & obfuscation #1: Apple doesn’t follow their own Mach-O specifications?
- 2011.11 [thireus] execve("/bin//sh", ["/bin//sh"], NULL) - MacOS mach-o-x86-64
- 2010.01 [reverse] A new util to process Mach-O binaries information (or a replacement to otool -l)
- 2009.03 [reverse] Mach-O binary offset calculator
- [5451星][3m] [Py] axi0mx/ipwndfu open-source jailbreaking tool for many iOS devices
- [5390星][6m] [C] pwn20wndstuff/undecimus unc0ver jailbreak for iOS 11.0 - 12.4
- [4248星][8m] [ObjC] alonemonkey/monkeydev CaptainHook Tweak、Logos Tweak and Command-line Tool、Patch iOS Apps, Without Jailbreak.
- [3221星][5m] [ObjC] naituw/ipapatch Patch iOS Apps, The Easy Way, Without Jailbreak.
- [2016星][3y] [Swift] urinx/iosapphook 专注于非越狱环境下iOS应用逆向研究,从dylib注入,应用重签名到App Hook
- [1800星][3y] [ObjC] kpwn/yalu102 incomplete iOS 10.2 jailbreak for 64 bit devices by qwertyoruiopz and marcograssi
- [1193星][15d] [JS] alonemonkey/frida-ios-dump pull decrypted ipa from jailbreak device
- 重复区段: DBI->Frida->工具->新添加的 |
- [642星][2y] [C] coolstar/electra iOS 11.0 - 11.1.2 越狱工具包, 基于 async_awake
- [482星][2y] [Objective-C++] bishopfox/bfinject Dylib injection for iOS 11.0 - 11.1.2 with LiberiOS and Electra jailbreaks
- [430星][2y] [ObjC] jackrex/fakewechatloc 手把手教你制作一款iOS越狱App
- [415星][2y] zhengmin1989/greatiosjailbreakmaterial Great iOS Jailbreak Material! - I read hundreds of papers and PPTs. Only list the most useful materials here!
- [404星][1y] [C] coalfire-research/ios-11.1.2-15b202-jailbreak iOS 11.1.2 (15B202) Jailbreak
- [386星][3y] [ObjC] kpwn/yalu incomplete ios 8.4.1 jailbreak by Kim Jong Cracks (8.4.1 codesign & sandbox bypass w/ LPE to root & untether)
- [384星][2y] [Assembly] sgayou/kindle-5.6.5-jailbreak Kindle 5.6.5 exploitation tools.
- [379星][2y] [ObjC] codermjlee/mjapptools 【越狱-逆向】处理iOS APP信息的命令行工具
- [375星][6y] [C] heardrwt/revealloader Reveal Loader dynamically loads libReveal.dylib (Reveal.app support) into iOS apps on jailbroken devices.
- [365星][9y] [C] psgroove/psgroove an open-source reimplementation of the psjailbreak exploit for AT90USB and related microcontrollers.
- [291星][4y] [Perl] bishopfox/theos-jailed A version of Theos/CydiaSubstrate for non-jailbroken iOS devices
- [287星][7m] [Shell] 0ki/mikrotik-tools Tools for Mikrotik devices - universal jailbreak tool
- [273星][2y] [C] bishopfox/bfdecrypt Utility to decrypt App Store apps on jailbroken iOS 11.x
- [240星][2y] [ObjC] sticktron/g0blin a work-in-progress jailbreak for iOS 10.3.x (A7-A9)
- [237星][11m] [C] geosn0w/osirisjailbreak12 iOS 12.0 -> 12.1.2 Incomplete Osiris Jailbreak with CVE-2019-6225 by GeoSn0w (FCE365)
- [200星][1y] [ObjC] sunweiliang/neteasemusiccrack iOS网易云音乐 免VIP下载、去广告、去更新 无需越狱...
- [199星][2y] [ObjC] tihmstar/doubleh3lix Jailbreak for iOS 10.x 64bit devices without KTRR
- [193星][4y] [C++] isecpartners/jailbreak Jailbreak
- [157星][9y] [C] comex/star the code behind the second incarnation of jailbreakme.com
- [146星][1y] [ObjC] tihmstar/jelbrektime An developer jailbreak for Apple watch S3 watchOS 4.1
- [145星][1y] [Shell] kirovair/delectra An uninstaller script for Coolstars' Electra iOS 11.0 - 11.1.2 jailbreak.
- [145星][1y] [ObjC] psychotea/meridianjb An iOS 10.x Jailbreak for all 64-bit devices.
- [144星][1y] [C] geosn0w/osiris-jailbreak An incomplete iOS 11.2 -> iOS 11.3.1 Jailbreak
- [144星][3y] [ObjC] project-imas/security-check Application level, attached debug detect and jailbreak checking
- [128星][5y] [C] stefanesser/opensource_taig Lets create an open source version of the latest TaiG jailbreak.
- [111星][2y] [C] openjailbreak/evasi0n6 Evasi0n6 Jailbreak by Evad3rs for iOS 6.0-6.1.2
- [110星][2y] [ObjC] rozbo/ios-pubgm-hack iOS吃鸡辅助
- [109星][10m] [ObjC] devapple/yalu103 incomplete iOS 10.3Betas jailbreak for 64 bit devices by qwertyoruiopz, marcograssi, and devapple (personal use)
- [108星][10d] [HTML] cj123/canijailbreak.com a website which tells you whether you can jailbreak your iOS device.
- [100星][2y] [Objective-C++] electrajailbreak/cydia Cydia modified for iOS 11/Electra
- [99星][2y] [ObjC] geosn0w/yalu-jailbreak-ios-10.2 My own fork of (Beta) Yalu Jailbreak for iOS 10.0 to 10.2 by
- [96星][3y] [Py] chaitin/pro A crappy tool used in our private PS4 jailbreak
- [93星][7y] [C] planetbeing/ios-jailbreak-patchfinder Analyzes a binary iOS kernel to determine function offsets and where to apply the canonical jailbreak patches.
- [89星][3y] [ObjC] jamie72/ipapatch Patch iOS Apps, The Easy Way, Without Jailbreak.
- [89星][3y] [Logos] thomasfinch/priorityhub Sorted notifications jailbreak tweak
- [83星][6m] [ObjC] smilezxlee/zxhookdetection 【iOS应用安全】hook及越狱的基本防护与检测(动态库注入检测、hook检测与防护、越狱检测、签名校验)
- [80星][2y] [C] axi0mx/ios-kexec-utils boot LLB/iBoot/iBSS/iBEC image from a jailbroken iOS kernel
- [77星][1y] [JS] mtjailed/jailbreakme A webbased jailbreak solution unifying existing jailbreak me solutions and new ones.
- [72星][2y] [ObjC] sunweiliang/baiduyuncrack iOS百度云盘 破解速度限制、去广告、去更新 无需越狱~
- [65星][3y] [ObjC] zhengmin1989/yalu102 incomplete iOS 10.2 jailbreak for 64 bit devices by qwertyoruiopz and marcograssi
- [62星][2y] [ObjC] rickhe/rhwechat iOS 无需越狱逆向微信:自动抢红包
- [58星][2y] [C++] openjailbreak/jailbreakme-1.0 The first publicly available userland jailbreak for iPhoneOS 1.0.2/1.1.1 by cmw and dre
- [55星][1y] [JS] userlandkernel/jailbreakme-unified Framework for iOS browser exploitation to kernel privileges and rootfs remount
- [53星][5m] [Py] n0fate/ichainbreaker Breaking the iCloud Keychain Artifacts
- [52星][2y] [Shell] alephsecurity/initroot Motorola Untethered Jailbreak: Exploiting CVE-2016-10277 for Secure Boot and Device Locking bypass
- [51星][1y] [C] pwn20wndstuff/osiris Osiris developer jailbreak for iOS 11.0 - 11.4b3
- [50星][9m] [Swift] joncardasis/to-the-apples-core A collection of non-jailbroken code snippets on reverse-engineered iOS private apis
- [49星][2y] [JS] idan5x/switcheroo Exploiting CVE-2016-4657 to JailBreak the Nintendo Switch
- [47星][7m] [Py] ivrodriguezca/decrypt-ios-apps-script Python script to SSH into your jailbroken device, decrypt an iOS App and transfer it to your local machine
- [45星][2y] [C] geosn0w/ios-10.1.1-project-0-exploit-fork iOS 10.1.1 Project 0 Exploit Compatible with All arm64 devices for Jailbreak Development
- [41星][3y] kd1991/oxul103-jailbreak A NEW 64-bit JAILBREAK FOR iOS 10.3,10.3.1,10.3.2,10.3.x. (Untethered).
- [40星][1y] [C] in7egral/taig8-ios-jailbreak-patchfinder Analyzes a binary iOS kernel to determine function offsets and where to apply the canonical jailbreak patches.
- [37星][6m] [C] geosn0w/geofilza Filza No Jailbreak
- [35星][4y] [ObjC] billy-ellis/ios-file-explorer No-jailbreak file explorer application for iOS
- [34星][2y] [C] mtjailed/purplesmoke A work-in-progress repository for breaking the security of iOS 11.2 up to 11.2.6
- [33星][2y] [ObjC] mtjailed/privateapimanager A project providing usefull classes for reverse engineering iOS Private APIs on-device
- [32星][2y] applebetas/mterminal-jailed An iOS 11 compatible fork of MTerminal using Ian Beer's tfp0 exploit
- [32星][2y] [ObjC] lycajb/lycajb LycaJB is a project that aims to fill the gap in iOS 11.0 - 11.3.1 jailbreaks. While this jailbreak is specifically aimed at developers it could be turned into a public stable jailbreak which includes Cydia. Right now we had to make the hard decision to remove Cydia from LycaJB as it caused our test devices to bootloop. We are working hard to ma…
- [32星][2y] [ObjC] mikaelbo/proxyswitcher Easily enable / disable WiFi proxy on a jailbroken iOS device
- [29星][2y] [C] jndok/of32 A simple tool to find offsets needed in 32bit jailbreaks. Feel free to contribute.
- [25星][8m] [Logos] ruler225/jailbreaktweaks All of my open source jailbreak tweaks for iOS
- [23星][2y] [C] openjailbreak/absinthe Absinthe Jailbreak. Most recent version I've maintained. Help split this up into reusable modules for future userland jailbreaks. This is archived for future generations
- [22星][9m] [Logos] leavez/runmario iOS jailbreak tweak that allow playing SuperMarioRun on jailbreak device
- [20星][4y] [C] jonathanseals/ios-kexec-utils I'm taking a break, I swear
- [20星][11m] m4cs/ios-tweak-dev-tools A collection of useful development tools and forks of tools that are geared towards iOS jailbreak developers.
- [18星][1y] [C++] jakeajames/kernelsymbolfinder Get kernel symbols on device. No jailbreak required (note: unslid addresses)
- [17星][2y] [Roff] mtjailed/mtjailed-native A terminal emulator with remote shell for non-jailbroken iOS devices
- [17星][1y] [C] xerub/ios-kexec-utils I'm taking a break, I swear
- [16星][4y] [C#] firecore/seas0npass-windows Windows version of the jailbreak tool for Apple TV 2G
- [15星][2y] [C] jailbreaks/empty_list empty_list - exploit for p0 issue 1564 (CVE-2018-4243) iOS 11.0 - 11.3.1 kernel r/w
- [14星][10m] [SourcePawn] headline/gangs Gangs for Jailbreak Servers Running SourceMod
- [11星][8y] i0n1c/corona-a5-exploit The Corona A5 exploit used in the Absinthe jailbreak.
- [11星][3y] [ObjC] openjailbreak/yalu102 incomplete iOS 10.2 jailbreak for 64 bit devices by qwertyoruiopz and marcograssi
- [10星][2y] [Swift] 6ilent/electralyzed_ios Install Jailbreak tweaks without the hassle (iOS Version, Electra [iOS 11 - 11.1.2] Jailbreak Toolkit)
- [10星][2y] [ObjC] elegantliar/wechathook iOS非越狱 逆向微信实现防撤回, 修改步数
- [9星][2y] [TeX] abhinashjain/jailbreakdetection iOS Jailbreak detection analysis - Comparison of jailed and jailbroken iOS devices
- [9星][4y] [Py] b0n0n/ms-fitnessband-jailbreak simple scripts to parse and patch Microsoft fitness band firmware update file
- [9星][2y] proappleos/upgrade-from-any-jailbroken-device-to-ios-11.1.2-with-blobs How to Upgrade any Jailbroken Device to iOS 11.1.2 with Blobs
- [8星][3y] [ObjC] imokhles/boptionloader side load BOptionsPro for BBM to improve BBM app on iOS device ( first BBM tweak ever for non jailbroken devices )
- [6星][11m] [C] cryptiiiic/skybreak 8.4.1 Jailbreak using CVE-2016-4655 / CVE-2016-4656
- [4星][4y] luowenw/xiaohedoublepinyindict Files that can be useful for XiaoHe double pinyin solution on non jailbreak IOS devices.
- [4星][3y] [ObjC] kd1991/ipapatch Patch iOS Apps, The Easy Way, Without Jailbreak.
- [3星][2y] [Logos] artikushg/switcherxi The iOS 11 appswitcher for iOS 10 jailbreak.
- [3星][5y] [ObjC] martianz/shadowsocks-ios shadowsocks client for OSX and non-jailbroken iPhone and iPad
- [3星][3y] [ObjC] openjailbreak/yalu incomplete ios 8.4.1 jailbreak by Kim Jong Cracks (8.4.1 codesign & sandbox bypass w/ LPE to root & untether)
- [2星][7y] felipefmmobile/ios-plist-encryptor IOS *.plist encryptor project. Protect your *.plist files from jailbroken
- [2星][2y] [Ruby] mtjailed/msf-webkit-10.3 A metasploit module for webkit exploits and PoC's targeting devices running iOS 10+
- [1星][4y] [Shell] app174/xcodeghost-clean Check and clean app contains XCodeGhost on your jailbreaked iDevice.
- [0星][3y] ziki69/ios10jailbreak iOS 10.1.1 jailbreak w/ support of iPhone 5s
- 2019.10 [talosintelligence] Checkrain fake iOS jailbreak leads to click fraud
- 2019.08 [elcomsoft] Why iOS 12.4 Jailbreak Is a Big Deal for the Law Enforcement
- 2019.05 [elcomsoft] Step by Step Guide to iOS Jailbreaking and Physical Acquisition
- 2019.02 [securityinnovation] iOS 12 Jailbreak
- 2019.02 [elcomsoft] iOS 12 Rootless Jailbreak
- 2019.01 [] IPC Voucher UaF Remote Jailbreak Stage 2
- 2019.01 [] IPC Voucher UaF Remote Jailbreak Stage 2 (EN)
- 2018.07 [elcomsoft] Using iOS 11.2-11.3.1 Electra Jailbreak for iPhone Physical Acquisition
- 2017.12 [venus] GreatiOSJailbreakMaterial - Only List the Most Useful Materials Here!
- 2015.10 [welivesecurity] New YiSpecter malware attacks iOS devices without jailbreak
- 2011.07 [sans] Jailbreakme Takes Advantage of 0-day PDF Vuln in Apple iOS Devices
- 2010.09 [securelist] iPhone Jailbreaking, Greenpois0n and SHAtter Trojans
- 2010.08 [trendmicro] The Security Implications of iOS Jailbreaking
- 2010.08 [trendmicro] Online iPhone Jailbreak Uses iOS Vulnerabilities
- [8031星][3m] [Py] facebook/chisel Chisel is a collection of LLDB commands to assist debugging iOS apps.
- [784星][3m] [C++] nodejs/llnode An lldb plugin for Node.js and V8, which enables inspection of JavaScript states for insights into Node.js processes and their core dumps.
- [636星][2m] [C++] apple/swift-lldb This is the version of LLDB that supports the Swift programming language & REPL.
- [492星][28d] [Rust] vadimcn/vscode-lldb A native debugger extension for VSCode based on LLDB
- [388星][2m] [C++] llvm-mirror/lldb Mirror of official lldb git repository located at
- [242星][5y] [C++] meeloo/xspray A front end for lldb on OS X for Mac and iOS targets, with a twist
- [198星][2y] proteas/native-lldb-for-ios native LLDB(v3.8) for iOS
- [25星][3y] [Py] bnagy/francis LLDB engine based tool to instrument OSX apps and triage crashes
- [20星][3y] [Py] critiqjo/lldb.nvim This repository was moved to
- [16星][2m] [Py] malor/cpython-lldb LLDB script for debugging of CPython processes
- [12星][3y] [C++] indutny/llnode Node.js C++ lldb plugin
- 2019.11 [4hou] 一款实用的macOS内核调试工具——LLDBagility
- 2019.11 [reverse] How to make LLDB a real debugger
- 2019.08 [trendmicro] LLDBFuzzer: Debugging and Fuzzing the Apple Kernel with LLDB Script
- 2019.06 [quarkslab] LLDBagility: practical macOS kernel debugging
- 2018.05 [freebuf] 如何在Electra越狱的设备上使用LLDB调试应用程序
- 2018.01 [reverse] lldbinit - Improving LLDB
- 2017.10 [venus] Native LLDB(v3.8) for iOS
- 2017.10 [pediy] [原创]4s的9.3.5尝试Proteas大神的Native lldb
- 2017.07 [pediy] [[分享]]编译mac下的lldb](https://bbs.pediy.com/thread-219717.htm)
- 2016.09 [pediy] [原创]lldb使用方法(学习笔记)
- 2015.01 [pediy] [原创]修正lldb-310及以后版本的Thumb反汇编问题
- 2014.08 [3xp10it] lldb命令
- 2014.08 [3xp10it] lldb命令
- 2014.05 [pediy] [原创]gikdbg v1.1携手lldb震撼来袭,求内测伙伴!
- 2013.03 [it] iTunes debugging disabling ptrace with LLDB
- 2005.08 [pediy] [原创]借第一篇破文吹一下olldbg
- 2004.06 [pediy] 用olldbg破解,分析ocx控件
- [6203星][3m] [ObjC] johnno1962/injectionforxcode Runtime Code Injection for Objective-C & Swift
- [2057星][19d] [ObjC] ios-control/ios-deploy Install and debug iPhone apps from the command line, without using Xcode
- [1606星][2m] [Swift] indragiek/inappviewdebugger A UIView debugger (like Reveal or Xcode) that can be embedded in an app for on-device view debugging
- [1409星][1m] [Swift] johnno1962/injectioniii Re-write of Injection for Xcode in (mostly) Swift4
- [572星][1m] [ObjC] hdb-li/lldebugtool LLDebugTool is a debugging tool for developers and testers that can help you analyze and manipulate data in non-xcode situations.
- [497星][7y] [C] ghughes/fruitstrap Install and debug iPhone apps from the command line, without using Xcode
- [384星][3m] [JS] johnno1962/xprobeplugin Live Memory Browser for Apps & Xcode
- [179星][4y] [ObjC] x43x61x69/otx The Mach-O disassembler. Now 64bit and Xcode 6 compatible.
- [135星][1y] [Swift] danleechina/mixplaintext 可对 Xcode 项目工程所有的 objective-c 文件内包含的明文进行加密混淆,提高逆向分析难度。
- [135星][1y] [Shell] onmyway133/swiftsnippets A collection of Swift snippets to be used in Xcode
- [48星][2y] [C++] tonyzesto/pubgprivxcode85 Player ESP 3D Box ESP Nametag ESP Lightweight Code Secure Injection Dedicated Cheat Launcher Secured Against Battleye Chicken Dinner Every Day. Win more matches than ever before with CheatAutomation’s Playerunknown’s Battlegrounds cheat! Our stripped down, ESP only cheat gives you the key features you need to take out your opponents and be eatin…
- [45星][7m] [Swift] git-kevinchuang/potatso-swift5 Potatso compiled with swift5 xcode 10.2.1 mojave 10.14.5
- [44星][3y] [Shell] vtky/resign XCode Project to resign .ipa files
- [28星][1m] [Swift] hdb-li/lldebugtoolswift LLDebugTool is a debugging tool for developers and testers that can help you analyze and manipulate data in non-xcode situations.
- [28星][2y] [Swift] jeanshuang/potatso 适配Xcode9.3 iOS11.3 Swift3.3编译通过。 (unmaintained) Potatso is an iOS client that implements Shadowsocks proxy with the leverage of NetworkExtension framework in iOS 9.
- [24星][12m] [Swift] shoheiyokoyama/lldb-debugging The LLDB Debugging in C, Swift, Objective-C, Python and Xcode
- [17星][2y] maxfong/obfuscatorxcplugin 逻辑混淆XCode插件
- [1星][2y] [Swift] wdg/webshell-builder A WebShell application builder (no use of Xcode)
- 2019.07 [pewpewthespells] Using Xcode Targets
- 2019.07 [pewpewthespells] Xcode Build Locations
- 2019.07 [pewpewthespells] Migrating Code Signing Configurations to Xcode 8
- 2019.06 [pewpewthespells] Xcode SDKs
- 2019.04 [pewpewthespells] Xcode Build Settings Reference
- 2019.03 [pewpewthespells] Xcode DerivedData Hashes
- 2019.02 [pewpewthespells] The Xcode Build System
- 2019.02 [pewpewthespells] Managing Xcode
- 2019.02 [hakin9] Building an iOS App Without Xcode’s Build System by Vojta Stavik
- 2018.11 [CodeColorist] Xcode Instruments for iOS: reversing and abuse
- 2018.06 [applehelpwriter] Xcode 10: where did snippets go?
- 2018.05 [freecodecamp] How to convert your Xcode plugins to Xcode extensions
- 2017.07 [pediy] [原创] iOSOpenDev修改版MonkeyDev,最新theos和Xcode 9测试通过!
- 2017.06 [alonemonkey] 0x01 Xcode调试一个LLVM Pass
- 2017.03 [360] XcodeGhost或重出江湖,Google Play大量APP被植入恶意代码
- 2016.05 [rachelbythebay] Go upgrade Xcode. Fix your git security hole.
- 2015.12 [metricpanda] Compiling NASM Assembly with Xcode in a C/C++ Project
- 2015.12 [360] Xcode 7 Bitcode的工作流程及安全性评估
- 2015.12 [freebuf] Xcode 7 Bitcode的工作流程及安全性评估
- 2015.11 [freebuf] XcodeGhost S:变种带来的又一波影响
- 2015.10 [freebuf] 比XcodeGhost更邪恶的手段30年前就出现了
- 2015.10 [topsec] xcodeghost事件观察
- 2015.10 [topsec] xcodeghost事件观察
- 2015.10 [alienvault] XCodeGhost - pervasive hack of Apple’s Xcode developer toolkit
- 2015.10 [verisign] Verisign iDefense Analysis of XcodeGhost
- 2015.10 [duo] XcodeGhost: Resources for Developer and User Security
- 2015.09 [kaspersky] Security Week 39: XcodeGhost, the leak of D-Link certificates, $1M for bugs in iOS9
- 2015.09 [elearnsecurity] Apple App Store Compromised by XcodeGhost Vulnerability
- 2015.09 [] 青岛警方破获Xcode病毒案,技术手段似美情部门
- 2015.09 [freebuf] 苹果官方发布受XcodeGhost影响最大的25个App
- 2015.09 [sec] 对几家专业安全公司xcodeGhost插入恶意代码事件的分析报告解读
- 2015.09 [freebuf] XcodeGhost机读威胁情报IOC
- 2015.09 [nsfocus] XcodeGhost危害国内苹果应用市场
- 2015.09 [mcafee] XcodeGhost Pulled from App Store After a Good Scare: What to Know
- 2015.09 [trustlook] "Reflections on Trusting Trust" – Some Thoughts on the XcodeGhost Incident
- 2015.09 [skycure] How to Protect Against XcodeGhost iOS Malware?
- 2015.09 [lookout] Good news: Lookout can protect you from XcodeGhost
- 2015.09 [360] 你以为服务器关了这事就结束了? - XcodeGhost截胡攻击和服务端的复现,以及UnityGhost预警
- 2015.09 [paloaltonetworks] More Details on the XcodeGhost Malware and Affected
- 2015.09 [checkpoint] XCodeGhost: The First Wide-Scale Attack on iOS Apps Arrives | Check Point Software Blog
- 2015.09 [trendmicro] The XcodeGhost Plague – How Did It Happen?
- 2015.09 [lookout] Updated: XcodeGhost iOS malware: The list of affected apps and what you should do
- 2015.09 [malwarebytes] XcodeGhost malware infiltrates App Store
- 2015.09 [sans] Detecting XCodeGhost Activity
- 2015.09 [pediy] [原创]XCodeGhost详细技术分析[XCodeGhost内幕暴料]
- 2015.09 [antiy] Xcode非官方版本恶意代码污染事件(XcodeGhost)的分析与综述
- 2015.09 [sec] XcodeGhost国人作者致歉,中情局笑了
- 2015.09 [360] 涅槃团队:Xcode幽灵病毒存在恶意下发木马行为
- 2015.09 [tencent] 你以为这就是全部了?我们来告诉你完整的XCodeGhost事件
- [11025星][2y] [ObjC] bang590/jspatch JSPatch bridge Objective-C and Javascript using the Objective-C runtime. You can call any Objective-C class and method in JavaScript by just including a small engine. JSPatch is generally used to hotfix iOS App.
- [10966星][10d] [ObjC] flipboard/flex An in-app debugging and exploration tool for iOS
- [5775星][4m] [ObjC] square/ponydebugger Remote network and data debugging for your native iOS app using Chrome Developer Tools
- [4663星][1m] [C] google/ios-webkit-debug-proxy A DevTools proxy (Chrome Remote Debugging Protocol) for iOS devices (Safari Remote Web Inspector).
- [4397星][12d] [Swift] signalapp/signal-ios A private messenger for iOS.
- [3686星][4m] [C] facebook/fishhook A library that enables dynamically rebinding symbols in Mach-O binaries running on iOS.
- [3414星][2m] icodesign/potatso Potatso is an iOS client that implements different proxies with the leverage of NetworkExtension framework in iOS 10+.
- [3327星][3m] [Swift] yagiz/bagel a little native network debugging tool for iOS
- [3071星][10m] [JS] jipegit/osxauditor OS X Auditor is a free Mac OS X computer forensics tool
- [2867星][12d] [ObjC] facebook/idb idb is a flexible command line interface for automating iOS simulators and devices
- [2795星][24d] [Swift] kasketis/netfox A lightweight, one line setup, iOS / OSX network debugging library!
- [2753星][1m] [Makefile] theos/theos A cross-platform suite of tools for building and deploying software for iOS and other platforms.
- [2733星][26d] [ObjC] dantheman827/ios-app-signer This is an app for OS X that can (re)sign apps and bundle them into ipa files that are ready to be installed on an iOS device.
- [2708星][2m] [ObjC] kjcracks/clutch Fast iOS executable dumper
- [2345星][6y] [C] stefanesser/dumpdecrypted Dumps decrypted mach-o files from encrypted iPhone applications from memory to disk. This tool is necessary for security researchers to be able to look under the hood of encryption.
- [1801星][1y] aozhimin/ios-monitor-platform
- [1774星][3y] [ObjC] tapwork/heapinspector-for-ios Find memory issues & leaks in your iOS app without instruments
- [1695星][6m] [Py] yelp/osxcollector A forensic evidence collection & analysis toolkit for OS X
- [1683星][2m] [Swift] pmusolino/wormholy iOS network debugging, like a wizard 🧙♂️
- [1642星][7m] [Objective-C++] tencent/oomdetector OOMDetector is a memory monitoring component for iOS which provides you with OOM monitoring, memory allocation monitoring, memory leak detection and other functions.
- [1630星][1m] ivrodriguezca/re-ios-apps A completely free, open source and online course about Reverse Engineering iOS Applications.
- [1444星][5y] [C++] gdbinit/machoview MachOView fork
- [1442星][28d] [ObjC] nabla-c0d3/ssl-kill-switch2 Blackbox tool to disable SSL certificate validation - including certificate pinning - within iOS and OS X Apps
- [1299星][6m] [JS] feross/spoof Easily spoof your MAC address in macOS, Windows, & Linux!
- [1291星][1m] [JS] icymind/vrouter 一个基于 VirtualBox 和 openwrt 构建的项目, 旨在实现 macOS / Windows 平台的透明代理.
- [1253星][2m] [Vue] chaitin/passionfruit iOSapp 黑盒评估工具。功能丰富,自带基于web的 GUI
- [1252星][17d] michalmalik/osx-re-101 OSX/iOS逆向资源收集
- [1240星][2y] [ObjC] krausefx/detect.location An easy way to access the user's iOS location data without actually having access
- [1239星][8d] [C] datatheorem/trustkit Easy SSL pinning validation and reporting for iOS, macOS, tvOS and watchOS.
- [1215星][16d] [YARA] horsicq/detect-it-easy Program for determining types of files for Windows, Linux and MacOS.
- [1199星][6y] gdbinit/gdbinit Gdbinit for OS X, iOS and others - x86, x86_64 and ARM
- [1174星][5y] [Py] hackappcom/ibrute AppleID bruteforce p0c
- [1113星][1y] [ObjC] neoneggplant/eggshell iOS/macOS/Linux Remote Administration Tool
- [1026星][2y] [ObjC] zhengmin1989/ios_ice_and_fire iOS冰与火之歌
- [1001星][2m] [ObjC] lmirosevic/gbdeviceinfo Detects the hardware, software and display of the current iOS or Mac OS X device at runtime.
- [985星][1y] [Py] fsecurelabs/needle The iOS Security Testing Framework
- [975星][3y] [Py] synack/knockknock displays persistent items (scripts, commands, binaries, etc.), that are set to execute automatically on OS X
- [936星][3y] [C] tyilo/insert_dylib Command line utility for inserting a dylib load command into a Mach-O binary
- [907星][4m] [ObjC] ptoomey3/keychain-dumper A tool to check which keychain items are available to an attacker once an iOS device has been jailbroken
- [866星][16d] [ObjC] meitu/mthawkeye Profiling / Debugging assist tools for iOS. (Memory Leak, OOM, ANR, Hard Stalling, Network, OpenGL, Time Profile ...)
- [857星][3y] [Py] hubert3/isniff-gps Passive sniffing tool for capturing and visualising WiFi location data disclosed by iOS devices
- [847星][2y] [Shell] kpwn/iosre iOS Reverse Engineering
- [840星][9d] [JS] cypress-io/cypress-example-recipes Various recipes for testing common scenarios with Cypress
- [812星][5y] [ObjC] isecpartners/ios-ssl-kill-switch Blackbox tool to disable SSL certificate validation - including certificate pinning - within iOS Apps
- [807星][2y] [Ruby] dmayer/idb iOS 渗透和研究过程中简化一些常见的任务
- [796星][13d] [Shell] aqzt/kjyw 快捷运维,代号kjyw,项目基于shell、python,运维脚本工具库,收集各类运维常用工具脚本,实现快速安装nginx、mysql、php、redis、nagios、运维经常使用的脚本等等...
- [782星][3y] [Go] summitroute/osxlockdown [No longer maintained] Apple OS X tool to audit for, and remediate, security configuration settings.
- [745星][5y] [ObjC] kjcracks/yololib dylib injector for mach-o binaries
- [662星][1y] [Py] deepzec/bad-pdf create malicious PDF file to steal NTLM(NTLMv1/NTLMv2) Hashes from windows machines
- [653星][3y] [C] rentzsch/mach_inject interprocess code injection for Mac OS X
- [651星][9m] [ObjC] chenxiancai/stcobfuscator iOS全局自动化 代码混淆 工具!支持cocoapod组件代码一并 混淆,完美避开hardcode方法、静态库方法和系统库方法!
- [649星][3y] [ObjC] isecpartners/introspy-ios Security profiling for blackbox iOS
- [636星][1y] [Swift] phynet/ios-url-schemes a github solution from my gist of iOS list for urls schemes
- [621星][5y] [PHP] pr0x13/idict iCloud Apple iD BruteForcer
- [616星][3y] [ObjC] macmade/keychaincracker macOS keychain cracking tool
- [604星][2m] siguza/ios-resources Useful resources for iOS hacking
- [583星][3y] [C++] tobefuturer/app2dylib A reverse engineering tool to convert iOS app to dylib
- [558星][3y] advanced-threat-research/firmware-security-training 固件安全教程:从攻击者和防卫者的角度看BIOS / UEFI系统固件的安全
- [530星][3y] [ObjC] herzmut/shadowsocks-ios Fork of shadowsocks/shadowsocks-iOS
- [526星][4y] [Py] hackappcom/iloot OpenSource tool for iCloud backup extraction
- [522星][2y] [Shell] seemoo-lab/mobisys2018_nexmon_software_defined_radio 将Broadcom的802.11ac Wi-Fi芯片变成软件定义的无线电,可在Wi-Fi频段传输任意信号
- [517星][3y] [ObjC] pjebs/obfuscator-ios Secure your app by obfuscating all the hard-coded security-sensitive strings.
- [517星][5y] [Py] project-imas/mdm-server Sample iOS MDM server
- [500星][27d] [Swift] google/science-journal-ios Use the sensors in your mobile devices to perform science experiments. Science doesn’t just happen in the classroom or lab—tools like Science Journal let you see how the world works with just your phone.
- [482星][1y] [Swift] icepa/icepa iOS system-wide VPN based Tor client
- [478星][15d] pixelcyber/thor HTTP Sniffer/Capture on iOS for Network Debug & Inspect.
- [471星][8m] [C++] everettjf/machoexplorer MachO文件查看器,支持Windows和macOS
- [462星][15d] [Java] dsheirer/sdrtrunk A cross-platform java application for decoding, monitoring, recording and streaming trunked mobile and related radio protocols using Software Defined Radios (SDR). Website:
- [432星][7y] [C] juuso/keychaindump A proof-of-concept tool for reading OS X keychain passwords
- [430星][11m] captainarash/the_holy_book_of_x86 A simple guide to x86 architecture, assembly, memory management, paging, segmentation, SMM, BIOS....
- [419星][4y] [ObjC] asido/systemmonitor iOS application providing you all information about your device - hardware, operating system, processor, memory, GPU, network interface, storage and battery, including OpenGL powered visual representation in real time.
- [406星][5y] [ObjC] mp0w/ios-headers iOS 5.0/5.1/6.0/6.1/7.0/7.1/8.0/8.1 Headers of All Frameworks (private and not) + SpringBoard
- [396星][4m] ansjdnakjdnajkd/ios iOS渗透测试最有用的工具
- [393星][2y] r0ysue/osg-translationteam 看雪iOS安全小组的翻译团队作品集合,如有勘误,欢迎斧正!
- [382星][11m] [C] coolstar/electra1131 electra1131: Electra for iOS 11.0 - 11.3.1
- [375星][2y] [C++] alonemonkey/iosrebook 《iOS应用逆向与安全》随书源码
- [375星][29d] [Swift] justeat/justlog JustLog brings logging on iOS to the next level. It supports console, file and remote Logstash logging via TCP socket with no effort. Support for logz.io available.
- [374星][2y] [C++] breenmachine/rottenpotatong New version of RottenPotato as a C++ DLL and standalone C++ binary - no need for meterpreter or other tools.
- [371星][18d] [Shell] matthewpierson/1033-ota-downgrader First ever tool to downgrade ANY iPhone 5s, ANY iPad Air and (almost any) iPad Mini 2 to 10.3.3 with OTA blobs + checkm8!
- [349星][19d] [C] jedisct1/swift-sodium Safe and easy to use crypto for iOS and macOS
- [346星][4m] [TS] bacher09/pwgen-for-bios Password generator for BIOS
- [340星][3m] [C] trailofbits/cb-multios DARPA Challenges Sets for Linux, Windows, and macOS
- [332星][3y] [Logos] bishopfox/ispy A reverse engineering framework for iOS
- [322星][2m] [ObjC] auth0/simplekeychain A Keychain helper for iOS to make it very simple to store/obtain values from iOS Keychain
- [310星][28d] [Swift] securing/iossecuritysuite iOS platform security & anti-tampering Swift library
- [298星][2y] krausefx/steal.password Easily get the user's Apple ID password, just by asking
- [292星][8y] [ObjC] nst/spyphone This project shows the kind of data a rogue iPhone application can collect.
- [287星][1y] [Py] manwhoami/mmetokendecrypt Decrypts and extracts iCloud and MMe authorization tokens on Apple macOS / OS X. No user authentication needed. 🏅🌩
- [283星][2y] [Swift] krausefx/watch.user Every iOS app you ever gave permission to use your camera can record you any time it runs - without notice
- [263星][14d] [ObjC] strongbox-password-safe/strongbox A KeePass/Password Safe Client for iOS and OS X
- [247星][1m] [C++] s0uthwest/futurerestore iOS upgrade and downgrade tool utilizing SHSH blobs
- [244星][7m] [JS] we11cheng/wcshadowrocket iOS Shadowrocket(砸壳重签,仅供参考,添加节点存在问题)。另一个fq项目potatso源码参见:
- [241星][2y] [C] limneos/mobileminer CPU Miner for ARM64 iOS Devices
- [239星][1y] [ObjC] lmirosevic/gbping Highly accurate ICMP Ping controller for iOS
- [238星][4m] [Swift] shadowsocksr-live/ishadowsocksr ShadowsocksR for iOS, come from
- [229星][3y] [Swift] trailofbits/secureenclavecrypto Demonstration library for using the Secure Enclave on iOS
- [223星][12m] [AppleScript] lifepillar/csvkeychain Import/export between Apple Keychain.app and plain CSV file.
- [219星][6m] [ObjC] rickyzhang82/tethering Proxy and DNS Server on iOS
- [213星][8m] [C] owasp/igoat OWASP iGoat - A Learning Tool for iOS App Pentesting and Security by Swaroop Yermalkar
- [211星][13d] [TS] bevry/getmac Get the mac address of the current machine you are on via Node.js
- [210星][2y] [C] cheesecakeufo/saigon iOS 10.2.1 - Discontinued version
- [203星][5m] [Py] googleprojectzero/ios-messaging-tools several tools Project Zero uses to test iPhone messaging
- [200星][6m] [PS] mkellerman/invoke-commandas Invoke Command As System/Interactive/GMSA/User on Local/Remote machine & returns PSObjects.
- [199星][1m] [ObjC] everettjf/yolo Scripts or demo projects on iOS development or reverse engineering
- [198星][27d] [Swift] auth0/lock.swift A Swift & iOS framework to authenticate using Auth0 and with a Native Look & Feel
- [195星][2m] [Logos] creantan/lookinloader Lookin - iOS UI Debugging Tweak LookinLoader,Compatible with iOS 8~13
- [190星][13d] [Py] ydkhatri/mac_apt macOS Artifact Parsing Tool
- [182星][1m] [JS] nowsecure/node-applesign NodeJS module and commandline utility for re-signing iOS applications (IPA files).
- [181星][4y] [ObjC] iosre/hippocamphairsalon A simple universal memory editor (game trainer) on OSX/iOS
- [181星][12m] zekesnider/nintendoswitchrestapi Reverse engineered REST API used in the Nintendo Switch app for iOS. Includes documentation on Splatoon 2's API.
- [180星][4m] [Py] anssi-fr/secuml Machine Learning for Computer Security
- [180星][8m] [Java] yubico/ykneo-openpgp OpenPGP applet for the YubiKey NEO
- [174星][1y] [ObjC] macmade/filevaultcracker macOS FileVault cracking tool
- [172星][23d] [C++] samyk/frisky Instruments to assist in binary application reversing and augmentation, geared towards walled gardens like iOS and macOS
- [171星][2y] [Py] 3gstudent/worse-pdf Turn a normal PDF file into malicious.Use to steal Net-NTLM Hashes from windows machines.
- [171星][10m] [Shell] trustedsec/hardcidr hardCIDR is a Linux Bash script, but also functions under macOS. Your mileage may vary on other distros. The script with no specified options will query ARIN and a pool of BGP route servers. The route server is selected at random at runtime.
- [169星][7m] [C] octomagon/davegrohl A Password Cracker for macOS
- [166星][8m] proteas/unstripped-ios-kernels Unstripped iOS Kernels
- [165星][2y] [C++] google/pawn 从基于 Intel 的工作站和笔记本电脑中提取 BIOS 固件
- [165星][16d] [Swift] ryasnoy/applocker AppLocker - simple lock screen for iOS Application ( Swift 4+, iOS 9.0+) Touch ID / Face ID
- [163星][6y] [C] gdbinit/readmem A small OS X/iOS userland util to dump processes memory
- [163星][9m] [C] tboox/itrace Trace objc method call for ios and mac
- [162星][2y] [C++] encounter/futurerestore (unmaintained) iOS upgrade and downgrade tool utilizing SHSH blobs (unofficial fork supporting iOS 11 and newer devices)
- [159星][2m] smilezxlee/crackediosapps iOS端破解版App集合,包含破解版QQ、破解版抖音、破解版百度网盘、破解版麻花、钉钉打卡助手、破解版墨墨背单词、破解版网易云音乐、破解版芒果TV
- [157星][20d] mac4n6/presentations Presentation Archives for my macOS and iOS Related Research
- [152星][7y] [Py] intrepidusgroup/imdmtools Intrepidus Group's iOS MDM tools
- [147星][3y] [Py] biosbits/bits BIOS Implementation Test Suite
- [145星][2y] [Shell] depoon/iosdylibinjectiondemo Using this Repository to demo how to inject dynamic libraries into cracked ipa files for jailed iOS devices
- [144星][10m] [Py] dlcowen/fseventsparser Parser for OSX/iOS FSEvents Logs
- [144星][4y] [ObjC] etsy/bughunt-ios
- [143星][2y] [C] rodionovd/liblorgnette Interprocess dlsym() for OS X & iOS
- [140星][4m] [Go] greenboxal/dns-heaven 通过/etc/resolv.conf 启用本地 DNS stack 来修复(愚蠢的) macOS DNS stack
- [139星][3y] [Py] google/tcp_killer 关闭 Linux或 MacOS 的 Tcp 端口
- [139星][8m] [C++] macmade/dyld_cache_extract A macOS utility to extract dynamic libraries from the dyld_shared_cache of macOS and iOS.
- [130星][4m] [Py] apperian/ios-checkipa Scans an IPA file and parses its Info.plist and embedded.mobileprovision files. Performs checks of expected key/value relationships and displays the results.
- [129星][4y] [Go] benjojo/dos_ssh Use BIOS ram hacks to make a SSH server out of any INT 10 13h app (MS-DOS is one of those)
- [129星][2m] [Py] stratosphereips/stratospherelinuxips an intrusion prevention system that is based on behavioral detections and machine learning algorithms
- [128星][2y] [Py] unfetter-discover/unfetter-analytic a framework for collecting events (process creation, network connections, Window Event Logs, etc.) from a client machine (Windows 7) and performing CAR analytics to detect potential adversary activity
- [126星][3m] [Py] platomav/biosutilities Various BIOS Utilities for Modding/Research
- [126星][4y] [Py] sektioneins/sandbox_toolkit Toolkit for binary iOS / OS X sandbox profiles
- [125星][16d] [C] projecthorus/radiosonde_auto_rx Automatically Track Radiosonde Launches using RTLSDR
- [125星][3y] [JS] vtky/swizzler2 Swizzler2 - Hacking iOS applications
- [121星][2y] [Swift] lxdcn/nepackettunnelvpndemo iOS VPN client implementation demo based on iOS9 NetworkExtension NETunnelProvider APIs
- [119星][1y] [Py] winheapexplorer/winheap-explorer heap-based bugs detection in x86 machine code for Windows applications.
- [113星][3y] [Objective-C++] yonsm/ipafine iOS IPA package refine and resign
- [111星][5m] [C++] danielcardeenas/audiostego Audio file steganography. Hides files or text inside audio files and retrieve them automatically
- [110星][8m] [C] siguza/imobax iOS Mobile Backup Extractor
- [106星][7y] intrepidusgroup/trustme Disable certificate trust checks on iOS devices.
- [99星][2y] antid0tecom/ios-kerneldocs Various files helping to better understand the iOS / WatchOS / tvOS kernels
- [98星][2y] [Py] google/legilimency A Memory Research Platform for iOS
- [96星][7m] [Swift] depoon/networkinterceptor iOS URLRequest interception framework
- [96星][2y] [Swift] liruqi/mume-ios an iOS client that implements custom proxies with the leverage of Network Extension framework introduced by Apple since iOS 9
- [95星][2y] [ObjC] xslim/mobiledevicemanager Manage iOS devices through iTunes lib
- [93星][1y] [Jupyter Notebook] positivetechnologies/seq2seq-web-attack-detection The implementation of the Seq2Seq model for web attack detection. The Seq2Seq model is usually used in Neural Machine Translation. The main goal of this project is to demonstrate the relevance of the NLP approach for web security.
- [90星][2y] [PS] netbiosx/digital-signature-hijack Binaries, PowerShell scripts and information about Digital Signature Hijacking.
- [90星][5y] [ObjC] project-imas/app-password Custom iOS user authentication mechanism (password with security questions for self reset)
- [85星][4y] [Swift] deniskr/keychainswiftapi This Keychain Swift API library is a wrapper of iOS C Keychain Framework. It allows easily and securely storing sensitive data in secure keychain store.
- [85星][2y] [ObjC] siguza/phoenixnonce 64-bit nonce setter for iOS 9.3.4-9.3.5
- [84星][8m] [Py] aaronst/macholibre Mach-O & Universal Binary Parser
- [83星][10m] [Shell] trailofbits/ios-integrity-validator Integrity validator for iOS devices
- [79星][1y] [Swift] aidevjoe/sandboxbrowser A simple iOS sandbox file browser, you can share files through AirDrop
- [79星][4y] mi3security/su-a-cyder Home-Brewed iOS Malware PoC Generator (BlackHat ASIA 2016)
- [79星][6y] [C] peterfillmore/removepie removePIE changes the MH_PIE flag of the MACH-O header on iOS applications to disable ASLR on applications
- [78星][1y] [Shell] iaik/ios-analysis Automated Binary Analysis on iOS
- [77星][2y] [ObjC] cocoahuke/ioskextdump Dump Kext information from iOS kernel cache. Applicable to the kernel which dump from memory
- [75星][7m] [Py] tribler/dispersy The elastic database system. A database designed for P2P-like scenarios, where potentially millions of computers send database updates around.
- [74星][29d] [C] certificate-helper/tls-inspector Easily view and inspect X.509 certificates on your iOS device.
- [72星][4m] [C++] macmade/unicorn-bios Basic BIOS emulator for Unicorn Engine.
- [72星][6y] [Py] piccimario/iphone-backup-analyzer-2 iPBA, Qt version
- [72星][3y] [C++] razzile/liberation A runtime patching library for iOS. Major rework on unfinished branch
- [72星][30d] [Py] ehco1996/aioshadowsocks 用 asyncio 重写 shadowsocks ~
- [69星][3m] [C] brandonplank/rootlessjb4 rootlessJB that supports iOS 12.0 - 12.2 & 12.4
- [67星][22d] [Py] guardianfirewall/grandmaster A simplistic python tool that assists in automating iOS firmware decryption.
- [65星][4y] zhengmin1989/ios-10-decrypted-kernel-cache iOS 10 Decrypted Kernel Cache
- [65星][5y] [ObjC] project-imas/memory-security Tools for securely clearing and validating iOS application memory
- [63星][2y] josephlhall/dc25-votingvillage-report A report to synthesize findings from the Defcon 25 Voting Machine Hacking Village
- [62星][8m] [C] luoyanbei/testhookzz iOS逆向:使用HookZz框架hook游戏“我的战争”,进入上帝模式
- [62星][5m] [C++] meitu/mtgldebug An OpenGL debugging tool for iOS.
- [61星][9y] [C] chronic-dev/bootrom-dumper Utility to Dump iPhone Bootrom
- [61星][6m] [PS] texhex/biossledgehammer Automated BIOS, ME, TPM firmware update and BIOS settings for HP devices
- [61星][11m] [ObjC] tihmstar/v3ntex getf tfp0 on iOS 12.0 - 12.1.2
- [60星][4y] shadowsocks/tun2socks-ios tun2socks as a library for iOS apps
- [58星][7m] [Perl] dnsmichi/manubulon-snmp Set of Icinga/Nagios plugins to check hosts and hardware wi the SNMP protocol.
- [58星][4y] [HTML] nccgroup/iodide The Cisco IOS Debugger and Integrated Disassembler Environment
- [58星][2y] [Shell] tanprathan/fridpa An automated wrapper script for patching iOS applications (IPA files) and work on non-jailbroken device
- [57星][ObjC] jrock007/tob Free, open-source and ad-less Tor web browser for iOS
- [56星][11m] [ObjC] geosn0w/chaos Chaos iOS < 12.1.2 PoC by
- [55星][2y] jkpang/timliu-ios iOS开发常用三方库、插件、知名博客等等
- [55星][3y] [C++] s-kanev/xiosim A detailed michroarchitectural x86 simulator
- [55星][3y] [C] synack/chaoticmarch A mechanism for automating input events on iOS
- [52星][1y] [C] bazad/threadexec A library to execute code in the context of other processes on iOS 11.
- [52星][2y] rehints/blackhat_2017 Betraying the BIOS: Where the Guardians of the BIOS are Failing
- [52星][10m] [Logos] zhaochengxiang/ioswechatfakelocation A tweak that can fake location info in WeChat
- [51星][3y] [HTML] pwnsdx/ios-uri-schemes-abuse-poc A set of URI schemes bugs that lead Safari to crash/freeze.
- [49星][1y] [Swift] sherlouk/swiftprovisioningprofile Parse iOS mobile provisioning files into Swift models
- [48星][2y] [Shell] leanvel/iinject Tool to automate the process of embedding dynamic libraries into iOS applications from GNU/Linux
- [48星][7m] [ObjC] smilezxlee/zxhookutil 【iOS逆向】Tweak工具函数集,基于theos、monkeyDev
- [47星][2m] [ObjC] ooni/probe-ios OONI Probe iOS
- [47星][4y] [Py] ostorlab/jniostorlab JNI method enumeration in ELF files
- [47星][3m] [ObjC] smilezxlee/zxrequestblock 一句话实现iOS应用底层所有网络请求拦截(如ajax请求拦截),包含http-dns解决方法,有效防止DNS劫持,用于分析http,https请求,禁用/允许代理,防抓包等
- [47星][2m] the-blockchain-bible/readme The Blockchain Bible,a collections for blockchain tech,bitcoin,ethereum,crypto currencies,cryptography,decentralized solutions,business scenarios,hyperledger tech,meetups,区块链,数字货币,加密货币,比特币,以太坊,密码学,去中心化,超级账本
- [47星][5y] [PHP] cloudsec/aioshell A php webshell run under linux based webservers. v0.05
- [46星][2y] [C] encounter/tsschecker Check TSS signing status of iOS firmwares and save SHSH blobs
- [46星][2y] uefitech/resources One-stop shop for UEFI/BIOS specifications/utilities by UEFI.Tech community
- [46星][1y] [Go] unixpickle/cve-2018-4407 Crash macOS and iOS devices with one packet
- [44星][4y] [C] samdmarshall/machodiff mach-o diffing tool
- [43星][5y] [Shell] netspi/heapdump-ios Dump IOS application heap space from memory
- [42星][1m] [ObjC] dineshshetty/ios-sandbox-dumper SandBox-Dumper makes use of multiple private libraries to provide exact locations of the application sandbox, application bundle and some other interesting information
- [42星][2y] [Py] klsecservices/ios_mips_gdb Cisco MIPS debugger
- [40星][15d] [Swift] fonta1n3/fullynoded A Bitcoin Core GUI for iOS devices. Allows you to connect to and control multiple nodes via Tor
- [39星][3y] [Logos] ahmadhashemi/immortal Prevent expiration of signed iOS applications & bypass 3 free signed applications per device limit
- [39星][4m] [Py] gh2o/rvi_capture rvictl for Linux and Windows: capture packets sent/received by iOS devices
- [39星][4y] [Pascal] senjaxus/delphi_remote_access_pc Remote access in Delphi 7 and Delphi XE5 (With sharer files, CHAT and Forms Inheritance) || Acesso Remoto em Delphi 7 e Delphi XE5 (Com Compartilhador de Arquivos, CHAT e Herança de Formulários)
- [39星][27d] [Shell] userlandkernel/plataoplomo Collection of (at time of release) iOS bugs I found
- [39星][3m] [Py] meituan-dianping/lyrebird-ios 本程序是Lyrebird插件,您可以在插件中快速查看已连接iOS设备的详细设备信息,截取屏幕快照,以及查看已连接设备的应用信息。
- [38星][4y] [C] taichisocks/shadowsocks Lightweight shadowsocks client for iOS and Mac OSX base on shadowsocks-libev
- [38星][1y] [ObjC] xmartlabs/metalperformanceshadersproxy A proxy for MetalPerformanceShaders which takes to a stub on a simulator and to the real implementation on iOS devices.
- [37星][4m] [Ruby] appspector/ios-sdk AppSpector is a debugging service for mobile apps
- [36星][4y] [Objective-C++] cyhe/iossecurity-attack APP安全(逆向攻击篇)
- [36星][3y] [PS] machosec/mystique PowerShell module to play with Kerberos S4U extensions
- [35星][4y] [Py] curehsu/ez-wave Tools for Evaluating and Exploiting Z-Wave Networks using Software-Defined Radios.
- [35星][1y] [Swift] vixentael/zka-example Zero Knowledge Application example, iOS, notes sharing, Firebase backend
- [33星][3y] [ObjC] integrity-sa/introspy-ios Security profiling for blackbox iOS
- [33星][7y] [C] mubix/fakenetbios See here:
- [33星][10m] [Swift] vixentael/ios-datasec-basics iOS data security basics: key management, workshop for iOS Con UK
- [33星][2m] [ObjC] proteas/ios13-sandbox-profile-format Binary Format of iOS 13 Sandbox Profile Collection
- [31星][3y] [Py] as0ler/r2clutch r2-based tool to decrypt iOS applications
- [31星][3y] [Assembly] gyje/bios_rootkit 来自Freebuf评论区,一个UEFI马.
- [31星][2y] proappleos/upgrade-from-10.3.x-to-ios-11.1.2-on-any-64bit-device-with-blobs How to Upgrade any 64Bit Device from 10.3.x to 11.1.2 with Blobs
- [30星][3y] [ObjC] mtigas/iobfs Building obfs4proxy for Tor-enabled iOS apps.
- [30星][2y] [Shell] pnptutorials/pnp-portablehackingmachine This script will convert your Raspberry Pi 3 into a portable hacking machine.
- [30星][8y] [Py] hubert3/isniff SSL man-in-the-middle tool targeting iOS devices < 4.3.5
- [29星][12m] [Py] antid0tecom/ipad_accessory_research Research into Security of Apple Smart Keyboard and Apple Pencil
- [29星][4y] [ObjC] quellish/facebook-ios-internal-headers Headers generated by reverse engineering the Facebook iOS binary
- [29星][8y] sektioneins/.ipa-pie-scanner Scans iPhone/iPad/iPod applications for PIE flags
- [29星][4y] [C] scallywag/nbtscan NetBIOS scanning tool. Currently segfaults!
- [28星][2y] [ObjC] dannagle/packetsender-ios Packet Sender for iOS, Send/Receive UDP/TCP
- [28星][10m] [C] mrmacete/r2-ios-kernelcache Radare2 plugin to parse modern iOS 64-bit kernel caches
- [28星][3y] [C] salmg/audiospoof Magnetic stripe spoofer implementing audio waves.
- [28星][4y] [Swift] urinx/device-9 实时监测网速,IP,内存大小,温度等设备信息并显示在通知中心的 iOS App
- [27星][1y] alonemonkey/iosrebook-issues 《iOS应用逆向与安全》 勘误
- [27星][27d] [Perl] hknutzen/netspoc A network security policy compiler. Netspoc is targeted at large environments with a large number of firewalls and admins. Firewall rules are derived from a single rule set. Supported are Cisco IOS, NX-OS, ASA and IPTables.
- [27星][3m] [Rust] marcograss/rust-kernelcache-extractor Extract a decrypted iOS 64-bit kernelcache
- [27星][8m] [Py] qingxp9/cve-2019-6203-poc PoC for CVE-2019-6203, works on < iOS 12.2, macOS < 10.14.4
- [27星][5m] [Py] mvelazc0/purplespray PurpleSpray is an adversary simulation tool that executes password spray behavior under different scenarios and conditions with the purpose of generating attack telemetry in properly monitored Windows enterprise environments
- [26星][2y] [C++] cuitche/code-obfuscation 一款iOS代码混淆工具(A code obfuscation tool for iOS.)
- [26星][5m] [HTML] devnetsandbox/sbx_multi_ios Sample code, examples, and resources for use with the DevNet Multi-IOS Sandbox
- [26星][4y] [ObjC] qiuyuzhou/shadowsocks-ios No maintaining. Try this
- [26星][3y] [ObjC] nabla-c0d3/ios-reversing Some iOS tools and scripts from 2014 for iOS reversing.
- [26星][5m] [Swift] itsjohnye/lead-ios a featherweight iOS SS proxy client with interactive UI
- [25星][2y] [C] embedi/tcl_shellcode A template project for creating a shellcode for the Cisco IOS in the C language
- [25星][1y] [HTML] 649/crash-ios-exploit Repository dedicated to storing a multitude of iOS/macOS/OSX/watchOS crash bugs. Some samples need to be viewed as raw in order to see the Unicode. Please do not intentionally abuse these exploits.
- [24星][6y] [ObjC] samdmarshall/ios-internals iOS related code
- [23星][5y] [Ruby] claudijd/bnat "Broken NAT" - A suite of tools focused on detecting and interacting with publicly available BNAT scenerios
- [23星][1y] [ObjC] rpwnage/warri0r ios 12 Sandbox escape POC
- [22星][2y] jasklabs/blackhat2017 Data sets and examples for Jask Labs Blackhat 2017 Handout: Top 10 Machine Learning Cyber Security Use Cases
- [22星][4y] sunkehappy/ios-reverse-engineering-tools-backup Some guys find the old lsof could not be downloaded. But I have it and I want to share it.
- [22星][1y] [PHP] svelizdonoso/asyrv ASYRV es una aplicación escrita en PHP/MySQL, con Servicios Web mal desarrollados(SOAP/REST/XML), esperando ayudar a los entusiastas de la seguridad informática a comprender esta tecnología tan utilizada hoy en día por las Organizaciones.
- [21星][2y] troydo42/awesome-pen-test Experiment with penetration testing Guides and Tools for WordPress, iOS, MacOS, Wifi and Car
- [20星][1y] [C] downwithup/cve-2018-16712 PoC Code for CVE-2018-16712 (exploit by MmMapIoSpace)
- [20星][1y] [Ruby] martinvigo/ransombile Ransombile is a tool that can be used in different scenarios to compromise someone’s digital life when having physical access to a locked mobile device
- [19星][3y] [Swift] depoon/injectiblelocationspoofing Location Spoofing codes for iOS Apps via Code Injection
- [19星][1y] [ObjC] frpccluster/frpc-ios IOS,苹果版frpc.一个快速反向代理,可帮助您将NAT或防火墙后面的本地服务器暴露给Internet。
- [19星][6y] [Logos] iosre/iosrelottery
- [18星][12d] [Py] adafruit/adafruit_circuitpython_rfm9x CircuitPython module for the RFM95/6/7/8 LoRa wireless 433/915mhz packet radios.
- [16星][4y] ashishb/ios-malware iOS malware samples
- [16星][2y] [ObjC] mikaelbo/updateproxysettings A simple iOS command line tool for updating proxy settings
- [16星][1y] [Py] r3dxpl0it/cve-2018-4407 IOS/MAC Denial-Of-Service [POC/EXPLOIT FOR MASSIVE ATTACK TO IOS/MAC IN NETWORK]
- [15星][2y] [Objective-C++] ay-kay/cda iOS command line tool to search for installed apps and list container paths (bundle, data, group)
- [15星][2y] [Py] mathse/meltdown-spectre-bios-list a list of BIOS/Firmware fixes adressing CVE-2017-5715, CVE-2017-5753, CVE-2017-5754
- [15星][2y] [Swift] vgmoose/nc-client [iOS] netcat gui app, for using the 10.1.x mach_portal root exploit on device
- [15星][12m] aliasrobotics/rctf Scenarios of the Robotics CTF (RCTF), a playground to challenge robot security.
- [14星][2m] refractionpoint/limacharlie Old home of LimaCharlie, open source EDR
- [14星][7y] [Py] trotsky/insyde-tools (Inactive) Tools for unpacking and modifying an InsydeH2O UEFI BIOS now merged into coreboot
- [14星][5y] [C] yifanlu/polipo-ios iOS port of Polipo caching HTTP proxy
- [13星][1y] [ObjC] omerporze/toothfairy CVE-2018-4330 POC for iOS
- [13星][6y] [Py] yuejd/ios_restriction_passcode_crack---python-version Crack ios Restriction PassCode in Python
- [13星][2m] [Shell] ewypych/icinga-domain-expiration-plugin Icinga2/Nagios plugin for checking domain expiration
- [12星][8y] [C] akgood/iosbasicconstraintsworkaround Proof-of-Concept OpenSSL-based workaround for iOS basicConstraints SSL certificate validation vulnerability
- [12星][10m] [Py] wyatu/cve-2018-4407 CVE-2018-4407 IOS/macOS kernel crash
- [11星][8m] [Swift] sambadiallob/pubnubchat An anonymous chat iOS app made using PubNub
- [11星][3y] [ObjC] flankerhqd/descriptor-describes-toctou POCs for IOMemoryDescriptor racing bugs in iOS/OSX kernels
- [10星][1y] [Py] zteeed/cve-2018-4407-ios POC: Heap buffer overflow in the networking code in the XNU operating system kernel
- [9星][2y] [Logos] asnowfish/ios-system iOS系统的逆向代码
- [9星][4y] [C] yigitcanyilmaz/iohideventsystemuserclient iOS Kernel Race Vulnerability (Patched on iOS 9.3.2,OSX 10.11.5,tvOS 9.2.1 by Apple)
- [9星][2y] [C] syst3ma/cisco_ios_research
- [9星][2m] nemo-wq/privilege_escalation Lab exercises to practice privilege escalation scenarios in AWS IAM. These exercises and the slides go through the basics behind AWS IAM, common weaknesses in AWS deployments, specific to IAM, and how to exploit them manually. This was run as a workshop at BruCon 2019.
- [9星][2y] [C] syst3ma/cisco_ios_research
- [8星][6y] [C] linusyang/sslpatch Patch iOS SSL vulnerability (CVE-2014-1266)
- [8星][2y] pinczakko/nsa_bios_backdoor_articles PDF files of my articles on NSA BIOS backdoor
- [8星][2y] [JS] ansjdnakjdnajkd/frinfo Dump files, data, cookies, keychain and etc. from iOS device with one click.
- [7星][7y] [ObjC] hayaq/recodesign Re-codesigning tool for iOS ipa file
- [7星][11m] [Py] shawarkhanethicalhacker/cve-2019-8389 [CVE-2019-8389] An exploit code for exploiting a local file read vulnerability in Musicloud v1.6 iOS Application
- [7星][1y] [C] ukern-developers/xnu-kernel-fuzzer Kernel Fuzzer for Apple's XNU, mainly meant for the iOS operating system
- [6星][2y] [C] jduncanator/isniff Packet capture and network sniffer for Apple iOS devices (iPhone / iPod). An implementation of iOS 5+ Remote Virtual Interface service and pcapd.
- [6星][6y] [Shell] rawrly/juicejacking Several script and images used with the juice jacking kiosks
- [6星][8y] [Ruby] spiderlabs/bnat-suite "Broken NAT" - A suite of tools focused on detecting/exploiting/fixing publicly available BNAT scenerios
- [4星][12m] anonymouz4/apple-remote-crash-tool-cve-2018-4407 Crashes any macOS High Sierra or iOS 11 device that is on the same WiFi network
- [4星][2y] [C] chibitronics/ltc-os ChibiOS-based operating system for the Love-to-Code project
- [4星][2y] [Swift] crazyquark/keysafe A technical demo on how to use KeySecGeneratePair() with the secure enclave in iOS 9+
- [4星][8y] [ObjC] spiderlabs/twsl2011-007_ios_code_workaround Workaround for the vulnerability identified by TWSL2011-007 or CVE-2008-0228 - iOS x509 Certificate Chain Validation Vulnerability
- [3星][3y] [ObjC] susnmos/xituhook 逆向分析及修复稀土掘金iOS版客户端闪退bug
- [3星][4y] [Py] torque59/yso-mobile-security-framework Mobile Security Framework is an intelligent, all-in-one open source mobile application (Android/iOS) automated pen-testing framework capable of performing static and dynamic analysis.
- [3星][1y] tthtlc/awesome_malware_techniques This will compile a list of Android, iOS, Linux malware techniques for attacking and detection purposes.
- [3星][4y] [Py] tudorthe1ntruder/rubber-ducky-ios-pincode-bruteforce
- [2星][3y] [Py] alexplaskett/needle The iOS Security Testing Framework.
- [2星][5y] [HTML] dhirajongithub/owasp-kalp-mobile-project-ios-app OWASP KALP Mobile Project is an iOS application developed for users to view OWASP Top 10 (WEB and MOBILE) on mobile device.
- [2星][2y] [C] kigkrazy/hookzz a cute hook framwork for arm/arm64/ios/android
- [2星][4y] [C] ohdarling/potatso-ios Potatso is an iOS client that implements Shadowsocks proxy with the leverage of NetworkExtension framework in iOS 9.
- [2星][1y] [Py] zeng9t/cve-2018-4407-ios-exploit CVE-2018-4407,iOS exploit
- [2星][2y] nrollr/ios Ivan Krstić - Black Hat 2016 presentation
- [1星][10m] [Ruby] hercules-team/augeasproviders_nagios Augeas-based nagios types and providers for Puppet
- [1星][4y] [Go] jordan2175/ios-passcode-crack Tool for cracking the iOS restrictions passcode
- [0星][2y] [ObjC] joedaguy/exploit11.2 Exploit iOS 11.2.x by ZIMPERIUM and semi-completed by me. Sandbox escapes on CVE-2018-4087.
- [0星][3y] [C] maximehip/extra_recipe Ian Beer's exploit for CVE-2017-2370 (kernel memory r/w on iOS 10.2)
- [0星][6y] [ObjC] skycure/skycure_news Sample news iOS application
- [0星][2y] [Py] tsunghowu/diskimagecreator A python utility to process the input raw disk image and sign MBR/partitions with given corresponding keys. This tool is designed to help people attack the machine with a secure chain-of-trust boot process in UEFI BIOS.
- [0星][3y] [Swift] jencisov/stackview POC project of StackViews on iOS
- [0星][2m] [HTML] dotnetnicaragua/example-xss-crosssitescripting Ejemplo de vulnerabilidad: A7 - Secuencia de Comandos en Sitios Cruzados (XSS) según OWASP TOP 10 2017
- [4042星][3m] [JS] cuckoosandbox/cuckoo Cuckoo Sandbox is an automated dynamic malware analysis system
- [458星][2y] [Py] idanr1986/cuckoo-droid Automated Android Malware Analysis with Cuckoo Sandbox.
- [357星][3y] [Py] spender-sandbox/cuckoo-modified cuckoo改版
- [308星][2m] [Py] hatching/vmcloak Automated Virtual Machine Generation and Cloaking for Cuckoo Sandbox.
- [248星][4y] [C] begeekmyfriend/cuckoofilter Substitute for bloom filter.
- [238星][7m] [Py] cuckoosandbox/community Repository of modules and signatures contributed by the community
- [236星][5y] [C] conix-security/zer0m0n zer0m0n driver for cuckoo sandbox
- [236星][4m] [Py] brad-sp/cuckoo-modified Modified edition of cuckoo
- [225星][1y] [PHP] cuckoosandbox/monitor The new Cuckoo Monitor.
- [220星][4m] [Shell] blacktop/docker-cuckoo Cuckoo Sandbox Dockerfile
- [202星][2y] [C] david-reguera-garcia-dreg/anticuckoo A tool to detect and crash Cuckoo Sandbox
- [151星][3y] [Shell] buguroo/cuckooautoinstall Auto Installer Script for Cuckoo Sandbox
- [124星][4y] [Py] davidoren/cuckoosploit An environment for comprehensive, automated analysis of web-based exploits, based on Cuckoo sandbox.
- [120星][4y] [C] cuckoosandbox/cuckoomon DEPRECATED - replaced with "monitor"
- [117星][3y] [Py] honeynet/cuckooml Machine Learning for Cuckoo Sandbox
- [82星][2y] [Py] idanr1986/cuckoodroid-2.0 自动化Android 恶意软件分析
- [78星][5y] [Py] idanr1986/cuckoo A Cuckoo Sandbox Extension for Android
- [70星][26d] [Py] jpcertcc/malconfscan-with-cuckoo Cuckoo Sandbox plugin for extracts configuration data of known malware
- [70星][4m] [PS] nbeede/boombox Automatic deployment of Cuckoo Sandbox malware lab using Packer and Vagrant
- [69星][3y] [C] angelkillah/zer0m0n zer0m0n driver for cuckoo sandbox
- [57星][8m] [Py] hatching/sflock Sample staging & detonation utility to be used in combination with Cuckoo Sandbox.
- [55星][4y] [Py] rodionovd/cuckoo-osx-analyzer An OS X analyzer for Cuckoo Sandbox project
- [52星][1y] [C] phdphuc/mac-a-mal 追踪macOS恶意软件的内核驱动, 与Cuckoo沙箱组合使用
- [39星][7y] [Perl] xme/cuckoomx CuckooMX is a project to automate analysis of files transmitted over SMTP (using the Cuckoo sandbox)
- [38星][3y] [C] spender-sandbox/cuckoomon-modified Modified edition of cuckoomon
- [36星][6m] ocatak/malware_api_class Malware dataset for security researchers, data scientists. Public malware dataset generated by Cuckoo Sandbox based on Windows OS API calls analysis for cyber security researchers
- [32星][2y] [Py] phdphuc/mac-a-mal-cuckoo 扩展Cuckoo沙箱功能, 添加分析macOS恶意软件功能
- [28星][3y] [Py] 0x71/cuckoo-linux Linux malware analysis based on Cuckoo Sandbox.
- [19星][5y] [C] zer0box/zer0m0n zer0m0n driver for cuckoo sandbox
- [16星][22d] [Py] ryuchen/panda-sandbox 这是一个基于 Cuckoo 开源版本的沙箱的修订版本, 该版本完全为了适配国内软件环境所打造
- [12星][3y] [Py] keithjjones/cuckoo-modified-api A Python library to interface with a cuckoo-modified instance
- [10星][4y] [Py] tribalchicken/postfix-cuckoolyse A Postfix filter which takes a piped message and submits it to Cuckoo Sandbox
- [8星][2y] [Py] kojibhy/cuckoo-yara-auto simple python script to add yara rules in cuckoo sandbox
- [8星][3y] [Py] threatconnect-inc/cuckoo-reporting-module Cuckoo reporting module for version 1.2 stable
- [7星][2y] [Ruby] fyhertz/ansible-role-cuckoo Automated installation of Cuckoo Sandbox with Ansible
- [6星][3y] [Py] xme/cuckoo Miscellaneous files related to Cuckoo sandbox
- [4星][11m] [HTML] hullgj/report-parser Cuckoo Sandbox report parser into ransomware classifier
- [2星][3y] [Shell] harryr/cockatoo Torified Cuckoo malware analyser in a Docker container with VirtualBox
- [2星][7y] [Shell] hiddenillusion/cuckoo3.2 This repo contains patches for the 0.3.2 release of the cuckoo sandbox (
- [1星][2y] [Py] dc170/mbox-to-cuckoo Simple python script to send all executable files extracted from linux postfix mailboxes to the cuckoo sandbox for further automated analysis
- 2019.04 [eforensicsmag] How to Integrate RSA Malware Analysis with Cuckoo Sandbox | By Luiz Henrique Borges
- 2019.02 [thehive] Cortex-Analyzers 1.15.3 get ready for URLhaus and Cuckoo
- 2018.07 [360] 一例IRC Bot针对Cuckoo沙箱的猥琐对抗分析
- 2018.05 [trustedsec] Malware Analysis is for the (Cuckoo) Birds – Working with Proxmox
- 2018.05 [trustedsec] Protected: Malware Analysis is for the (Cuckoo) Birds
- 2018.05 [trustedsec] Protected: Malware Analysis is for the (Cuckoo) Birds – Cuckoo Installation Notes for Debian
- 2018.04 [ly0n] Automating malware analysis, cuckoo api + postfix
- 2018.04 [ly0n] Automating malware analysis, cuckoo api + postfix
- 2018.04 [nviso] Painless Cuckoo Sandbox Installation
- 2018.03 [rapid7] Next Threat Intel Book Club 4/5: Recapping The Cuckoo’s Egg
- 2018.03 [ensurtec] Cuckoo Sandbox Setup Tutorial
- 2018.01 [fortinet] Prevalent Threats Targeting Cuckoo Sandbox Detection and Our Mitigation
- 2018.01 [fortinet] Prevalent Threats Targeting Cuckoo Sandbox Detection and Our Mitigation
- 2017.09 [360] 在细节中捕捉恶魔 :提升Cuckoo沙箱捕获恶意Office样本行为的能力
- 2017.08 [trustwave] Cuckoo & Linux Subsystem: Some Love for Windows 10
- 2017.08 [n0where] Automated Android Malware Analysis: CuckooDroid
- 2017.05 [robertputt] Basic Malware Analysis with Cuckoo Sandbox
- 2017.05 [rastamouse] Playing with Cuckoo
- 2017.04 [mcafee] OpenDXL Case Study: Sandbox Mania featuring Cuckoo and Wildfire
- 2016.11 [tribalchicken] Guide: Cuckoo Sandbox on FreeBSD
- 2016.11 [tribalchicken] Guide: Cuckoo Sandbox on FreeBSD
- 2016.09 [cuckoo] Analysis of nested archives with Cuckoo Sandbox: SFlock 0.1 release
- 2016.08 [alienvault] One Flew Over the Cuckoo’s Test: Performing a Penetration Test with Methodology
- 2016.07 [freebuf] 自动化恶意软件分析系统Cuckoo安装、配置详解
- 2016.02 [eugenekolo] Installing and setting up Cuckoo Sandbox
- 2016.01 [n0where] Malware Analysis System: Cuckoo Sandbox
- 2015.12 [eugenekolo] Cuckoo Sandbox Notes
- 2015.11 [tribalchicken] Automated Malware Analysis: mail server -> Cuckoo, V2.0
- 2015.11 [tribalchicken] Automated Malware Analysis: mail server -> Cuckoo, V2.0
- 2015.11 [serializethoughts] How Cuckoo Filter Can Improve Existing Approximate Matching Techniques
- 2015.10 [trendmicro] Nigerian Cuckoo Miner Campaign Takes Over Legitimate Inboxes, Targets Banks
- 2015.09 [acolyer] Cuckoo Search via Lévy Flights
- 2015.08 [malwarebytes] Automatic Analysis Using Malheur And Cuckoo
- 2015.05 [alienvault] There’s a Cuckoo in my Nest. Time to talk about security for the Internet of Things
- 2015.03 [checkpoint] CuckooDroid – Fighting the Tide of Android Malware | Check Point Software Blog
- 2015.03 [arduino] Encrypting messages with Cuckoo and Arduino Yún
- 2014.11 [eventbrite] Brite Space Dublin: A Q&A With Mark Breen, Co-Founder, Cuckoo Events
- 2014.10 [tribalchicken] Automated malware analysis: Mail server -> Cuckoo
- 2014.10 [tribalchicken] Automated malware analysis: Mail server -> Cuckoo
- 2014.05 [notanumber] Cuckoo Byte Stuffing Algorithm
- 2014.05 [immunityproducts] Connecting El Jefe 2.0 with the Cuckoo malware sandbox
- 2014.05 [toolswatch] Cuckoo Sandbox v1.1 Released
- 2014.04 [malwarebytes] Automating Malware Analysis with Cuckoo Sandbox
- 2013.09 [itgeekchronicles] Python: Kippo 2 Cuckoo
- 2013.06 [rapid7] Cuckoo Sandbox approaching 1.0
- 2013.04 [toolswatch] Cuckoo Sandbox v0.6 available
- 2013.04 [rapid7] Fooling malware like a boss with Cuckoo Sandbox
- 2013.01 [sans] Cuckoo 0.5 is out and the world didn't end
- 2012.12 [volatility] What do Upclicker, Poison Ivy, Cuckoo, and Volatility Have in Common?
- 2012.12 [alienvault] Hardening Cuckoo Sandbox against VM aware malware
- 2012.11 [securityartwork] Customizing “Cuckoo Sandbox”
- 2012.10 [toolswatch] Cuckoo Sandbox v0.4.2 available (Support for VMware added)
- 2012.08 [toolswatch] Cuckoo Sandbox v0.4.1 The Malware Analysis Released
- 2012.07 [rapid7] Cuckoo Sandbox 0.4 Simplifies Malware Analysis with KVM support, Signatures and Extended Modularity
- 2012.07 [hiddenillusion] Customizing cuckoo to fit your needs
- 2012.05 [corelan] HITB2012AMS Day 1 – One Flew Over The Cuckoos Nest
- 2012.05 [toolswatch] Cuckoo Sandbox v0.3.2 Released
- 2012.01 [trustwave] Cuckoo for Cuckoo Box
- 2011.02 [chuvakin] The Honeynet Project Releases New Tool: Cuckoo
- 2007.09 [infosecblog] Cuckoo’s Egg
- 2007.01 [infosecblog] ISC: Cuckoo’s egg on the face
- 2007.01 [sans] Cuckoo's egg on the face
- [1388星][12d] [C] dynamorio/drmemory Memory Debugger for Windows, Linux, Mac, and Android
- [1228星][12d] [C] dynamorio/dynamorio Dynamic Instrumentation Tool Platform
- [1364星][3m] [C] googleprojectzero/winafl A fork of AFL for fuzzing Windows binaries
- [249星][5m] [C] ampotos/dynstruct Reverse engineering tool for automatic structure recovering and memory use analysis based on DynamoRIO and Capstone
- [119星][5y] [C++] breakingmalware/selfie 对自修改代码进行脱壳
- [119星][4m] [C++] googleprojectzero/drsancov DynamoRIO plugin to get ASAN and SanitizerCoverage compatible output for closed-source executables
- [53星][4y] [C] lgeek/dynamorio_pin_escape
- [17星][26d] [C] firodj/bbtrace 记录bbtrace
- [14星][6m] [C++] vanhauser-thc/afl-dynamorio run AFL with dynamorio
- [10星][2y] [C++] atrosinenko/afl-dr Experiment in implementation of an instrumentation for American Fuzzy Lop using DynamoRIO
- [52星][12m] [Py] cisco-talos/dyndataresolver 动态数据解析. 在IDA中控制DyRIO执行程序的指定部分, 记录执行过程后传回数据到IDA
- 重复区段: IDA->插件->调试->DBI数据 |
- DDR 基于DyRIO的Client
- IDA插件
- [20星][9m] [C++] secrary/findloop 使用DyRIO查找执行次数过多的代码块
- 重复区段: IDA->插件->调试->DBI数据 |
- [6星][2y] [C++] ncatlin/drgat The DynamoRIO client for rgat
- 2019.10 [freebuf] DrSemu:基于动态行为的恶意软件检测与分类工具
- 2019.06 [freebuf] Functrace:使用DynamoRIO追踪函数调用
- 2019.01 [360] 深入浅出——基于DynamoRIO的strace和ltrace
- 2018.08 [n0where] Dynamic API Call Tracer for Windows and Linux Applications: Drltrace
- 2018.07 [topsec] 动态二进制修改(Dynamic Binary Instrumentation)入门:Pin、DynamoRIO、Frida
- 2017.11 [SECConsult] The Art of Fuzzing - Demo 10: In-memory Fuzzing HashCalc using DynamoRio
- 2017.11 [SECConsult] The Art of Fuzzing - Demo 6: Extract Coverage Information using DynamoRio
- 2017.04 [pediy] [原创]通过Selife学习使用DynamoRIO动态插桩
- 2016.11 [360] “Selfie”:利用DynamoRIO实现自修改代码自动脱壳的神器
- 2016.09 [securitygossip] Practical Memory Checking With Dr. Memory
- 2016.09 [sjtu] Practical Memory Checking With Dr. Memory
- 2016.08 [n0where] Dynamic Instrumentation Tool Platform: DynamoRIO
- 2014.01 [dustri] Memory debugging under Windows with drmemory
- 2012.10 [redplait] building dynamorio
- 2011.06 [redplait] dynamorio
- [424星][5y] [C++] jonathansalwan/pintools Pintool example and PoC for dynamic binary analysis
- [299星][2m] [C] vusec/vuzzer depends heavily on a modeified version of DataTracker, which in turn depends on LibDFT pintool.
- [148星][5y] [C++] f-secure/sulo Dynamic instrumentation tool for Adobe Flash Player built on Intel Pin
- [123星][6m] [C++] hasherezade/tiny_tracer A Pin Tool for tracing API calls etc
- [65星][3y] [C++] m000/dtracker DataTracker: A Pin tool for collecting high-fidelity data provenance from unmodified programs.
- [60星][2y] [C++] hasherezade/mypintools Tools to run with Intel PIN
- [48星][9m] [C++] angorafuzzer/libdft64 libdft for Intel Pin 3.x and 64 bit platform. (Dynamic taint tracking, taint analysis)
- [48星][7y] [C++] cr4sh/code-coverage-analysis-tools Code coverage analysis tools for the PIN Toolkit
- [39星][4y] [C++] corelan/pin Collection of pin tools
- [36星][3y] [C++] paulmehta/ablation Augmenting Static Analysis Using Pintool: Ablation
- [30星][4y] [C++] 0xddaa/pin Use Intel Pin tools to analysis binary.
- [27星][1y] [C++] fdiskyou/winalloctracer Pintool that logs and tracks calls to RtlAllocateHeap, RtlReAllocateHeap, RtlFreeHeap, VirtualAllocEx, and VirtualFreeEx.
- [26星][7y] [C++] jingpu/pintools
- [25星][2m] [C++] boegel/mica a Pin tool for collecting microarchitecture-independent workload characteristics
- [22星][6y] [C++] jbremer/pyn Awesome Python bindings for Pintool
- [18星][1y] bash-c/pin-in-ctf 使用intel pin来求解一部分CTF challenge
- [12星][3y] [C++] netspi/pin Intel pin tools
- [6星][2y] [C++] spinpx/afl_pin_mode Yet another AFL instrumentation tool implemented by Intel Pin.
- [943星][1y] [Py] gaasedelen/lighthouse 从DBI中收集代码覆盖情况,在IDA/Binja中映射、浏览、查看
- 重复区段: IDA->插件->调试->DBI数据 |DBI->Frida->工具->与其他工具交互->IDA |DBI->Frida->工具->与其他工具交互->BinaryNinja |
- coverage-frida 使用Frida收集信息
- coverage-pin 使用Pin收集覆盖信息
- 插件 支持IDA和BinNinja
- [134星][1y] [Py] carlosgprado/jarvis 多功能, 带界面,辅助静态分析、漏洞挖掘、动态追踪(Pin)、导入导出等
- [122星][5y] [C++] zachriggle/ida-splode 使用Pin收集动态运行数据, 导入到IDA中查看
- 重复区段: IDA->插件->调试->DBI数据 |
- IDA插件
- PinTool
- [117星][2y] [C++] 0xphoenix/mazewalker 使用Pin收集数据,导入到IDA中查看
- 重复区段: IDA->插件->调试->DBI数据 |
- mazeui 在IDA中显示界面
- PyScripts Python脚本,处理收集到的数据
- PinClient
- [102星][4m] [Java] 0ffffffffh/dragondance 在Ghidra中进行代码覆盖情况的可视化
- 重复区段: Ghidra->插件->与其他工具交互->DBI |
- Ghidra插件
- coverage-pin 使用Pin收集信息
- [89星][8y] [C] neuroo/runtime-tracer 使用Pin收集运行数据并在IDA中显示
- 重复区段: IDA->插件->调试->DBI数据 |
- PinTool
- IDA插件
- [44星][3y] [Batchfile] maldiohead/idapin plugin of ida with pin
- 重复区段: IDA->插件->导入导出->IntelPin |
- [15星][1y] [C++] agustingianni/instrumentation PinTool收集。收集数据可导入到IDA中
- [4516星][13d] [Makefile] frida/frida Clone this repo to build Frida
- [1193星][15d] [JS] alonemonkey/frida-ios-dump pull decrypted ipa from jailbreak device
- 重复区段: Apple->越狱->工具 |
- [895星][5m] [JS] dpnishant/appmon 用于监视和篡改本地macOS,iOS和android应用程序的系统API调用的自动化框架。基于Frida。
- [645星][16d] [Py] igio90/dwarf Full featured multi arch/os debugger built on top of PyQt5 and frida
- [559星][1m] [JS] nccgroup/house 运行时手机 App 分析工具包, 带Web GUI
- [513星][1m] [JS] iddoeldor/frida-snippets Hand-crafted Frida examples
- [422星][1y] [Py] dstmath/frida-unpack 基于Frida的脱壳工具
- [420星][13d] [C] frida/frida-python Frida Python bindings
- [407星][2y] [JS] 0xdea/frida-scripts A collection of my Frida.re instrumentation scripts to facilitate reverse engineering of mobile apps.
- [405星][1y] [C++] vah13/extracttvpasswords tool to extract passwords from TeamViewer memory using Frida
- [332星][15d] [JS] chichou/bagbak Yet another frida based iOS dumpdecrypted, works on iOS 13 with checkra1n and supports decrypting app extensions
- [321星][1m] [C] frida/frida-core Frida core library intended for static linking into bindings
- [317星][5y] [C++] frida/cryptoshark Self-optimizing cross-platform code tracer based on dynamic recompilation
- [308星][4m] [JS] smartdone/frida-scripts 一些frida脚本
- [283星][8m] [Py] nightbringer21/fridump A universal memory dumper using Frida
- [266星][2y] [Py] antojoseph/frida-android-hooks Lets you hook Method Calls in Frida ( Android )
- [250星][1y] [Py] igio90/frick aka the first debugger built on top of frida
- [243星][19d] [JS] frenchyeti/dexcalibur Dynamic binary instrumentation tool designed for Android application and powered by Frida. It disassembles dex, analyzes it statically, generates hooks, discovers reflected methods, stores intercepted data and does new things from it. Its aim is to be an all-in-one Android reverse engineering platform.
- [228星][13d] [C] frida/frida-gum Low-level code instrumentation library used by frida-core
- [197星][28d] [JS] xiaokanghub/frida-android-unpack this unpack script for Android O and Android P
- [195星][5m] [C] nowsecure/frida-cycript Cycript fork powered by Frida.
- [173星][11d] [JS] andreafioraldi/frida-fuzzer This experimetal fuzzer is meant to be used for API in-memory fuzzing.
- [159星][3m] [JS] interference-security/frida-scripts Frida Scripts
- [141星][19d] [TS] chame1eon/jnitrace A Frida based tool that traces usage of the JNI API in Android apps.
- [138星][3y] [JS] as0ler/frida-scripts Repository including some useful frida script for iOS Reversing
- [128星][8m] enovella/r2frida-wiki This repo aims at providing practical examples on how to use r2frida
- [124星][3y] [JS] antojoseph/diff-gui GUI for Frida -Scripts
- [123星][2y] [Java] brompwnie/uitkyk Android Frida库, 用于分析App查找恶意行为
- 重复区段: Android->工具->Malware |
- [121星][29d] [JS] fuzzysecurity/fermion Fermion, an electron wrapper for Frida & Monaco.
- [112星][2y] [C] b-mueller/frida-detection-demo Some examples for detecting frida on Android
- [112星][25d] [C++] frida/frida-node Frida Node.js bindings
- [109星][9m] [Py] rootbsd/fridump3 A universal memory dumper using Frida for Python 3
- [104星][1y] [JS] thecjw/frida-android-scripts Some frida scripts
- [98星][2y] [Java] piasy/fridaandroidtracer A runnable jar that generate Javascript hook script to hook Android classes.
- [97星][15d] [JS] frida/frida-java-bridge Java runtime interop from Frida
- [90星][1y] [C] grimm-co/notquite0dayfriday This is a repo which documents real bugs in real software to illustrate trends, learn how to prevent or find them more quickly.
- [90星][2m] [Py] demantz/frizzer Frida-based general purpose fuzzer
- [88星][2y] [Py] mind0xp/frida-python-binding Easy to use Frida python binding script
- [86星][3y] [JS] oalabs/frida-wshook Script analysis tool based on Frida.re
- [85星][4m] [TS] nowsecure/airspy AirSpy - Frida-based tool for exploring and tracking the evolution of Apple's AirDrop protocol implementation on i/macOS, from the server's perspective. Released during BH USA 2019 Training
- [83星][3y] [JS] oalabs/frida-extract Frida.re based RunPE (and MapViewOfSection) extraction tool
- [81星][5m] [JS] frida/frida-presentations Public presentations given on Frida at conferences
- [79星][4m] [C] oleavr/ios-inject-custom (iOS) 使用Frida注入自定义Payload
- [76星][1m] [JS] andreafioraldi/frida-js-afl-instr An example on how to do performant in-memory fuzzing with AFL++ and Frida
- [75星][4y] [Py] antojoseph/diff-droid 使用 Frida对手机渗透测试的若干脚本
- [65星][3m] [Py] hamz-a/jeb2frida Automated Frida hook generation with JEB
- [58星][20d] [Py] lich4/personal_script 010Editor/BurpSuite/Frida/IDA等多个工具的多个脚本
- 重复区段: IDA->插件->未分类 |IDA->插件->导入导出->Frida |
- 010Editor 010Editor的多个脚本
- ParamChecker Burp插件
- Frida Frida多个脚本
- IDA IDA Scripts
- IDA-read_unicode.py IDA插件,识别程序中的中文字符
- IDA-add_xref_for_macho 辅助识别Objective-C成员函数的caller和callee
- IDA-add_info_for_androidgdb 使用gdbserver和IDA调试Android时,读取module列表和segment
- IDA-trace_instruction 追踪指令流
- IDA-detect_ollvm 检测OLLVM,在某些情况下修复(Android/iOS)
- IDA-add_block_for_macho 分析macho文件中的block结构
- [57星][8m] [JS] hamz-a/frida-android-libbinder PoC Frida script to view Android libbinder traffic
- [53星][1m] [Py] hamz-a/frida-android-helper Frida Android utilities
- [52星][1m] [Py] frida/frida-tools Frida CLI tools
- [50星][1y] [JS] fortiguard-lion/frida-scripts
- [49星][6m] [TS] igio90/hooah-trace Instructions tracing powered by frida
- [46星][1y] [JS] maltek/swift-frida Frida library for interacting with Swift programs.
- [46星][5m] [JS] nowsecure/frida-trace Trace APIs declaratively through Frida.
- [43星][8m] [C] sensepost/frida-windows-playground A collection of Frida hooks for experimentation on Windows platforms.
- [42星][2y] [HTML] digitalinterruption/fridaworkshop Break Apps with Frida workshop material
- [42星][4m] [Swift] frida/frida-swift Frida Swift bindings
- [40星][2y] [Py] agustingianni/memrepl Frida 插件,辅助开发内存崩溃类的漏洞
- 重复区段: IDA->插件->导入导出->Frida |
- [39星][29d] [JS] frida/frida-compile Compile a Frida script comprised of one or more Node.js modules
- [39星][4m] [TS] oleavr/frida-agent-example Example Frida agent written in TypeScript
- [37星][9d] [CSS] frida/frida-website Frida's website
- [34星][2m] [Py] dmaasland/mcfridafee
- [29星][6m] [TS] igio90/frida-onload Frida module to hook module initializations on android
- [28星][1y] [JS] ioactive/bluecrawl Frida (Android) Script for extracting bluetooth information
- [28星][2y] [JS] versprite/engage Tools and Materials for the Frida Engage Blog Series
- [28星][5m] [Java] dineshshetty/fridaloader A quick and dirty app to download and launch Frida on Genymotion
- [28星][8m] [C++] frida/v8 Frida depends on V8
- [26星][2y] [Py] androidtamer/frida-push Wrapper tool to identify the remote device and push device specific frida-server binary.
- [26星][4m] [C++] frida/frida-clr Frida .NET bindings
- [26星][3m] [JS] nowsecure/frida-uikit Inspect and manipulate UIKit-based GUIs through Frida.
- [25星][10m] [TS] woza-lab/woza [Deprecated]Dump application ipa from jailbroken iOS based on frida. (Node edition)
- [20星][3y] [JS] dweinstein/node-frida-contrib frida utility-belt
- [20星][5m] [JS] nowsecure/frida-uiwebview Inspect and manipulate UIWebView-hosted GUIs through Frida.
- [19星][7m] [JS] iddoeldor/mplus Intercept android apps based on unity3d (Mono) using Frida
- [19星][2m] [Shell] virb3/magisk-frida
- [19星][26d] [JS] cynops/frida-hooks
- [18星][5y] [JS] frida/aurora Proof-of-concept web app built on top of Frida
- [18星][2y] [Py] igio90/fridaandroidtracer Android application tracer powered by Frida
- [18星][2y] [Py] notsosecure/dynamic-instrumentation-with-frida Dynamic Instrumentation with Frida
- [18星][5m] [JS] nowsecure/frida-screenshot Grab screenshots using Frida.
- [16星][5m] [JS] nowsecure/frida-fs Create a stream from a filesystem resource.
- [16星][5m] [JS] freehuntx/frida-mono-api All the mono c exports, ready to be used in frida!
- [11星][5m] [JS] nowsecure/mjolner Cycript backend powered by Frida.
- [11星][3m] [JS] freehuntx/frida-inject This module allows you to easily inject javascript using frida and frida-load.
- [10星][1y] [JS] andreafioraldi/taint-with-frida just an experiment
- [10星][5y] [JS] frida/cloudspy Proof-of-concept web app built on top of Frida
- [9星][11m] [JS] lmangani/node_ssl_logger Decrypt and log process SSL traffic via Frida Injection
- [9星][2y] [JS] random-robbie/frida-docker Dockerised Version of Frida
- [9星][4m] [Py] melisska/neomorph Frida Python Tool
- [9星][10m] [JS] rubaljain/frida-jb-bypass Frida script to bypass the iOS application Jailbreak Detection
- [6星][4m] [JS] nowsecure/frida-panic Easy crash-reporting for Frida-based applications.
- [6星][10m] [JS] eybisi/fridascripts
- [5星][2m] [TS] nowsecure/frida-remote-stream Create an outbound stream over a message transport.
- [4星][5m] [JS] davuxcom/frida-scripts Inject JS and C# into Windows apps, call COM and WinRT APIs
- [4星][2y] [JS] frida/frida-load Load a Frida script comprised of one or more Node.js modules
- [4星][1m] [JS] sipcapture/hepjack.js Elegantly Sniff Forward-Secrecy TLS/SIP to HEP at the source using Frida
- [3星][5m] [JS] nowsecure/frida-memory-stream Create a stream from one or more memory regions.
- [3星][8d] [Py] margular/frida-skeleton This repository is supposed to define infrastructure of frida on hook android including some useful functions
- [3星][2y] [JS] myzhan/frida-examples Examples of using frida.
- [2星][1y] rhofixxxx/kick-off-owasp_webapp_security_vulnerabilities Want to keep your Web application from getting hacked? Here's how to get serious about secure apps. So let's do it! Open Friday, Aug 2016 - Presentation Notes.
- [1星][1y] [JS] ddurando/frida-scripts
- [584星][1y] [Java] federicodotta/brida The new bridge between Burp Suite and Frida!
- [943星][1y] [Py] gaasedelen/lighthouse 从DBI中收集代码覆盖情况,在IDA/Binja中映射、浏览、查看
- 重复区段: IDA->插件->调试->DBI数据 |DBI->IntelPin->工具->与其他工具交互->未分类 |DBI->Frida->工具->与其他工具交互->BinaryNinja |
- coverage-frida 使用Frida收集信息
- coverage-pin 使用Pin收集覆盖信息
- 插件 支持IDA和BinNinja
- [128星][3y] [Py] friedappleteam/frapl 在Frida Client和IDA之间建立连接,将运行时信息直接导入IDA,并可直接在IDA中控制Frida
- [83星][5y] [Py] techbliss/frida_for_ida_pro 在IDA中使用Frida, 主要用于追踪函数
- 重复区段: IDA->插件->导入导出->Frida |
- [943星][1y] [Py] gaasedelen/lighthouse 从DBI中收集代码覆盖情况,在IDA/Binja中映射、浏览、查看
- 重复区段: IDA->插件->调试->DBI数据 |DBI->IntelPin->工具->与其他工具交互->未分类 |DBI->Frida->工具->与其他工具交互->IDA |
- coverage-frida 使用Frida收集信息
- coverage-pin 使用Pin收集覆盖信息
- 插件 支持IDA和BinNinja
- [8星][3m] [Py] c3r34lk1ll3r/binrida Plugin for Frida in Binary Ninja
- 重复区段: BinaryNinja->插件->与其他工具交互->未分类 |
- [378星][27d] [JS] nowsecure/r2frida Radare2 and Frida better together.
- 重复区段: Radare2->插件->与其他工具交互->未分类 |
- [34星][12m] [CSS] nowsecure/r2frida-book The radare2 + frida book for Mobile Application assessment
- 重复区段: Radare2->插件->与其他工具交互->未分类 |
- 2019.12 [xakcop] Cloning RSA tokens with Frida
- 2019.09 [freebuf] Dwarf:一款基于Pyqt5和Frida的逆向分析调试工具
- 2019.06 [two06] Fun With Frida
- 2019.05 [nsfocus] 基于Frida进行通信数据“解密”
- 2019.05 [nsfocus] Frida应用基础及 APP https证书验证破解
- 2019.05 [nsfocus] Frida应用基础及 APP https证书验证破解
- 2019.05 [nsfocus] Frida应用基础及APP https证书验证破解
- 2019.05 [CodeColorist] Trace child process with frida on macOS
- 2019.05 [360] FRIDA脚本系列(四)更新篇:几个主要机制的大更新
- 2019.03 [360] FRIDA脚本系列(三)超神篇:百度AI“调教”抖音AI
- 2019.03 [securityinnovation] Setting up Frida Without Jailbreak on the Latest iOS 12.1.4 Device
- 2019.02 [nowsecure] Frida 12.3 Debuts New Crash Reporting Feature
- 2019.01 [fuzzysecurity] Windows Hacking 之:ApplicationIntrospection & Hooking With Frida
- 2019.01 [fuping] 安卓APP测试之HOOK大法-Frida篇
- 2019.01 [360] FRIDA脚本系列(二)成长篇:动静态结合逆向WhatsApp
- 2019.01 [pediy] [原创]介召几个frida在安卓逆向中使用的脚本以及延时Hook手法
- 2018.12 [360] FRIDA脚本系列(一)入门篇:在安卓8.1上dump蓝牙接口和实例
- 2018.12 [pediy] [原创]CVE-2017-4901 VMware虚拟机逃逸漏洞分析【Frida Windows实例】
- 2018.12 [freebuf] 一篇文章带你领悟Frida的精髓(基于安卓8.1)
- 2018.12 [pediy] [原创] Frida操作手册-Android环境准备
- 2018.11 [4hou] 使用FRIDA为Android应用进行脱壳的操作指南
- 2018.11 [pediy] [原创]Frida Bypass Android SSL pinning example 1
- 2018.11 [BSidesCHS] BSidesCHS 2018: "Hacking Mobile Apps with Frida" by David Coursey
- 2018.11 [freebuf] Frida-Wshook:一款基于Frida.re的脚本分析工具
- 2018.11 [360] 如何使用FRIDA搞定Android加壳应用
- 2018.11 [ioactive] Extracting Bluetooth Metadata in an Object’s Memory Using Frida
- 2018.11 [fortinet] How-to Guide: Defeating an Android Packer with FRIDA
- 2018.10 [PancakeNopcode] r2con2018 - Analyzing Swift Apps With swift-frida and radare2 - by Malte Kraus
- 2018.10 [serializethoughts] Bypassing Android FLAG_SECURE using FRIDA
- 2018.09 [pediy] [原创]使用frida来hook加固的Android应用的java层
- 2018.09 [freebuf] Frida在爆破Windows程序中的应用
- 2018.08 [pediy] [翻译]通过破解游戏学习Frida基础知识
- 2018.07 [pediy] [原创]在windows搭建frida hook环境碰到问题
- 2018.07 [CodeColorist] 《基于 FRIDA 的全平台逆向分析》课件
- 2018.07 [pediy] [翻译]在未root的设备上使用frida
- 2018.07 [pediy] [原创]进阶Frida--Android逆向之动态加载dex Hook(三)(下篇)
- 2018.07 [pediy] [原创]进阶Frida--Android逆向之动态加载dex Hook(三)(上篇)
- 2018.06 [pediy] [原创]frida源码阅读之frida-java
- 2018.06 [4hou] 利用Frida打造ELF解析器
- 2018.06 [pediy] [原创]关于android 微信 frida 使用技巧
- 2018.06 [pediy] [原创]初识Frida--Android逆向之Java层hook (二)
- 2018.06 [pediy] [原创]初识Frida--Android逆向之Java层hook (一)
- 2018.05 [pediy] [原创]Frida从入门到入门—安卓逆向菜鸟的frida食用说明
- 2018.05 [aliyun] Frida.Android.Practice (ssl unpinning)
- 2018.05 [infosecinstitute] Frida
- 2018.03 [pediy] [翻译]使用 Frida 逆向分析 Android 应用与 BLE 设备的通信
- 2018.03 [freebuf] Frida之Pin码破解实验
- 2018.02 [pentestpartners] Reverse Engineering BLE from Android apps with Frida
- 2018.02 [BSidesLeeds] Prototyping And Reverse Engineering With Frida by Jay Harris
- 2018.02 [libnex] Hunting for hidden parameters within PHP built-in functions (using frida)
- 2017.11 [pediy] [翻译]Frida官方手册中文版
- 2017.10 [pediy] [翻译]利用Frida绕过Certificate Pinning
- 2017.09 [PancakeNopcode] r2con 2017 - Intro to Frida and Dynamic Machine Code Transformations by Ole Andre
- 2017.09 [PancakeNopcode] r2con2017 - r2frida /by @mrmacete
- 2017.09 [pediy] [原创] 如何构建一款像 frida 一样的框架
- 2017.08 [360] 如何利用Frida实现原生Android函数的插桩
- 2017.08 [notsosecure] 如何动态调整使用 Android 的NDK 编写的代码,即:使用 Frida Hook C/ C++ 开发的功能。
- 2017.08 [freebuf] Brida:使用Frida进行移动应用渗透测试
- 2017.08 [freebuf] 利用Frida从TeamViewer内存中提取密码
- 2017.08 [360] 联合Frida和BurpSuite的强大扩展--Brida
- 2017.08 [4hou] Brida:将frida与burp结合进行移动app渗透测试
- 2017.07 [mediaservice] Brida 实战
- 2017.07 [360] 使用Frida绕过Android SSL Re-Pinning
- 2017.07 [mediaservice] 使用 Frida 绕过 AndroidSSL Pinning
- 2017.07 [4hou] objection - 基于 Frida 的 iOS APP Runtime 探测工具
- 2017.06 [360] 利用FRIDA攻击Android应用程序(四)
- 2017.06 [fitblip] Frida CodeShare: Building a Community of Giants
- 2017.05 [freebuf] 如何在iOS应用程序中用Frida来绕过“越狱检测”?
- 2017.05 [4hou] Android APP破解利器Frida之反调试对抗
- 2017.05 [360] 如何使用Frida绕过iOS应用的越狱检测
- 2017.05 [4hou] Frida:一款可以绕过越狱检测的工具
- 2017.05 [pediy] [翻译]多种特征检测 Frida
- 2017.05 [attify] 如何使用Frida绕过iOS应用的越狱检测
- 2017.05 [pediy] [翻译]OWASP iOS crackme 的教程:使用Frida来解决
- 2017.05 [attify] Bypass Jailbreak Detection with Frida in iOS applications
- 2017.05 [pediy] [翻译]用Frida来hack 安卓应用III—— OWASP UNCRACKABLE 2
- 2017.05 [360] 利用FRIDA攻击Android应用程序(三)
- 2017.04 [codemetrix] Hacking Android apps with FRIDA III - OWASP UnCrackable 2
- 2017.04 [4hou] 安卓APP破解利器Frida之破解实战
- 2017.04 [4hou] 安卓APP破解利器之FRIDA
- 2017.04 [koz] 不用Root就可以在安卓上使用Frida。
- 2017.04 [pediy] [翻译]使用Frida来hack安卓APP(二)-crackme
- 2017.04 [fuping] Android HOOK 技术之Frida的初级使用
- 2017.03 [pediy] [翻译] 使用Frida来hack安卓APP(一)
- 2017.03 [360] 利用FRIDA攻击Android应用程序(二)
- 2017.03 [360] 利用FRIDA攻击Android应用程序(一)
- 2017.03 [notsosecure] 使用 Frida 审计安卓App和安全漏洞
- 2017.03 [codemetrix] 使用Frida Hack安卓App(Part 2)
- 2017.03 [codemetrix] 使用Frida Hack安卓App(Part 1)
- 2017.01 [freebuf] 使用Frida配合Burp Suite追踪API调用
- 2016.09 [PancakeNopcode] r2con 2016 -- oleavr - r2frida
- 2016.09 [n0where] RunPE Extraction Tool: FridaExtract
- [578星][1y] [C++] qbdi/qbdi A Dynamic Binary Instrumentation framework based on LLVM.
- 2019.09 [quarkslab] QBDI 0.7.0
- 2019.07 [freebuf] 教你如何使用QBDI动态二进制检测框架
- 2019.06 [quarkslab] Android Native Library Analysis with QBDI
- 2018.01 [quarkslab] Slaying Dragons with QBDI
- 2018.01 [pentesttoolz] QBDI – QuarkslaB Dynamic binary Instrumentation
- 2018.01 [n0where] QuarkslaB Dynamic binary Instrumentation: QBDI
- [171星][20d] [C] beehive-lab/mambo ARM运行时二进制文件修改工具,低耗版。
- [73星][3y] [Py] carlosgprado/brundlefuzz BrundleFuzz is a distributed fuzzer for Windows and Linux using dynamic binary instrumentation.
- [60星][1y] [C] zhechkoz/pwin Security Evaluation of Dynamic Binary Instrumentation Engines
- [6星][4y] [C++] crackinglandia/exait-plugins Anti-Dynamic binary instrumentation plugins for eXait (
- 2018.08 [4hou] 动态二进制插桩的原理和基本实现过程(一)
- [19766星][3m] [Jupyter Notebook] camdavidsonpilon/probabilistic-programming-and-bayesian-methods-for-hackers aka "Bayesian Methods for Hackers": An introduction to Bayesian methods + probabilistic programming with a computation/understanding-first, mathematics-second point of view. All in pure Python ;)
- [14349星][2m] [Py] corentinj/real-time-voice-cloning Clone a voice in 5 seconds to generate arbitrary speech in real-time
- [11402星][10d] [Java] oracle/graal Run Programs Faster Anywhere
- [11213星][2m] [Jupyter Notebook] selfteaching/the-craft-of-selfteaching One has no future if one couldn't teach themself.
- [10378星][11d] [Go] goharbor/harbor An open source trusted cloud native registry project that stores, signs, and scans content.
- [7748星][10d] [Go] git-lfs/git-lfs Git extension for versioning large files
- [7020星][14d] [Go] nats-io/nats-server High-Performance server for NATS, the cloud native messaging system.
- [6894星][2m] [Go] sqshq/sampler A tool for shell commands execution, visualization and alerting. Configured with a simple YAML file.
- [6454星][9m] [HTML] open-power-workgroup/hospital OpenPower工作组收集汇总的医院开放数据
- [6353星][2m] [Py] seatgeek/fuzzywuzzy Fuzzy String Matching in Python
- [6055星][7m] [JS] haotian-wang/google-access-helper 谷歌访问助手破解版
- [5876星][3m] [Gnuplot] nasa-jpl/open-source-rover A build-it-yourself, 6-wheel rover based on the rovers on Mars!
- [5829星][7m] [JS] sindresorhus/fkill-cli Fabulously kill processes. Cross-platform.
- [5753星][18d] [Go] casbin/casbin An authorization library that supports access control models like ACL, RBAC, ABAC in Golang
- [5751星][9m] [C] xoreaxeaxeax/movfuscator C编译器,编译的二进制文件只有1个代码块。
- [5717星][28d] [JS] swagger-api/swagger-editor Swagger Editor
- [5420星][12d] [Py] mlflow/mlflow Open source platform for the machine learning lifecycle
- [5229星][4m] [Py] ytisf/thezoo A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.
- [5226星][13d] [Shell] denisidoro/navi An interactive cheatsheet tool for the command-line
- [5116星][11d] [ASP] hq450/fancyss fancyss is a project providing tools to across the GFW on asuswrt/merlin based router.
- [5007星][2m] [Py] snare/voltron A hacky debugger UI for hackers
- [4857星][13d] [Go] gcla/termshark A terminal UI for tshark, inspired by Wireshark
- [4810星][8m] [Py] 10se1ucgo/disablewintracking Uses some known methods that attempt to minimize tracking in Windows 10
- [4747星][8d] [C++] paddlepaddle/paddle-lite Multi-platform high performance deep learning inference engine (『飞桨』多平台高性能深度学习预测引擎)
- [4651星][13d] powershell/win32-openssh Win32 port of OpenSSH
- [4610星][1y] [C] upx/upx UPX - the Ultimate Packer for eXecutables
- [4600星][12m] [Py] ecthros/uncaptcha2 defeating the latest version of ReCaptcha with 91% accuracy
- [4597星][12d] [C++] mozilla/rr 记录与重放App的调试执行过程
- [4541星][4m] [TS] apis-guru/graphql-voyager
- [4352星][1y] [Py] lennylxx/ipv6-hosts Fork of
- [4314星][15d] [Rust] timvisee/ffsend Easily and securely share files from the command line
- [4258星][12m] [JS] butterproject/butter-desktop All the free parts of Popcorn Time
- [4174星][2y] forter/security-101-for-saas-startups 初学者安全小窍门
- [4062星][3m] [Java] jesusfreke/smali smali/baksmali
- [4060星][2m] [JS] sigalor/whatsapp-web-reveng WhatsApp Web API逆向与重新实现
- [4003星][11d] [Go] dexidp/dex OpenID Connect Identity (OIDC) and OAuth 2.0 Provider with Pluggable Connectors
- [3980星][1m] [Rust] svenstaro/genact a nonsense activity generator
- [3960星][11d] [Py] angr/angr A powerful and user-friendly binary analysis platform!
- [3954星][16d] [Go] eranyanay/1m-go-websockets handling 1M websockets connections in Go
- [3939星][15d] [C] aquynh/capstone Capstone disassembly/disassembler framework: Core (Arm, Arm64, BPF, EVM, M68K, M680X, MOS65xx, Mips, PPC, RISCV, Sparc, SystemZ, TMS320C64x, Web Assembly, X86, X86_64, XCore) + bindings.
- [3908星][12d] [C++] baldurk/renderdoc RenderDoc is a stand-alone graphics debugging tool.
- [3844星][2m] [ObjC] sveinbjornt/sloth Mac app that shows all open files, directories and sockets in use by all running processes. Nice GUI for lsof.
- [3773星][25d] jjqqkk/chromium Chromium browser with SSL VPN. Use this browser to unblock websites.
- [3768星][2m] [Go] microsoft/ethr Ethr is a Network Performance Measurement Tool for TCP, UDP & HTTP.
- [3749星][12d] [Go] hashicorp/consul-template Template rendering, notifier, and supervisor for
- [3690星][21d] [JS] lesspass/lesspass
- [3688星][29d] [HTML] hamukazu/lets-get-arrested This project is intended to protest against the police in Japan
- [3669星][1y] [Py] misterch0c/shadowbroker 方程式最新泄露
- [3627星][26d] [HTML] consensys/smart-contract-best-practices A guide to smart contract security best practices
- [3608星][9d] [Pascal] cheat-engine/cheat-engine Cheat Engine. A development environment focused on modding
- [3597星][2y] [C#] nummer/destroy-windows-10-spying Destroy Windows Spying tool
- [3597星][3y] [Perl] x0rz/eqgrp Decrypted content of eqgrp-auction-file.tar.xz
- [3538星][5m] [Shell] chengr28/revokechinacerts Revoke Chinese certificates.
- [3505星][16d] [C] cyan4973/xxhash Extremely fast non-cryptographic hash algorithm
- [3451星][19d] [C] mikebrady/shairport-sync AirPlay audio player. Shairport Sync adds multi-room capability with Audio Synchronisation
- [3320星][2y] scanate/ethlist The Comprehensive Ethereum Reading List
- [3306星][19d] [C] microsoft/windows-driver-samples This repo contains driver samples prepared for use with Microsoft Visual Studio and the Windows Driver Kit (WDK). It contains both Universal Windows Driver and desktop-only driver samples.
- [3295星][15d] [JS] koenkk/zigbee2mqtt Zigbee
- [3289星][15d] [C] virustotal/yara The pattern matching swiss knife
- [3280星][29d] [Java] oldmanpushcart/greys-anatomy Java诊断工具
- [3259星][5y] [C++] google/lmctfy lmctfy is the open source version of Google’s container stack, which provides Linux application containers.
- [3243星][14d] [Shell] gfw-breaker/ssr-accounts 一键部署Shadowsocks服务;免费Shadowsocks账号分享;免费SS账号分享; 翻墙;无界,自由门,SquirrelVPN
- [3233星][25d] [C] tmate-io/tmate Instant Terminal Sharing
- [3219星][2m] [TS] google/incremental-dom An in-place DOM diffing library
- [3202星][1y] [Shell] toyodadoubi/doubi 一个逗比写的各种逗比脚本~
- [3188星][11d] [C] meetecho/janus-gateway Janus WebRTC Server
- [3131星][2m] [CSS] readthedocs/sphinx_rtd_theme Sphinx theme for readthedocs.org
- [3129星][13d] [C] qemu/qemu Official QEMU mirror. Please see
- [3120星][11d] [Go] tencent/bk-cmdb 蓝鲸智云配置平台(BlueKing CMDB)
- [3108星][1m] [C] unicorn-engine/unicorn Unicorn CPU emulator framework (ARM, AArch64, M68K, Mips, Sparc, X86)
- [3066星][1y] [Swift] zhuhaow/spechtlite A rule-based proxy for macOS
- [3052星][4m] [C++] google/robotstxt The repository contains Google's robots.txt parser and matcher as a C++ library (compliant to C++11).
- [3010星][1y] [PHP] owner888/phpspider 《我用爬虫一天时间“偷了”知乎一百万用户,只为证明PHP是世界上最好的语言 》所使用的程序
- [2993星][18d] [Py] quantaxis/quantaxis 支持任务调度 分布式部署的 股票/期货/自定义市场 数据/回测/模拟/交易/可视化 纯本地PAAS量化解决方案
- [2980星][14d] [ObjC] google/santa 用于Mac系统的二进制文件白名单/黑名单系统
- [2948星][1m] [C] libfuse/sshfs A network filesystem client to connect to SSH servers
- [2898星][8m] [C] p-h-c/phc-winner-argon2 The password hash Argon2, winner of PHC
- [2887星][4y] [ObjC] maciekish/iresign iReSign allows iDevice app bundles (.ipa) files to be signed or resigned with a digital certificate from Apple for distribution. This tool is aimed at enterprises users, for enterprise deployment, when the person signing the app is different than the person(s) developing it.
- [2872星][14d] [C] lxc/lxc LXC - Linux Containers
- [2854星][1m] [Py] espressif/esptool ESP8266 and ESP32 serial bootloader utility
- [2848星][6m] [Py] instantbox/instantbox Get a clean, ready-to-go Linux box in seconds.
- [2833星][2m] [Assembly] cirosantilli/x86-bare-metal-examples 几十个用于学习 x86 系统编程的小型操作系统
- [2815星][20d] [C] processhacker/processhacker A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware.
- [2808星][10m] [Py] plasma-disassembler/plasma Plasma is an interactive disassembler for x86/ARM/MIPS. It can generates indented pseudo-code with colored syntax.
- [2789星][13d] [C++] qtox/qtox qTox is a chat, voice, video, and file transfer IM client using the encrypted peer-to-peer Tox protocol.
- [2772星][2m] [JS] trufflesuite/ganache-cli Fast Ethereum RPC client for testing and development
- [2760星][10d] [TS] webhintio/hint
- [2718星][3m] [Py] drivendata/cookiecutter-data-science A logical, reasonably standardized, but flexible project structure for doing and sharing data science work.
- [2687星][11d] [Go] adguardteam/adguardhome Network-wide ads & trackers blocking DNS server
- [2631星][8m] leandromoreira/linux-network-performance-parameters Learn where some of the network sysctl variables fit into the Linux/Kernel network flow
- [2627星][23d] [JS] popcorn-official/popcorn-desktop Popcorn Time is a multi-platform, free software BitTorrent client that includes an integrated media player. Desktop ( Windows / Mac / Linux ) a Butter-Project Fork
- [2621星][2m] pditommaso/awesome-pipeline A curated list of awesome pipeline toolkits inspired by Awesome Sysadmin
- [2619星][2m] [Swift] zhuhaow/nekit A toolkit for Network Extension Framework
- [2615星][1m] [JS] knownsec/kcon KCon is a famous Hacker Con powered by Knownsec Team.
- [2587星][10d] [C] esnet/iperf A TCP, UDP, and SCTP network bandwidth measurement tool
- [2580星][8y] [C] id-software/quake Quake GPL Source Release
- [2535星][3m] [Java] jboss-javassist/javassist Java bytecode engineering toolkit
- [2478星][11m] [JS] weixin/miaow A set of plugins for Sketch include drawing links & marks, UI Kit & Color sync, font & text replacing.
- [2474星][25d] [JS] vitaly-t/pg-promise PostgreSQL interface for Node.js
- [2456星][3y] [Py] google/enjarify 将Dalvik字节码转换为对应的Java字节码
- [2395星][3y] [OCaml] facebookarchive/pfff 一堆工具的集合,用于执行静态分析、代码可视化、代码导航、保持格式的源码转换(例如:源码重构)。完美支持C、Java、JS、PHP,后续将支持其他一大堆语言。
- [2391星][21d] [Java] mock-server/mockserver MockServer enables easy mocking of any system you integrate with via HTTP or HTTPS with clients written in Java, JavaScript and Ruby. MockServer also includes a proxy that introspects all proxied traffic including encrypted SSL traffic and supports Port Forwarding, Web Proxying (i.e. HTTP proxy), HTTPS Tunneling Proxying (using HTTP CONNECT) and…
- [2364星][10d] [C] domoticz/domoticz monitor and configure various devices like: Lights, Switches, various sensors/meters like Temperature, Rain, Wind, UV, Electra, Gas, Water and much more
- [2345星][4m] [Go] vuvuzela/vuvuzela Private messaging system that hides metadata
- [2344星][16d] [C] tsl0922/ttyd Share your terminal over the web
- [2340星][2m] [JS] pa11y/pa11y Pa11y is your automated accessibility testing pal
- [2321星][5y] [C] abrasive/shairport Airtunes emulator! Shairport is no longer maintained.
- [2305星][2m] [C] moby/hyperkit A toolkit for embedding hypervisor capabilities in your application
- [2301星][3y] [Py] lmacken/pyrasite 向运行中的 Python进程注入代码
- [2286星][1m] [JS] talkingdata/inmap 大数据地理可视化
- [2260星][13d] dumb-password-rules/dumb-password-rules Shaming sites with dumb password rules.
- [2217星][14d] [Go] google/mtail extract whitebox monitoring data from application logs for collection in a timeseries database
- [2214星][18d] getlantern/lantern-binaries Lantern installers binary downloads.
- [2211星][1m] [C++] google/bloaty Bloaty McBloatface: a size profiler for binaries
- [2194星][13d] [C] armmbed/mbedtls An open source, portable, easy to use, readable and flexible SSL library
- [2137星][19d] [Assembly] pret/pokered disassembly of Pokémon Red/Blue
- [2132星][20d] goq/telegram-list List of telegram groups, channels & bots // Список интересных групп, каналов и ботов телеграма // Список чатов для программистов
- [2093星][10d] [C] flatpak/flatpak Linux application sandboxing and distribution framework
- [2092星][26d] swiftonsecurity/sysmon-config Sysmon configuration file template with default high-quality event tracing
- [2080星][2m] [Go] theupdateframework/notary Notary is a project that allows anyone to have trust over arbitrary collections of data
- [2053星][4m] [Go] maxmcd/webtty Share a terminal session over WebRTC
- [2053星][24d] [C#] mathewsachin/captura Capture Screen, Audio, Cursor, Mouse Clicks and Keystrokes
- [2052星][13d] [C++] openthread/openthread OpenThread released by Google is an open-source implementation of the Thread networking protocol
- [2031星][10m] [C] dekunukem/nintendo_switch_reverse_engineering A look at inner workings of Joycon and Nintendo Switch
- [2005星][4y] [C] probablycorey/wax Wax is now being maintained by alibaba
- [2003星][2m] [C++] asmjit/asmjit Complete x86/x64 JIT and AOT Assembler for C++
- [1998星][2m] [Swift] github/softu2f Software U2F authenticator for macOS
- [1955星][11d] [Go] solo-io/gloo An Envoy-Powered API Gateway
- [1949星][17d] [C] microsoft/procdump-for-linux Linux 版本的 ProcDump
- [1944星][3y] [C#] lazocoder/windows-hacks Creative and unusual things that can be done with the Windows API.
- [1930星][22d] [C++] mhammond/pywin32 Python for Windows (pywin32) Extensions
- [1907星][18d] [Go] minishift/minishift Run OpenShift 3.x locally
- [1899星][25d] [C++] acidanthera/lilu Arbitrary kext and process patching on macOS
- [1893星][5y] [C++] tum-vision/lsd_slam LSD-SLAM
- [1877星][25d] [Java] adoptopenjdk/jitwatch Log analyser / visualiser for Java HotSpot JIT compiler. Inspect inlining decisions, hot methods, bytecode, and assembly. View results in the JavaFX user interface.
- [1864星][4y] [ObjC] xcodeghostsource/xcodeghost "XcodeGhost" Source
- [1863星][10d] [C++] pytorch/glow Compiler for Neural Network hardware accelerators
- [1859星][12m] [C++] googlecreativelab/open-nsynth-super Open NSynth Super is an experimental physical interface for the NSynth algorithm
- [1854星][19d] [C] github/glb-director GitHub Load Balancer Director and supporting tooling.
- [1852星][1y] [Py] jinnlynn/genpac PAC/Dnsmasq/Wingy file Generator, working with gfwlist, support custom rules.
- [1851星][1y] [Java] yeriomin/yalpstore Download apks from Google Play Store
- [1848星][9m] [Py] netflix-skunkworks/stethoscope Personalized, user-focused recommendations for employee information security.
- [1846星][3m] [C] retroplasma/earth-reverse-engineering Reversing Google's 3D satellite mode
- [1837星][3m] [Go] influxdata/kapacitor Open source framework for processing, monitoring, and alerting on time series data
- [1827星][13d] [Py] trailofbits/manticore 动态二进制分析工具,支持符号执行(symbolic execution)、污点分析(taint analysis)、运行时修改。
- [1816星][29d] [Go] gdamore/tcell Tcell is an alternate terminal package, similar in some ways to termbox, but better in others.
- [1786星][1m] [C++] apitrace/apitrace Tools for tracing OpenGL, Direct3D, and other graphics APIs
- [1781星][26d] [PHP] ezyang/htmlpurifier Standards compliant HTML filter written in PHP
- [1779星][29d] 17mon/china_ip_list
- [1771星][3y] [ObjC] alibaba/wax Wax is a framework that lets you write native iPhone apps in Lua.
- [1761星][1y] [JS] puppeteer/examples Use case-driven examples for using Puppeteer and headless chrome
- [1761星][13d] [C] google/wuffs Wrangling Untrusted File Formats Safely
- [1756星][16d] [PHP] wordpress/wordpress-coding-standards PHP_CodeSniffer rules (sniffs) to enforce WordPress coding conventions
- [1727星][8d] [TSQL] brentozarultd/sql-server-first-responder-kit sp_Blitz, sp_BlitzCache, sp_BlitzFirst, sp_BlitzIndex, and other SQL Server scripts for health checks and performance tuning.
- [1722星][4m] [Py] anorov/cloudflare-scrape A Python module to bypass Cloudflare's anti-bot page.
- [1714星][1m] [Go] hashicorp/memberlist Golang package for gossip based membership and failure detection
- [1698星][21d] [C++] microsoft/detours Detours is a software package for monitoring and instrumenting API calls on Windows. It is distributed in source code form.
- [1694星][3y] [CoffeeScript] okturtles/dnschain A blockchain-based DNS + HTTP server that fixes HTTPS security, and more!
- [1676星][10d] [Java] apache/geode Apache Geode
- [1672星][7m] [C] easyhook/easyhook The reinvention of Windows API Hooking
- [1668星][3m] [Py] boppreh/keyboard Hook and simulate global keyboard events on Windows and Linux.
- [1665星][4y] [Java] dodola/hotfix 安卓App热补丁动态修复框架
- [1659星][25d] [JS] tylerbrock/mongo-hacker MongoDB Shell Enhancements for Hackers
- [1650星][13d] sarojaba/awesome-devblog 어썸데브블로그. 국내 개발 블로그 모음(only 실명으로).
- [1637星][12d] [JS] efforg/privacybadger Privacy Badger is a browser extension that automatically learns to block invisible trackers.
- [1624星][9m] [JS] localtunnel/server server for localtunnel.me
- [1620星][16d] [C++] lief-project/lief Library to Instrument Executable Formats
- [1616星][2y] [JS] addyosmani/a11y Accessibility audit tooling for the web (beta)
- [1592星][2m] [ObjC] ealeksandrov/provisionql Quick Look plugin for apps and provisioning profile files
- [1584星][1y] [C] qihoo360/phptrace A tracing and troubleshooting tool for PHP scripts.
- [1572星][1m] [C] codahale/bcrypt-ruby Ruby binding for the OpenBSD bcrypt() password hashing algorithm, allowing you to easily store a secure hash of your users' passwords.
- [1562星][1m] [C] p-gen/smenu Terminal utility that reads words from standard input or from a file and creates an interactive selection window just below the cursor. The selected word(s) are sent to standard output for further processing.
- [1562星][19d] [Java] gchq/gaffer A large-scale entity and relation database supporting aggregation of properties
- [1540星][2y] [C++] hteso/iaito Radare2 GUI,使用Qt和C++
- [1015星][3y] [C++] aguinet/wannakey XP 系统从内存中恢复 Wanacry 最初使用 RSA 私钥(要求主机感染后未重启)
- [966星][7m] [PHP] jenssegers/optimus id transformation With this library, you can transform your internal id's to obfuscated integers based on Knuth's integer has和
- [906星][7m] [C++] dfhack/dfhack Memory hacking library for Dwarf Fortress and a set of tools that use it
- [895星][12m] [JS] levskaya/jslinux-deobfuscated An old version of Mr. Bellard's JSLinux rewritten to be human readable, hand deobfuscated and annotated.
- [706星][1y] [Jupyter Notebook] anishathalye/obfuscated-gradients Obfuscated Gradients Give a False Sense of Security: Circumventing Defenses to Adversarial Examples
- [658星][10m] [Jupyter Notebook] supercowpowers/data_hacking Data Hacking Project
- [657星][1y] [Rust] endgameinc/xori Xori is an automation-ready disassembly and static analysis library for PE32, 32+ and shellcode
- [637星][21d] [PS] olafhartong/sysmon-modular sysmon配置模块收集
- [587星][6m] nshalabi/sysmontools Utilities for Sysmon
- [568星][11m] [JS] raineorshine/solgraph Visualize Solidity control flow for smart contract security analysis.
- [551星][3y] [Makefile] veficos/reverse-engineering-for-beginners translate project of Drops
- [523星][2m] mhaggis/sysmon-dfir Sources, configuration and how to detect evil things utilizing Microsoft Sysmon.
- [522星][4m] [Java] java-deobfuscator/deobfuscator Java 代码反混淆工具
- [507星][8m] [JS] mindedsecurity/jstillery Advanced JavaScript Deobfuscation via Partial Evaluation
- [480星][1y] ksluckow/awesome-symbolic-execution A curated list of awesome symbolic execution resources including essential research papers, lectures, videos, and tools.
- [449星][12m] [C++] ntquery/scylla Imports Reconstructor
- [447星][3m] [Go] retroplasma/flyover-reverse-engineering Reversing Apple's 3D satellite mode
- [446星][11m] [Batchfile] ion-storm/sysmon-config Advanced Sysmon configuration, Installer & Auto Updater with high-quality event tracing
- [437星][2y] [PS] danielbohannon/revoke-obfuscation PowerShell Obfuscation Detection Framework
- [408星][2y] [Py] fossfreedom/indicator-sysmonitor Ubuntu application indicator to show various system parameters
- [408星][19d] [Py] crytic/slither Static Analyzer for Solidity
- [383星][1y] [HTML] maestron/reverse-engineering-tutorials Reverse Engineering Tutorials
- [366星][10y] [C] brl/obfuscated-openssh strengthens the initial SSH handshake against systems that identify or classify various network protocols by examining data in transit for static signatures
- [344星][1y] [Ruby] calebfenton/dex-oracle A pattern based Dalvik deobfuscator which uses limited execution to improve semantic analysis
- [308星][25d] [Py] baderj/domain_generation_algorithms 域名生成算法
- [306星][2m] [C] nagyd/sdlpop An open-source port of Prince of Persia, based on the disassembly of the DOS version.
- [291星][28d] [C] tomb5/tomb5 Chronicles Disassembly translated to C source code.
- [265星][3m] [Assembly] pret/pokeyellow Disassembly of Pokemon Yellow
- [240星][4m] [JS] consensys/surya A set of utilities for exploring Solidity contracts
- [224星][2y] [Py] rub-syssec/syntia Program synthesis based deobfuscation framework for the USENIX 2017 paper "Syntia: Synthesizing the Semantics of Obfuscated Code"
- [214星][2m] [Py] rpisec/llvm-deobfuscator
- [211星][12m] [Java] neo23x0/fnord Pattern Extractor for Obfuscated Code
- [198星][1m] [F#] b2r2-org/b2r2 B2R2 is a collection of useful algorithms, functions, and tools for binary analysis.
- [194星][3y] [C#] codeshark-dev/nofuserex Free deobfuscator for ConfuserEx.
- [180星][3m] [Py] eth-sri/debin Machine Learning to Deobfuscate Binaries
- [174星][2y] [C] geosn0w/reverse-engineering-tutorials Some Reverse Engineering Tutorials for Beginners
- [169星][1y] [PS] mattifestation/pssysmontools Sysmon Tools for PowerShell
- [164星][2m] [JS] lelinhtinh/de4js JavaScript Deobfuscator and Unpacker
- [158星][6m] [C] kkamagui/shadow-box-for-x86 Lightweight and Practical Kernel Protector for x86 (Presented at BlackHat Asia 2017/2018, beVX 2018 and HITBSecConf 2017)
- [151星][9m] [C] adrianyy/eacreversing Reversing EasyAntiCheat.
- [148星][6m] olafhartong/sysmon-cheatsheet All sysmon event types and their fields explained
- [144星][2m] [Java] superblaubeere27/obfuscator A java obfuscator (GUI)
- [140星][12m] [C++] finixbit/elf-parser Lightweight elf binary parser with no external dependencies - Sections, Symbols, Relocations, Segments
- [139星][7m] [C] glv2/bruteforce-wallet Try to find the password of an encrypted Peercoin (or Bitcoin, Litecoin, etc...) wallet file.
- [137星][4y] [C] xairy/kaslr-bypass-via-prefetch A proof-of-concept KASLR bypass for the Linux kernel via timing prefetch (dilettante implementation, better read the original paper:
- [134星][1y] [PS] darkoperator/posh-sysmon PowerShell module for creating and managing Sysinternals Sysmon config files.
- [129星][3y] [Swift] magic-akari/wannacry
- [122星][1y] [PS] mattifestation/bhusa2018_sysmon All materials from our Black Hat 2018 "Subverting Sysmon" talk
- [119星][5m] [C#] akaion/jupiter A Windows virtual memory editing library with support for pattern scanning.
- [118星][2y] [Py] malus-security/sandblaster Reversing the Apple sandbox
- [117星][4m] [PS] thom-s/netsec-ps-scripts Collection of PowerShell network security scripts for system administrators.
- [114星][4m] we5ter/flerken A Solution For Cross-Platform Obfuscated Commands Detection
- [111星][2y] [Py] cfsworks/wavebird-reversing Reverse-engineering the WaveBird protocol for the betterment of mankind
- [109星][1y] [Shell] jgamblin/blackhat-macos-config Configure Your Macbook For Blackhat
- [109星][8m] [C#] virb3/de4dot-cex de4dot deobfuscator with full support for vanilla ConfuserEx
- [108星][3y] ios-reverse-engineering-dev/swift-apps-reverse-engineering Swift Apps Reverse Engineering reading book
- [107星][4m] [C#] matterpreter/shhmon Neutering Sysmon via driver unload
- [106星][4m] [Go] bnagy/gapstone gapstone is a Go binding for the capstone disassembly library
- [99星][4m] [C++] marcosd4h/sysmonx An Augmented Drop-In Replacement of Sysmon
- [98星][1y] [C#] holly-hacker/eazfixer A deobfuscation tool for Eazfuscator.
- [97星][3y] [Py] fdiskyou/kcshell 交互式汇编/反汇编 Shell,Python3编写,基于Keystone/Capstone
- [97星][11d] [PHP] cybercog/laravel-optimus Transform your internal id's to obfuscated integers based on Knuth's integer hash.
- [88星][2y] [PS] danielbohannon/out-fincodedcommand POC Highlighting Obfuscation Techniques used by FIN threat actors based on cmd.exe's replace functionality and cmd.exe/powershell.exe's stdin command invocation capabilities
- [85星][11m] [C++] basketwill/sysmon_reverse
- [82星][4m] blockchainlabsnz/awesome-solidity A curated list of awesome Solidity resources
- [80星][4m] sbousseaden/panache_sysmon A Sysmon Config for APTs Techniques Detection
- [79星][5m] [Assembly] thecodeartist/elf-parser Identifying/Extracting various sections of an ELF file
- [70星][3y] [Py] antelox/fopo-php-deobfuscator A simple script to deobfuscate PHP file obfuscated with FOPO Obfuscator -
- [68星][5m] splunk/ta-microsoft-sysmon TA-microsoft-sysmon
- [67星][2y] [Py] sapir/sonare A Qt-based disassembly viewer based on radare2
- [64星][11m] [Zeek] salesforce/bro-sysmon How to Zeek Sysmon Logs!
- [60星][1y] [Java] java-deobfuscator/deobfuscator-gui An awesome GUI for an awesome deobfuscator
- [60星][4y] [Objective-C++] steven-michaud/reverse-engineering-on-osx Reverse Engineering on OS X
- [56星][1y] [Nix] dapphub/ds-auth Updatable, unobtrusive Solidity authorization pattern
- [56星][7m] [TS] geeksonsecurity/illuminatejs IlluminateJs is a static JavaScript deobfuscator
- [55星][5m] basketwill/z0bpctools 一个windows反汇编工具,界面风格防OllyDbg 利用业余开发了一款类似仿OLlyDbg界面的 IDA静态反编译工具,目前是1.0版本,功能不是很强大但是基本功能有了
- [55星][2y] [TeX] season-lab/survey-symbolic-execution 对有关符号执行相关工具和技术的调查
- [55星][3m] [C] resilar/crchack Reversing CRC for fun and profit
- [53星][7y] [C++] eschweiler/proreversing Open and generic Anti-Anti Reversing Framework. Works in 32 and 64 bits.
- [53星][3y] [PS] elevenpaths/telefonica-wannacry-filerestorer Tool to restore some WannaCry files which encryption weren't finish properly
- [52星][1m] [C] danielkrupinski/vac Source code of Valve Anti-Cheat obtained from disassembly of compiled modules
- [52星][11m] [Assembly] pret/pokepinball disassembly of pokémon pinball
- [50星][2y] [JS] ericr/sol-function-profiler Solidity Contract Function Profiler
- [50星][2y] [Py] sfwishes/ollvm_de_fla deobfuscation ollvm's fla
- [47星][5y] jameshabben/sysmon-queries Queries to parse sysmon event log file with microsoft logparser
- [47星][7m] [C++] talvos/talvos Talvos is a dynamic-analysis framework and debugger for Vulkan/SPIR-V programs.
- [45星][14d] [Assembly] drenn1/oracles-disasm Disassembly of Oracle of Ages and Seasons
- [45星][2m] [Lua] dsasmblr/cheat-engine Cheat Engine scripts, tutorials, tools, and more.
- [41星][2y] [C] cocoahuke/mackextdump mackextdump:从macOS中dump Kext信息
- [40星][3m] jsecurity101/windows-api-to-sysmon-events A repository that maps API calls to Sysmon Event ID's.
- [39星][1y] [Py] dissectmalware/batch_deobfuscator Deobfuscate batch scripts obfuscated using string substitution and escape character techniques.
- [38星][5m] [Assembly] marespiaut/rayman_disasm Reverse-engineering effort for the 1995 MS-DOS game “Rayman”
- [36星][2y] [Py] extremecoders-re/bytecode_simplifier A generic deobfuscator for PjOrion obfuscated python scripts
- [36星][2y] [Py] extremecoders-re/pjorion-deobfuscator A deobfuscator for PjOrion, python cfg generator and more
- [36星][3y] [C++] steven-michaud/sandboxmirror Tool for reverse-engineering Apple's sandbox
- [35星][4y] [C#] bnagy/crabstone crabstone is a Ruby binding to the capstone disassembly library by Nguyen Anh Quynh
- [35星][3y] [C] topcss/wannacry 勒索病毒WannaCry反编译源码
- [34星][6y] [JS] michenriksen/hackpad A web application hacker's toolbox. Base64 encoding/decoding, URL encoding/decoding, MD5/SHA1/SHA256/HMAC hashing, code deobfuscation, formatting, highlighting and much more.
- [33星][1y] [ObjC] jakeajames/reverse-engineering nothing important
- [32星][1y] mhaggis/sysmon-splunk-app Sysmon Splunk App
- [31星][3y] mhaggis/app_splunk_sysmon_hunter Splunk App to assist Sysmon Threat Hunting
- [31星][4y] [Pascal] pigrecos/codedeobfuscator Code Deobfuscator
- [29星][2y] [C++] nuand/kalibrate-bladerf kalibrate-bladeRF
- [27星][2m] [JS] b-mueller/sabre Security analyzer for Solidity smart contracts. Uses MythX, the premier smart contract security service.
- [27星][2m] [C] usineur/sdlpop An open-source port of Prince of Persia, based on the disassembly of the DOS version.
- [24星][5y] [JS] vector35/hackinggames Hacking Games in a Hacked Game
- [22星][2y] [Py] zigzag2050/mzphp2-deobfuscator A de-obfuscate tool for code generated by mzphp2. 用于解混淆mzphp2加密的php文件的工具。
- [21星][1y] [Lua] yoshifan/ram-watch-cheat-engine Lua script framework for RAM watch displays using Cheat Engine, with a focus on Dolphin emulator.
- [21星][2m] [Py] verabe/veriman Analysis tool for Solidity smart contracts. Prototype.
- [20星][1y] [Batchfile] olafhartong/ta-sysmon-deploy Deploy and maintain Symon through the Splunk Deployment Sever
- [1534星][3y] [Py] x0rz/eqgrp_lost_in_translation ShadowBrokers泄漏
- [669星][3y] [Py] n1nj4sec/memorpy Python库, 使用ctypes搜索/编辑 Windows / Linux / macOS / SunOS 程序内存
- [159星][5y] [C#] radiowar/nfcgui 图形化NFC协议安全分析工具,主要针对Mifare卡,基于libnfc完成
- [534星][12d] [Py] angr/angr-doc Documentation for the angr suite
- [305星][2m] [Py] salls/angrop a rop gadget finder and chain builder
- [246星][2y] [Py] jakespringer/angr_ctf
- [197星][18d] [Py] angr/angr-management A GUI for angr. Being developed very slowly.
- [195星][2y] [PS] vysecurity/angrypuppy Bloodhound Attack Path Automation in CobaltStrike
- [169星][2y] [HTML] ihebski/angryfuzzer Tools for information gathering
- [122星][1y] [Py] axt/angr-utils Handy utilities for the angr binary analysis framework, most notably CFG visualization
- [115星][6m] [Py] andreafioraldi/angrgdb Use angr inside GDB. Create an angr state from the current debugger state.
- [106星][1y] [Py] sidechannelmarvels/jeangrey A tool to perform differential fault analysis attacks (DFA).
- [91星][1y] [Py] fsecurelabs/z3_and_angr_binary_analysis_workshop Code and exercises for a workshop on z3 and angr
- [64星][17d] [Shell] angr/angr-dev Some helper scripts to set up an environment for angr development.
- [64星][7m] [Assembly] cdisselkoen/pitchfork Detecting Spectre vulnerabilities using symbolic execution, built on angr (github.com/angr/angr)
- [61星][4y] [Shell] praetorian-code/epictreasure radare, angr, pwndbg, binjitsu, ect in a box ready for pwning
- [47星][25d] [Py] ercoppa/symbolic-execution-tutorial Tutorial on Symbolic Execution. Hands-on session is based on the angr framework.
- [33星][14d] [Py] angr/angr-platforms A collection of extensions to angr to handle new platforms
- [30星][12d] [C] angr/binaries A repository with binaries for angr tests and examples.
- [24星][7m] [Py] andreafioraldi/r2angrdbg 在 radare2 调试器中使用 angr
- [23星][2y] [Py] fabros/angr-antievasion Final project for the M.Sc. in Engineering in Computer Science at Università degli Studi di Roma "La Sapienza" (A.Y. 2016/2017).
- [23星][4y] bannsec/angr-windows Windows builds for use with angr framework
- [22星][23d] [Py] fmagin/angr-cli Repo for various angr ipython features to give it more of a cli feeling
- [20星][2y] [PS] mdsecactivebreach/angrypuppy Bloodhound Attack Path Automation in CobaltStrike
- [19星][2y] [Py] brandon-everhart/angryida 在IDA中集成angr二进制分析框架
- 重复区段: IDA->插件->导入导出->未分类 |
- [12星][1y] [Py] ash09/angr-static-analysis-for-vuzzer64 Angr-based static analysis tool for vusec/vuzzer64 fuzzing tool
- [11星][3y] [Py] n00py/angryhippo Exploiting the HippoConnect protocol for HippoRemote
- [8星][1y] [C] shellphish/patcherex please go to angr/patcherex instead of this!
- [8星][3y] [C++] project64/angrylion-rdp
- [3星][2y] [Py] futaki-futaba/angr-sample angr 7向けのサンプルプログラムです
- 2016.04 [] Solving kao's toy project with symbolic execution and angr
- 2016.02 [theobsidiantower] Angr and me
- 2014.08 [3xp10it] angr解题
- 2014.08 [3xp10it] angr解题
- [1544星][6y] [Py] google/pyringe Debugger capable of attaching to and injecting code into python processes.
- [1450星][10d] [Go] google/gapid Graphics API Debugger
- [1422星][17d] [C++] eteran/edb-debugger edb is a cross platform AArch32/x86/x86-64 debugger.
- [1413星][19d] [Go] cosmos72/gomacro Interactive Go interpreter and debugger with REPL, Eval, generics and Lisp-like macros
- [1374星][4y] [C++] valvesoftware/vogl OpenGL capture / playback debugger.
- [1275星][4m] [Go] solo-io/squash The debugger for microservices
- [1147星][5m] [C++] cgdb/cgdb Console front-end to the GNU debugger
- [1128星][20d] [C] blacksphere/blackmagic In application debugger for ARM Cortex microcontrollers.
- [899星][10d] [Py] derekselander/lldb A collection of LLDB aliases/regexes and Python scripts to aid in your debugging sessions
- [836星][8d] [C++] tasvideos/bizhawk BizHawk is a multi-system emulator written in C#. BizHawk provides nice features for casual gamers such as full screen, and joypad support in addition to full rerecording and debugging tools for all system cores.
- [708星][2y] [Go] sidkshatriya/dontbug Dontbug is a reverse debugger for PHP
- [627星][3y] [C] chokepoint/azazel Azazel is a userland rootkit based off of the original LD_PRELOAD technique from Jynx rootkit. It is more robust and has additional features, and focuses heavily around anti-debugging and anti-detection.
- [573星][4y] [C++] microsoft/iediagnosticsadapter IE Diagnostics Adapter is a standalone exe that enables tools to debug and diagnose IE11 using the Chrome remote debug protocol.
- [560星][21d] [C#] microsoft/miengine The Visual Studio MI Debug Engine ("MIEngine") provides an open-source Visual Studio Debugger extension that works with MI-enabled debuggers such as gdb, lldb, and clrdbg.
- [521星][1y] [C] wubingzheng/memleax debugs memory leak of running process. Not maintained anymore, try
libleak
please. - [462星][5m] [C++] emoon/prodbg Debugging the way it's meant to be done
- [430星][4y] [C] alonho/pytrace pytrace is a fast python tracer. it records function calls, arguments and return values. can be used for debugging and profiling.
- [423星][4m] [C++] cobaltfusion/debugviewpp DebugView++, collects, views, filters your application logs, and highlights information that is important to you!
- [418星][26d] [C++] simonkagstrom/kcov Code coverage tool for compiled programs, Python and Bash which uses debugging information to collect and report data without special compilation options
- [377星][1m] [Py] pdbpp/pdbpp pdb++, a drop-in replacement for pdb (the Python debugger)
- [354星][2y] [C++] glsl-debugger/glsl-debugger GLSL source level debugger.
- [354星][8y] [Py] openrce/pydbg A pure-python win32 debugger interface.
- [332星][8m] [Py] romanvm/python-web-pdb Web-based remote UI for Python's PDB debugger
- [306星][21d] [Java] widdix/aws-s3-virusscan Free Antivirus for S3 Buckets
- [291星][12d] [Py] sosreport/sos A unified tool for collecting system logs and other debug information
- [289星][3y] [C++] develbranch/tinyantivirus TinyAntivirus is an open source antivirus engine designed for detecting polymorphic virus and disinfecting it.
- [288星][2y] [Java] cnfree/eclipse-class-decompiler Eclipse Class Decompiler integrates JD, Jad, FernFlower, CFR, Procyon seamlessly with Eclipse and allows Java developers to debug class files without source code directly
- [285星][2m] [C++] changeofpace/viviennevmm VivienneVMM is a stealthy debugging framework implemented via an Intel VT-x hypervisor.
- [272星][4m] [Py] mariovilas/winappdbg WinAppDbg Debugger
- [270星][21d] [Py] ionelmc/python-manhole Debugging manhole for python applications.
- [267星][4y] [C] blankwall/macdbg Simple easy to use C and python debugging framework for OSX
- [255星][3y] [Py] airsage/petrel Tools for writing, submitting, debugging, and monitoring Storm topologies in pure Python
- [250星][2y] [Py] dbgx/lldb.nvim Debugger integration with a focus on ease-of-use.
- [250星][2m] [Py] quantopian/qdb Quantopian Remote Debugger for Python
- [240星][6m] [C++] facebook/ds2 Debug server for lldb.
- [239星][8m] [C++] strivexjun/xantidebug VMProtect 3.x Anti-debug Method Improved
- [239星][8m] [Py] beeware/bugjar A interactive graphical debugger for Python code.
- [233星][2m] [Py] gilligan/vim-lldb lldb debugger integration plugin for vim
- [220星][9m] letoram/senseye Dynamic Visual Debugging / Reverse Engineering Toolsuite
- [218星][2m] [Py] nteseyes/pylane An python vm injector with debug tools, based on gdb.
- [213星][12d] [C++] thalium/icebox Virtual Machine Introspection, Tracing & Debugging
- [209星][2m] [C] joyent/mdb_v8 postmortem debugging for Node.js and other V8-based programs
- [200星][6m] [C++] rainers/cv2pdb converter of DMD CodeView/DWARF debug information to PDB files
- [184星][6m] [C] therealsaumil/static-arm-bins 静态编译的arm二进制文件, 用于调试和运行时分析
- [182星][5y] [C] gdbinit/onyx-the-black-cat Kernel extension to disable anti-debug tricks and other useful XNU "features"
- [164星][12d] [C++] devinacker/bsnes-plus debug-oriented fork of bsnes
- [163星][3m] [JS] ant4g0nist/vegvisir 基于浏览器的LLDB 调试器
- [163星][1m] [C++] jrfonseca/drmingw Postmortem debugging tools for MinGW.
- [157星][2y] [C] armadito/armadito-av Armadito antivirus main repository
- [154星][4y] [Py] kbandla/immunitydebugger ImmunityDebugger
- [152星][5y] [Shell] hellman/fixenv Fix stack addresses (when no ASLR) with and without debugging
- [151星][2y] [Py] reswitched/cagetheunicorn Debugging/emulating environment for Switch code
- [146星][1m] [Py] wenzel/pyvmidbg LibVMI-based debug server, implemented in Python. Building a guest aware, stealth and agentless full-system debugger
- [142星][2y] [C++] honorarybot/pulsedbg Hypervisor-based debugger
- [137星][9m] [Py] nh2/strace-pipes-presentation 利用strace+管道/socket进行调试
- [133星][4y] [C] jvoisin/pangu Toolkit to detect/crash/attack GNU debugging-related tools
- [125星][5m] [Py] igio90/uddbg A gdb like debugger that provide a runtime env to unicorn emulator and additionals features!
- [124星][3y] [Py] alonemonkey/antiantidebug tweak、 lldb python for anti anti debug
- [120星][21d] [C++] intel/opencl-intercept-layer Intercept Layer for Debugging and Analyzing OpenCL Applications
- [117星][4y] [Shell] dholm/dotgdb GDB scripts to add support for low level debugging and reverse engineering
- [116星][2y] [C++] skylined/edgedbg A simple command line exe to start and debug the Microsoft Edge browser.
- [109星][3m] [C] david-reguera-garcia-dreg/dbgchild Debug Child Process Tool (auto attach)
- [108星][1m] [Pascal] fenix01/cheatengine-library Cheat Engine Library is based on CheatEngine a debugger and coding environment particularly aimed at games, but can also be used for other purposes like debugging applications and used in schools for teaching how computers work
- [105星][2y] [C] formyown/alesense-antivirus 一款拥有完整交互界面与驱动级拦截能力的开源杀毒软件
- [104星][1m] [C] checkpointsw/scout Instruction based research debugger
- [103星][18d] stonedreamforest/mirage kernel-mode Anti-Anti-Debug plugin. based on intel vt-x && ept technology
- [95星][2y] [C] cetfor/antidbg A bunch of Windows anti-debugging tricks.
- [93星][12d] [JS] microsoftedge/jsdbg Debugging extensions for Microsoft Edge and other Chromium-based browsers
- [86星][4y] [Py] sogeti-esec-lab/lkd Local Kernel Debugger (LKD) is a python wrapper around dbgengine.dll
- [86星][2y] [Py] wasiher/chrome_remote_interface_python Chrome Debugging Protocol interface for Python
- [86星][7y] [Py] stevenseeley/heaper heaper, an advanced heap analysis plugin for Immunity Debugger
- [85星][21d] [Py] rocky/python2-trepan A gdb-like Python 2.x Debugger in the Trepan family
- [82星][3m] [C] taviso/cefdebug Minimal code to connect to a CEF debugger.
- [73星][5m] 0xd4d/dnspy-unity-mono Fork of Unity mono that's used to compile mono.dll with debugging support enabled
- [70星][7m] [C++] thomasthelen/antidebugging A collection of c++ programs that demonstrate common ways to detect the presence of an attached debugger.
- [70星][4y] [C++] waleedassar/antidebug Collection Of Anti-Debugging Tricks
- [65星][5m] [C++] nccgroup/xendbg A feature-complete reference implementation of a modern Xen VMI debugger.
- [64星][4y] [C#] wintellect/procmondebugoutput See your trace statements in Sysinternals Process Monitor
- [59星][4y] [JS] auth0-blog/react-flux-debug-actions-sample This repository shows how you can use Flux actions to reproduce your user's issues in your own browser
- [58星][3m] [Py] quarkslab/lldbagility A tool for debugging macOS virtual machines
- [57星][6m] [JS] pownjs/pown-cdb Automate common Chrome Debug Protocol tasks to help debug web applications from the command-line and actively monitor and intercept HTTP requests and responses.
- [54星][3m] [C#] southpolenator/sharpdebug C# debugging automation tool
- [51星][3m] [C#] smourier/tracespy TraceSpy is a pure .NET, 100% free and open source, alternative to the very popular SysInternals DebugView tool.
- [49星][1y] [C++] alphaseclab/anti-debug
- [48星][4m] blackint3/awesome-debugging Why Debugging?(为什么要调试?)
- [48星][9m] [C++] stoyan-shopov/troll troll:ARM Cortex-M 处理器 C 语言源码调试器
- [44星][1y] [C#] micli/netcoredebugging A repository maintains the book of ".NET Core application debugging" sample code.
- [44星][2y] [Py] zedshaw/zadm4py Zed's Awesome Debug Macros for Python
- [43星][1y] [C++] johnsonjason/rvdbg RVDbg is a debugger/exception handler for Windows processes and has the capability to circumvent anti-debugging techniques. (Cleaner, documented code base being worked on in: core branch)
- [42星][1m] [SystemVerilog] azonenberg/starshipraider High performance embedded systems debug/reverse engineering platform
- [42星][5y] [C] cemeyer/msp430-emu-uctf msp430 emulator for uctf (with remote GDB debugging, reverse debugging, and optional symbolic execution)
- [42星][2m] [Erlang] etnt/edbg edbg:基于 tty 的 Erlang 调试/追踪接口
- [41星][4y] [Py] crowdstrike/pyspresso The pyspresso package is a Python-based framework for debugging Java.
- [41星][2y] [C] seemoo-lab/nexmon_debugger Debugger with hardware breakpoints and memory watchpoints for BCM4339 Wi-Fi chips
- [39星][7y] [C] gdbinit/gimmedebugah A small utility to inject a Info.plist into binaries.
- [38星][2y] [C] shellbombs/strongod StrongOD(anti anti-debug plugin) driver source code.
- [37星][3y] [C] 0xbadc0de1/vmp_dbg This is a VmProtect integrated debugger, that will essentially allow you to disasm and debug vmp partially virtualized functions at the vmp bytecode level. It was made using TitanEngine for the debug engine and Qt for the gui. Do not expect much of it and feel free to report any bugs.
- [36星][3y] [C] adamgreen/mri MRI - Monitor for Remote Inspection. The gdb compatible debug monitor for Cortex-M devices.
- [35星][2y] [Py] meyer9/ethdasm Tool for auditing Ethereum contracts
- [35星][2m] [C] gdbinit/efi_dxe_emulator EFI DXE Emulator and Interactive Debugger
- [34星][2y] [Py] g2p/vido wrap commands in throwaway virtual machines — easy kernel debugging and regression testing
- [32星][4m] [C++] creaink/ucom A simple Serial-Port/TCP/UDP debugging tool.
- [32星][4m] [C++] imugee/xdv XDV is disassembler or debugger that works based on the extension plugin.
- [29星][6m] [C++] marakew/syser syser debugger x32/x64 ring3
- [29星][3m] [C++] vertextoedge/windowfunctiontracer Window Executable file Function tracer using Debugging API
- [28星][2y] [PS] enddo/hatdbg Minimal WIN32 Debugger in powershell
- [28星][7y] [C] jonathansalwan/vmndh-2k12 Emulator, debugger and compiler for the NDH architecture - Emulator for CTF NDH 2k12
- [27星][8y] [Py] fitblip/pydbg A pure-python win32 debugger interface.
- [27星][2y] [C] okazakinagisa/vtbaseddebuggerwin7 Simple kernelmode driver.
- [26星][6y] [Py] fireeye/pycommands PyCommand Scripts for Immunity Debugger
- [25星][3y] [C] jacktang310/kerneldebugonnexus6p
- [24星][1y] [Py] cosine0/amphitrite Symbolic debugging tool using JonathanSalwan/Triton
- [22星][8m] [Py] laanwj/dwarf_to_c Tool to recover C headers (types, function signatures) from DWARF debug data
- [22星][1y] [C#] malcomvetter/antidebug PoC: Prevent a debugger from attaching to managed .NET processes via a watcher process code pattern.
- [22星][3y] [Assembly] osandamalith/anti-debug Some of the Anti-Debugging Tricks
- [20星][5y] [C] tongzeyu/hooksysenter hook sysenter,重载内核,下硬件断点到debugport,防止debugport清零
- [1106星][14d] [OCaml] binaryanalysisplatform/bap Binary Analysis Platform
- [411星][13d] [HTML] w3c/webappsec Web App安全工作组
- [299星][17d] [JS] w3c/webappsec-trusted-types A browser API to prevent DOM-Based Cross Site Scripting in modern web applications.
- [289星][3y] [Py] dhilipsiva/webapp-checklist Technical details that a programmer of a web application should consider before making the site public.
- [126星][7y] pwnwiki/webappdefaultsdb A DB of known Web Application Admin URLS, Username/Password Combos and Exploits
- [106星][19d] [Py] ajinabraham/webappsec Web Application Security
- [101星][1m] [HTML] w3c/webappsec-csp WebAppSec Content Security Policy
- [61星][7y] [JS] enablesecurity/webapp-exploit-payloads a collection of payloads for common webapps
- [52星][6y] [Py] lijiejie/outlook_webapp_brute Microsoft Outlook WebAPP Brute
- [45星][9m] [Py] binaryanalysisplatform/bap-tutorial The BAP tutorial
- [35星][5y] [OCaml] argp/bap Binary Analysis Platform -- I will try to keep this updated with patches, fixes, etc.
- [28星][5y] [Py] infosec-au/webappsec-toolkit Web Application Security related tools. Includes backdoors, proof of concepts and tricks
- [26星][2y] [JS] bkimminich/webappsec-nutshell An ultra-compact intro (or refresher) to Web Application Security.
- [16星][4y] [Py] redcanaryco/cbapi2 Red Canary Carbon Black API
- [16星][1y] [C#] jpginc/xbapappwhitelistbypasspoc
- [15星][2y] [Rust] maurer/bap-rust
- [11星][2m] [OCaml] binaryanalysisplatform/bap-bindings C Bindings to BAP
- [10星][3y] [Java] rafaelrpinto/vulnerablejavawebapplication A Java Web Application with common legacy security flaws for tests with Arachni Scanner and ModSecurity
- [9星][2y] [HTML] mister2tone/metasploit-webapp Metasploit framework via HTTP services
- [7星][4m] [Py] binaryanalysisplatform/bap-python BAP python bindings
- [7星][9y] [PHP] ircmaxell/xssbadwebapp A Intentionally Vulnerable Bad Web Application With XSS Vulnerabilities - DO NOT USE!!!
- [6星][2y] [HTML] ambulong/dbapp_ctf_201801 安恒CTF一月赛部分POC
- [1星][20d] [C] binaryanalysisplatform/bap-testsuite BAP test suite
- [1星][3y] [C] maurer/libbap C Bindings for BAP
- [1星][8m] spy86/owaspwebapplicationsecuritytestingchecklist
- [0星][3y] [C#] jstillwell/webapppentest App for testing web apps for vulnerabilities like Sql injection
- [382星][26d] [C++] google/binexport 将反汇编以Protocol Buffer的形式导出为PostgreSQL数据库, 导入到BinNavi中使用
- 重复区段: IDA->插件->导入导出->BinNavi |
- [213星][4y] [PLpgSQL] cseagle/freedom 从IDA中导出反汇编信息, 导入到binnavi中使用
- 重复区段: IDA->插件->导入导出->BinNavi |
- [25星][7y] [Py] tosanjay/bopfunctionrecognition plugin to BinNavi tool to analyze a x86 binanry file to find buffer overflow prone functions. Such functions are important for vulnerability analysis.
- 重复区段: IDA->插件->导入导出->BinNavi |
- 2015.12 [summitroute] Setting up fREedom and BinNavi
- 2015.12 [addxorrol] Open-Source BinNavi ... and fREedom
- 2015.08 [freebuf] 逆向分析神器BinNavi开源了
- 2008.11 [addxorrol] BinDiff / BinNavi User Forum
- 2008.11 [addxorrol] BinNavi v2 and PHP !
- [20779星][8d] [Java] skylot/jadx dex 转 java 的反编译器
- [7733星][1m] [Java] java-decompiler/jd-gui A standalone Java Decompiler GUI
- [3135星][26d] [Java] deathmarine/luyten An Open Source Java Decompiler Gui for Procyon
- [1867星][1y] [Java] jindrapetrik/jpexs-decompiler JPEXS Free Flash Decompiler
- [1652星][12m] [Java] fesh0r/fernflower Unofficial mirror of FernFlower Java decompiler (All pulls should be submitted upstream)
- [1466星][12d] [Py] rocky/python-uncompyle6 Python反编译器,跨平台
- [1109星][1y] [Py] wibiti/uncompyle2 Python 2.7 decompiler
- [1084星][4m] [Py] storyyeller/krakatau Java decompiler, assembler, and disassembler
- [764星][12m] [C++] comaeio/porosity UNMAINTAINED Decompiler and Security Analysis tool for Blockchain-based Ethereum Smart-Contracts
- [678星][3y] [Batchfile] ufologist/onekey-decompile-apk 一步到位反编译apk工具(onekey decompile apk)
- [673星][18d] [C#] uxmal/reko Reko is a binary decompiler.
- [671星][11m] [C++] zrax/pycdc C++ python bytecode disassembler and decompiler
- [573星][2y] [C++] zneak/fcd An optimizing decompiler
- [538星][6m] [Java] java-decompiler/jd-eclipse A Java Decompiler Eclipse plugin
- [533星][5y] [Py] mysterie/uncompyle2 A Python 2.5, 2.6, 2.7 byte-code decompiler
- [483星][3y] [Lua] viruscamp/luadec Lua Decompiler for lua 5.1 , 5.2 and 5.3
- [389星][3y] [Py] gstarnberger/uncompyle Python decompiler
- [383星][3y] [C] micrictor/stuxnet Open-source decompile of Stuxnet/myRTUs
- [347星][16d] [C#] steamdatabase/valveresourceformat Valve's Source 2 resource file format (also known as Stupid Valve Format) parser and decompiler.
- [331星][11d] [Java] leibnitz27/cfr This is the public repository for the CFR Java decompiler
- [327星][2m] [C++] silverf0x/rpcview RpcView is a free tool to explore and decompile Microsoft RPC interfaces
- [306星][5y] [C++] draperlaboratory/fracture an architecture-independent decompiler to LLVM IR
- [283星][8m] [Shell] venshine/decompile-apk APK 反编译
- [243星][3m] [Java] kwart/jd-cmd Command line Java Decompiler
- [242星][11d] [C#] icsharpcode/avaloniailspy Avalonia-based .NET Decompiler (port of ILSpy)
- [240星][2m] [Java] ata4/bspsrc A Source engine map decompiler
- [234星][5y] [C] sztupy/luadec51 Lua Decompiler for Lua version 5.1
- [232星][1y] [C++] wwwg/wasmdec WebAssembly to C decompiler
- [226星][11d] [C++] boomerangdecompiler/boomerang Boomerang Decompiler - Fighting the code-rot :)
- [196星][1y] [C++] cararasu/holodec Decompiler for x86 and x86-64 ELF binaries
- [164星][3y] [C#] jamesjlinden/unity-decompiled
- [148星][3y] [C#] endgameinc/py2exedecompiler Decompiles Exe created by Py2Exe using uncompyle6 for both python 2 and 3.
- [136星][6y] [Py] nightnord/ljd LuaJIT raw-bytecode decompiler
- [129星][6y] [Lua] bobsayshilol/luajit-decomp LuaJIT decompiler
- [113星][1y] [Java] despector/despector Java / Kotlin Decompiler and AST Library
- [87星][4m] [Clojure] clojure-goes-fast/clj-java-decompiler clj-java-decompiler: 将 Clojure 反编译为 Java
- [87星][11d] [Py] pnfsoftware/jeb2-samplecode Sample extensions for JEB Decompiler
- [85星][4y] [C] electrojustin/triad-decompiler TRiad Is A Decompiler. Triad is a tiny, free and open source, Capstone based x86 decompiler for ELF binaries.
- [82星][2y] [C++] nemerle/dcc This is a heavily updated version of the old DOS executable decompiler DCC
- [77星][3m] [Py] pfalcon/scratchablock Yet another crippled decompiler project
- [67星][1y] [PHP] irelance/jsc-decompile-mozjs-34 A javascript bytecode decoder for mozilla spider-monkey version 34. May decompile jsc file compile by cocos-2dx
- [57星][16d] [Py] matt-kempster/mips_to_c A MIPS decompiler.
- [57星][5y] [C] molnarg/dead0007 Decompiler for SpiderMonkey 1.8 XDR bytecode
- [54星][7m] [Clojure] bronsa/tools.decompiler A decompiler for clojure, in clojure
- [53星][7y] [Visual Basic .NET] vbgamer45/semi-vb-decompiler Partial decompiler for Visual Basic. Code source of file struture infomation.
- [49星][12d] [Py] rocky/python-decompile3 Python decompiler for 3.7+. Stripped down from uncompyle6 so we can refactor and fix up some long-standing problems
- [40星][2y] [Py] wibiti/evedec Eve Online decrypter/decompiler
- [32星][1y] [C++] fortiguard-lion/rpcview RpcView is a free tool to explore and decompile Microsoft RPC interfaces
- [31星][2y] [Visual Basic .NET] dzzie/myaut_contrib mod to myaut2exe decompiler
- [28星][16d] [Py] dottedmag/archmage A reader and decompiler for files in the CHM format
- [28星][12m] [Java] minecraftforge/fernflower Unofficial mirror of FernFlower Java decompiler, Subtree split of:
- [28星][28d] [C++] schdub/protodec Protobuf decompiler
- [27星][1y] [C#] jeffreye/avaloniailspy Avalonia-based .NET Decompiler (port of ILSpy)
- [25星][1y] [Py] nviso-be/decompile-py2exe Decompile py2exe Python 3 generated EXEs
- [21星][7m] [Py] beched/abi-decompiler Ethereum (EVM) smart contracts reverse engineering helper utility
- [21星][1y] [C] rfalke/decompiler-subjects Tests cases for binary decompilers
- [19星][6m] [Java] pnfsoftware/jeb-plugin-libra Libra decompiler plugin for JEB
- [19星][23d] [Shell] gzu-liyujiang/apkdecompiler 【Linux系统】上apk反编译助手,已打包为ApkDecompiler.deb,支持debian系linux,如debian、ubuntu、mint、deepin等等
- [11星][3y] [Emacs Lisp] xiongtx/jdecomp Emacs interface to Java decompilers
- [10星][6y] [Py] gdelugre/fupy A small and dirty Python 2 decompiler written in Python.
- [10星][2y] [C++] uglyoldbob/decompiler A decompiler targeting c and similar languages.
- [9星][2y] [C++] darknesswind/nutcracker fork from DamianXVI's squirrel decompiler
- [9星][3y] [C++] shauren/protobuf-decompiler
- [8星][7m] [Java] soxs/osrsupdater A simple (and outdated) Old-School RuneScape decompiler/deobfuscator. Performs field and method analysis which uses ASM and bytecode patterns for identification. Identified fields could be used for creating bot clients or QoL clients. For educational use only.
- [8星][10m] [PHP] vaibhavpandeyvpz/deapk DeAPK is an open-source, online APK decompiler which lets you upload an APK and then decompile it to Smali or Java sources. It is built using Laravel, Vue.js, Bootstrap, FontAwesome, Pusher, Redis, MySQL, apktool, jadx and hosted atop DigitalOcean cloud platform.
- [5星][1y] [C#] fireboyd78/unluacnet A Lua 5.1 decompiler library written in C#. Based on the original Java version of "unluac" by tehtmi.
- [5星][2m] [Kotlin] kotcrab/mist Interactive MIPS disassembler and decompiler
- [5星][4m] [TS] x87/scout Scout Decompiler
- [1星][2y] [Haskell] wertercatt/mrifk A decompiler and disassembler for the Glulx virtual machine.
- [1星][6y] [Haskell] rel-eng/jdec java decompiler written in haskell
- [1星][2m] [Java] maxpixelstudios/minecraftdecompiler A useful tool to decompile and deobfuscate Minecraft by CFR and Proguard/SRG/CSRG/TSRG mappings
- [0星][2y] [Java] dgileadi/dg.jdt.ls.decompiler
- [None星]xdasm/decompiler
- [1374星][20d] [C] zyantific/zydis 快速的轻量级x86/x86-64 反汇编库
- [1346星][12m] [Rust] das-labor/panopticon A libre cross-platform disassembler.
- [877星][11m] [C++] wisk/medusa An open source interactive disassembler
- [835星][8d] [GLSL] khronosgroup/spirv-cross a practical tool and library for performing reflection on SPIR-V and disassembling SPIR-V back to high level languages.
- [828星][3m] [C++] redasmorg/redasm The OpenSource Disassembler
- [693星][5y] [C] vmt/udis86 Disassembler Library for x86 and x86-64
- [627星][3m] [C] gdabah/distorm Powerful Disassembler Library For x86/AMD64
- [430星][2m] [C#] 0xd4d/iced x86/x64 disassembler, instruction decoder & encoder
- [351星][21d] [Ruby] jjyg/metasm This is the main repository for metasm, a free assembler / disassembler / compiler written in ruby
- [268星][3y] [HTML] xem/minix86 x86 (MS-DOS) documentation, disassembler and emulator - WIP
- [246星][5m] [Py] bontchev/pcodedmp A VBA p-code disassembler
- [198星][6m] [Py] athre0z/wasm WebAssembly decoder & disassembler library
- [139星][17d] [C++] grammatech/ddisasm A fast and accurate disassembler
- [136星][2y] [Java] tinylcy/classanalyzer A Java Class File Disassembler
- [89星][6m] [Java] llvm-but-worse/java-disassembler The Java Disassembler
- [88星][9m] [Py] blacknbunny/peanalyzer Advanced Portable Executable File Analyzer And Disassembler 32 & 64 Bit
- [86星][2y] [C++] rmitton/goaldis Jak & Daxter GOAL disassembler
- [81星][3y] [Py] januzellij/hopperscripts Collection of scripts I use in the Hopper disassembler
- [80星][2y] [Py] rsc-dev/pbd Pbd is a Python module to disassemble serialized protocol buffers descriptors (
- [69星][6m] [Py] tintinweb/ethereum-dasm An ethereum evm bytecode disassembler and static/dynamic analysis tool
- [65星][11m] [Pascal] mahdisafsafi/univdisasm x86 Disassembler and Analyzer
- [62星][5m] [Py] crytic/pyevmasm Ethereum Virtual Machine (EVM) disassembler and assembler
- [57星][14d] [Py] rocky/python-xdis Python cross-version bytecode library and disassembler
- [52星][30d] [C++] hasherezade/vidi ViDi Visual Disassembler (experimental)
- [32星][6m] [C++] vector35/generate_assembler generate assemblers from disassemblers, 2018 jailbreak security summit talk
- [30星][3y] [Py] rmtew/peasauce Peasauce Interactive Disassembler
- [25星][3m] [HTML] shahril96/online-assembler-disassembler Online assembler and disassembler
- [24星][3y] [Py] 0xbc/chiasm-shell Python-based interactive assembler/disassembler CLI, powered by Keystone/Capstone.
- [23星][2y] [C++] verideth/repen Simple C8 disassembler
- [22星][5y] [C#] tophertimzen/shellcodetester GUI Application in C# to run and disassemble shellcode
- [7019星][10d] [JS] cs01/gdbgui Browser-based frontend to gdb (gnu debugger). Add breakpoints, view the stack, visualize data structures, and more in C, C++, Go, Rust, and Fortran. Run gdbgui from the terminal and a new tab will open in your browser.
- [6052星][13d] [Py] cyrus-and/gdb-dashboard Modular visual interface for GDB in Python
- [3784星][11m] [Py] longld/peda Python Exploit Development Assistance for GDB
- [2568星][1m] [Py] hugsy/gef gdb增强工具,使用Python API,用于漏洞开发和逆向分析。
- [2439星][16d] [Py] pwndbg/pwndbg GDB插件,辅助漏洞开发和逆向
- [1417星][3m] [Go] hellogcc/100-gdb-tips A collection of gdb tips. 100 maybe just mean many here.
- [452星][3m] [Py] scwuaptx/pwngdb gdb for pwn
- [446星][1y] [Py] jfoote/exploitable The 'exploitable' GDB plugin. I don't work at CERT anymore, but here is the original homepage:
- [244星][2m] [JS] bet4it/hyperpwn A hyper plugin to provide a flexible GDB GUI with the help of GEF, pwndbg or peda
- [208星][2m] [Py] sakhnik/nvim-gdb Neovim thin wrapper for GDB, LLDB and PDB
- [196星][2y] [Py] sqlab/symgdb symbolic execution plugin for gdb
- [186星][4y] [Py] leeyiw/cgdb-manual-in-chinese 《CGDB中文手册》
- [174星][21d] [Shell] rocky/zshdb gdb-like "trepan" debugger for zsh
- [152星][1m] [Py] rogerhu/gdb-heap Heap Analyzer for Python
- [150星][1m] [Py] gdbinit/lldbinit A gdbinit clone for LLDB
- [137星][2y] kevinsbobo/cheat-sheet 速查表包括了 Vim, Git, Shell, Gcc, Gdb 常用命令及快捷键
- [132星][4y] [C] espressif/esp-gdbstub
- [126星][3m] [Py] deroko/lldbinit Similar implementation of .gdbinit from fG
- [101星][3m] [Py] cs01/pygdbmi A library to parse gdb mi output, as well as control gdb subprocesses
- [93星][2m] [C] weirdnox/emacs-gdb GDB graphical interface for GNU Emacs
- [93星][5y] [Py] zachriggle/peda PEDA - Python Exploit Development Assistance for GDB
- [91星][5m] [Py] vuvova/gdb-tools Various tools to improve the gdb experience
- [87星][2m] [Py] alset0326/peda-arm GDB plugin peda for arm
- [85星][2y] [C] javierhonduco/write-a-strace-and-gdb A tiny system call tracer and debugger implementation
- [79星][3m] [Py] miyagaw61/exgdb Extension for GDB
- [73星][3m] hugsy/gdb-static Public repository of static GDB and GDBServer
- [73星][21d] [Py] rocky/python3-trepan A gdb-like Python3 Debugger in the Trepan family
- [69星][14d] [Py] koutheir/libcxx-pretty-printers GDB Pretty Printers for libc++ of Clang/LLVM
- [62星][4m] [OCaml] copy/gdbprofiler Rich man's profiler, a profiler for native OCaml and other executables
- [61星][1y] [Py] hq6/gdbshellpipe Enable piping of internal command output to external commands
- [56星][5m] [Py] stef/pyrsp python implementation of the GDB Remote Serial Protocol
- [54星][10m] [Shell] mzpqnxow/embedded-toolkit Prebuilt statically linked gdbserver and gawk executables for Linux on ARMEL, MIPS/MIPSEL and more platforms for use on embedded devices, including for systems with many different ABIs (including more than 20 statically linked gdbserver executables)
- [52星][8y] [Py] crossbowerbt/gdb-python-utils A library for GDB (with python support), that adds useful functions to the standard 'gdb' library.
- [52星][2y] [Go] cyrus-and/gdb Go GDB/MI interface
- [47星][6y] [C] gdbinit/gdb-ng Apple's gdb fork with some fixes and enhancements
- [46星][11m] [Shell] mzpqnxow/gdb-static-cross Shell scripts, sourceable "activate" scripts and instructions for building a statically linked gdb-7.12 gdbserver using cross-compile toolchains. Includes more than 20 statically linked gdbserver executables for different architectures, byte orders and ABIs
- [46星][1m] [TeX] zxgio/gdb_gef-cheatsheet GDB + GEF cheatsheet for reversing binaries
- [44星][2m] [Py] scwuaptx/peda PEDA - Python Exploit Development Assistance for GDB
- [41星][4m] [Rust] cbourjau/cargo-with A third-party cargo extension to run the build artifacts through tools like
gdb
- [39星][2m] [Py] sharkdp/stack-inspector A gdb command to inspect the size of objects on the stack
- [38星][10m] [Py] wapiflapi/gxf Gdb Extension Framework is a bunch of python code around the gdb api.
- [37星][5y] [Py] philwantsfish/gdb_commands GDB commands to aid exploit development
- [36星][9d] [Ruby] david942j/gdb-ruby It's time for Ruby lovers to use Ruby in gdb, and gdb in Ruby!
- [36星][2y] [Py] tromey/gdb-gui A gdb gui written in Python, running inside gdb itself.
- [33星][2m] [Py] akiym/pedal PEDAL - Python Exploit Development Assistance for GDB Lite
- [33星][1y] [Py] damziobro/gdb-automatic-deadlock-detector Script adds new command to GDB which allows automatically detect C/C++ thread locking and deadlocks in GDB debugger
- [25星][13d] [C] mborgerson/gdbstub A simple, dependency-free GDB stub that can be easily dropped in to your project.
- [24星][1m] [Py] daskol/gdb-colour-filter Colourify backtrace output in GDB with Python API
- [23星][1m] [Perl] occivink/kakoune-gdb gdb integration plugin
- [23星][2y] [C] tommythorn/yari YARI is a high performance open source FPGA soft-core RISC implementation, binary compatible with MIPS I. The distribution package includes a complete SoC, simulator, GDB stub, scripts, and various examples.
- [23星][3y] [Py] zachriggle/pwndbg GDB插件,辅助漏洞开发和逆向
- [22星][3y] [Py] tromey/gdb-helpers GDB helper scripts
- [21星][23d] [C] yugr/libdebugme Automatically spawn gdb on error.
- [20星][6m] [Batchfile] cldrn/insecureprogrammingdb Insecure programming functions database
- [20星][2y] [Py] kelwin/peda PEDA - Python Exploit Development Assistance for GDB
- [19星][8d] [C#] sysprogs/bsptools Tools for generating VisualGDB BSPs
- [18星][4y] [C] niklasb/dump-seccomp GDB plugin to dump SECCOMP rules set via prctnl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER)
- [15星][3y] [C] andyneff/hello-world-gdb Simple hello world program for debugging with gdb
- [15星][6y] gdbinit/kgmacros Fixed kgmacros to work with VMware kernel gdb stub
- [15星][2y] [C] rkx1209/bitvisor-gdb gdbserver implementation on BitVisor
- [15星][1m] [C++] satharus/disass [WIP] FOSS GNU Debugger (GDB) interface for GNU/Linux.
- [14星][3y] [Py] 0xmitsurugi/gdbscripts Python scripts for gdb, reverse engineering oriented
- [14星][3y] [JS] ben-ha/gdbface GDB web frontend written in Javascript
- [14星][11m] [TeX] zxgio/gdb-cheatsheet GDB cheatsheet for reversing binaries
- [13星][2y] [Py] pageflt/gdb-memstr Generate arbitrary strings out of contents of ELF sections
- [10星][3y] [JS] gogoprog/atom-gdb Atom plugin to set gdb breakpoints in .gdbinit file and run an external debugger as QtCreator or ddd
- [10星][2y] [Py] kikimo/pygdb pygdb:Linux 调试器,支持 dwarf-2 调试信息,能调试 x86/x64 程序
- [10星][26d] [C] resetnow/esp-gdbstub ESP8266 debugging tool
- [10星][2y] [Py] stephenr/gdb_scripts
- [8星][5y] [Py] ctu-iig/802.11p-wireless-regdb Wireless regulatory database for CRDA
- [4星][11m] [C] adapteva/epiphany-binutils-gdb Merged gdb and binutils repository
- [3星][1y] [Py] grant-h/gdbscripts An assorted collection of GDB scripts.
- [2星][4m] [Py] artem-nefedov/uefi-gdb UEFI OVMF symbol load script for GDB
- [2星][9m] [C#] sysprogs/visualgdbextensibilityexamples
- [2星][2y] [Py] tentpegbob/ropgadget Extends ROPgadget so that it can be used inside of GDB via Python.
- [1星][3y] elauqsap/vtgdb vulnerability and threat repository using a graph architecture
- [1星][2y] [Py] monkeyman79/janitor Collection of GDB commands for low-level debugging, aimed at bringing debug.exe flavor into GDB command line interface.
- [0星][4y] [Py] 0xd3d0/pygdb Automatically exported from code.google.com/p/pygdb
- [0星][2y] [JS] pgigis/routingdb
- [None星]sha0coder/gdb_automatization
- 2019.11 [ocallahan] Supercharging Gdb With Pernosco
- 2019.10 [FOSSiFoundation] A Unified Debug Server for Deeply Embedded Systems and GDB/LLDB - Simon Cook - ORConf 2019
- 2019.10 [TheLinuxFoundation] Using Serial kdb / kgdb to Debug the Linux Kernel - Douglas Anderson, Google
- 2019.09 [GNUToolsCauldron] GDB: Tab-Completion & Command Options - GNU Tools Cauldron 2019
- 2019.09 [GNUToolsCauldron] GDB on s390x: To-dos and Challenges - GNU Tools Cauldron 2019
- 2019.09 [GNUToolsCauldron] GDB BoF - GNU Tools Cauldron 2019
- 2019.09 [GNUToolsCauldron] A New Debug Server for Supporting GDB on Embedded Platforms - GNU Tools Cauldron 2019
- 2019.05 [tunnelshade] Quick linux kernel with gdb setup with little help from Linux distros
- 2019.02 [360] ARM汇编之堆栈溢出实战分析四(GDB)
- 2019.01 [freebuf] ARM汇编之堆栈溢出实战分析三(GDB)
- 2019.01 [360] ARM汇编之堆栈溢出实战分析二(GDB)
- 2019.01 [360] ARM汇编之堆栈溢出实战分析(GDB)
- 2018.09 [blackroomsec] Reversing small crackme w/ GDB-Peda
- 2018.09 [doyler] Metasploit adduser Analysis via GDB (SLAE Exam Assignment #5.2)
- 2018.07 [pediy] [编程][翻译] 用 gdb 学 C 语言
- 2018.05 [djmanilaice] Ignorance .gdbinit
- 2018.05 [360] DEFCON CHINA议题解读 | Triton和符号执行在 GDB 上
- 2018.03 [aliyun] 利用GDB实现进程注入
- 2018.02 [freebuf] GDB调试CVE-2018-5711 PHP-GD拒绝服务漏洞
- 2018.02 [HITCON] [HITCON CMT 2017] R0D202 - 陳威伯 - Triton and Symbolic execution on GDB
- 2018.01 [jvns] How does gdb call functions?
- 2017.12 [pediy] [原创] 如何在pwn题中更有效地使用GDB
- 2017.10 [sysprogs] Explaining project format changes in VisualGDB 5.3
- 2017.09 [pediy] [原创]分享一份儿我做的速查表 - 包括了 Vim, Git, Shell, Gcc, Gdb 常用命令及快捷键
- 2017.08 [sysprogs] The Updated VisualGDB Embedded Debugging Experience
- 2017.08 [pediy] [分享]用debugserver + lldb代替gdb进行动态调试
- 2017.08 [360] 利用GDB调试ARM代码
- 2017.06 [sysprogs] Clang IntelliSense Improvements in VisualGDB 5.3 Preview 2
- 2017.05 [n0where] GDB Exploit Development & Reverse Engineering: pwndbg
- 2017.05 [abatchy] Analyzing Metasploit linux/x86/adduser module using GDB
- 2017.05 [abatchy] Analyzing Metasploit linux/x86/adduser module using GDB
- 2017.03 [360] 安卓Hacking Part 20:使用GDB在Android模拟器上调试应用程序
- 2017.03 [nsfocus] 利用GDB、KGDB调试应用程序及内核驱动模块
- 2017.03 [dustri] Solving "warning: Probes-based dynamic linker interface failed." in GDB
- 2017.03 [n0where] Browser-based GDB frontend: gdbGUI
- 2017.02 [] Stepping backward in gdb
- 2017.01 [n0where] Multi-Architecture GDB Enhanced Features for Exploiters & Reverse-Engineers: GEF
- 2017.01 [360] 使用KGDB实现Android内核调试
- 2017.01 [trendmicro] Practical Android Debugging Via KGDB
- 2017.01 [pediy] [原创]lldb/gdb通信协议研究
- 2016.11 [pediy] [下载]VisualGDB 5.x & VisualKernel 2.x破解补丁(2017-10-10更新)
- 2016.10 [sysprogs] Exploring advanced STM32 code samples with VisualGDB
- 2016.09 [sysprogs] VisualGDB 5.2 Beta 1 is out
- 2016.09 [] Break On Call and Break On Ret under gdb
- 2016.09 [metricpanda] Tips for Productive Debugging with GDB
- 2016.09 [sysprogs] 10 Reasons to Try Out MSBuild for your VisualGDB Projects
- 2016.08 [sysprogs] Clang IntelliSense improvements in VisualGDB 5.2
- 2016.08 [jvns] How does gdb work?
- 2016.08 [brendangregg] gdb Debugging Full Example (Tutorial): ncurses
- 2016.07 [sysprogs] The New Advanced Memory Window in VisualGDB 5.2
- 2016.07 [sysprogs] Extending the VisualGDB Test System
- 2016.07 [sysprogs] The New Unit Test Support in VisualGDB 5.2
- 2016.06 [suchakra] Fast Tracing with GDB
- 2016.06 [] Sandboxing a linux malware with gdb
- 2016.06 [n0where] GDB Front End: PINCE
- 2016.06 [n0where] Python Exploit Development GDB Assistance: Peda
- 2016.06 [rapid7] GDB for Fun (and Profit!)
- 2016.06 [paraschetal] Gracker level1 (GDB basics)
- 2016.03 [freebuf] Libheap:一款用于分析Glibc堆结构的GDB调试工具
- 2016.02 [blahcat] Ruxmon 08/2016 - Making GDB great again
- 2016.01 [eugenekolo] Better disassembly with GDB/PEDA
- 2015.09 [nsfocus] 用GDB排查Python程序故障
- 2015.09 [n0where] Modular visual interface for GDB: GDB dashboard
- 2015.08 [contextis] KGDB on Android - Debugging the kernel like a boss
- 2015.04 [sysprogs] VisualGDB 5.0 Beta 1 – Refactoring and C++ CodeMap
- 2015.04 [sysprogs] Exploring code with VisualGDB 5.0 Preview 4
- 2014.05 [parsiya] Pasting Shellcode in GDB using Python
- 2014.04 [firebitsbr] Golang: Introduction to Go Debugging with GDB
- 2014.02 [reverse] Don’t die GDB, we love you: kgmacros ported to Mavericks.
- 2014.02 [jvns] Three steps to learning GDB
- 2013.11 [blackmoreops] How to fix GDBus Error org freedesktop PolicyKit1 Error Failed An authentication agent already exists for the given subject error in Kali, LMDE or Debian Linux?
- 2013.11 [reverse] One small patch for GDB, one giant leap for reversers!
- 2013.03 [reverse] How to compile GDB in Mountain Lion (updated)
- 2012.06 [sysprogs] A GDB update for Android-NDK fixes many bugs
- 2012.04 [reverse] How to compile GDB for iOS!
- 2012.01 [reverse] Anti-debug trick #1: Abusing Mach-O to crash GDB
- 2012.01 [debasish] Basic Reverse Engineering with GDB
- 2012.01 [crossbowerbt] In-memory-fuzzing in Linux (with GDB and Python)
- 2011.08 [reverse] Another patch for Apple’s GDB: the define/commands problem
- 2011.08 [reverse] How GDB disables ASLR in Mac OS X Lion
- 2011.03 [heelan] Heap Scripts for TCMalloc with GDB’s Python API
- 2011.02 [reverse] Update to GDB patches – fix for a "new" bug
- 2011.02 [coolshell] GDB中应该知道的几个调试方法
- 2010.12 [pediy] [原创]Linux基本反汇编结构与GDB入门
- 2010.11 [arxiv] [1011.5295] GDB: Group Distance Bounding Protocols
- 2010.10 [reverse] A new GDB frontend and some pics from the past
- 2010.08 [reverse] GDB anti-debug, Otool/otx anti-disassembly… It’s Challenge number 3 !!!
- 2009.10 [coolshell] GDB 7.0 发布
- 2009.09 [coolshell] 高科技:GDB回溯调试
- 2009.08 [reverse] Anatomy of a GDB anti-debug trick part II: GDB isn’t alone!
- 2009.08 [reverse] GDB patches
- 2009.08 [reverse] Anatomy of a GDB anti-debug trick
- 2009.08 [reverse] Fix for Apple’s GDB bug or why Apple forks are bad...
- 2009.08 [reverse] Workaround for Apple’s GDB bug...
- 2009.05 [pediy] [分享]使用GDB调试程序
- 2009.04 [morepypy] 4 weeks of GDB
- 2009.04 [coldwind] How to make your life simpler - GDB scripts embedded in assembly source code
- 2009.03 [travisgoodspeed] An Open GDBProxy!
- 2009.01 [reverse] How to compile GDB and other Apple open source packages in Mac OS X
- 2008.11 [pediy] [分享]linux 调试工具 GDB 使用教程
- 2008.11 [reverse] Apple’s GDB Bug?
- 2007.10 [reverse] GDB input radix option
- [1419星][9m] [C] namhyung/uftrace Function (graph) tracer for user-space
- [186星][2y] [C++] sidechannelmarvels/tracer Set of Dynamic Binary Instrumentation and visualization tools for execution traces.
- [157星][27d] [C] immunityinc/libptrace An event driven multi-core process debugging, tracing, and manipulation framework.
- [138星][1m] [PS] lazywinadmin/monitor-adgroupmembership PowerShell script to monitor Active Directory groups and send an email when someone is changing the membership
- [115星][9y] [C] ice799/ltrace ltrace intercepts and records dynamic library calls which are called by an executed process and the signals received by that process. It can also intercept and print the system calls executed by the program.
- [110星][3y] [C#] goldshtn/etrace Command-line tool for ETW tracing on files and real-time events
- [108星][30d] [ObjC] objective-see/processmonitor Process Monitor Library (based on Apple's new Endpoint Security Framework)
- [96星][6m] [Py] teemu-l/execution-trace-viewer Tool for viewing and analyzing execution traces
- [91星][2y] [C++] epam/nfstrace Network file system monitor and analyzer
- [88星][2m] [Py] assurancemaladiesec/certstreammonitor Monitor certificates generated for specific domain strings and associated, store data into sqlite3 database, alert you when sites come online.
- [83星][1y] [C] marcusbotacin/branchmonitoringproject A branch-monitor-based solution for process monitoring.
- [82星][4y] [C] eklitzke/ptrace-call-userspace Example of how to use the ptrace(2) system call to call a userspace method.
- [71星][7m] [C++] invictus1306/functrace A function tracer
- [68星][2y] [Py] ianmiell/autotrace Runs a process, and gives you the output along with other telemetry on the process, all in one terminal window.
- [62星][2y] [C++] finixbit/ftrace Simple Function calls tracer
- [60星][2y] [DTrace] brendangregg/dtrace-tools DTrace tools for FreeBSD
- [52星][3y] [C] sciencemanx/ftrace trace local function calls like strace and ltrace
- [46星][6m] [Go] oscp/openshift-monitoring A realtime distributed monitoring tool for OpenShift Enterprise
- [44星][5y] [C] rpaleari/qtrace QTrace, a "zero knowledge" system call tracer
- [39星][4y] [C++] simutrace/simutrace Tracing framework for full system simulators
- [37星][1y] [C] egguncle/ptraceinject 进程注入
- [35星][13d] [C] efficios/babeltrace The Babeltrace project provides trace read and write libraries, as well as a trace converter. Plugins can be created for any trace format to allow its conversion to/from another trace format.
- [32星][2y] [C] alex9191/kernelmodemonitor Kernel-Mode driver and User-Mode application communication project
- [31星][1y] [C] iamgublin/ndis6.30-netmonitor NDIS6.30 Filter Library
- [27星][2y] [C] openbsm/bsmtrace BSM based intrusion detection system
- [26星][2y] [Go] benjojo/traceroute-haiku A thing you can traceroute and it gives you a haiku inside the trace
- [25星][3m] [C] airbus-cert/pstrace Trace ScriptBlock execution for powershell v2
- [24星][2y] [C++] sshsshy/zerotrace
- [21星][2y] [C++] microsoft/firewalleventmonitor Listens for Firewall rule match events generated by Microsoft Hyper-V Virtual Filter Protocol (VFP) extension.
- [11588星][12d] [C] radareorg/radare2 unix-like reverse engineering framework and commandline tools
- [410星][6m] [Py] itayc0hen/a-journey-into-radare2 A series of tutorials about radare2 framework from
- [339星][28d] [TeX] radareorg/radare2book Radare2 official book
- [259星][1m] [C] radareorg/r2dec-js radare2插件,将汇编代码反编译为C伪代码
- [258星][4m] [Rust] radareorg/radeco radare2-based decompiler and symbol executor
- [202星][3m] [PS] wiredpulse/posh-r2 PowerShell - Rapid Response... For the incident responder in you!
- [183星][4m] radareorg/r2con Radare Congress Stuff
- [175星][2m] [C] radareorg/radare2-extras Source graveyard and random candy for radare2
- [155星][2y] [C] ifding/radare2-tutorial Reverse Engineering using Radare2
- [149星][2y] [Py] mhelwig/apk-anal Android APK analyzer based on radare2 and others.
- 重复区段: Android->工具->新添加的 |
- [126星][27d] [JS] radareorg/radare2-r2pipe Access radare2 via pipe from any programming language!
- [123星][12m] [C] wenzel/r2vmi Hypervisor-Level Debugger based on Radare2 / LibVMI, using VMI IO and debug plugins
- [108星][2y] [Py] guedou/jupyter-radare2 Just a simple radare2 Jupyter kernel
- [98星][2m] [C] radareorg/radare2-bindings Bindings of the r2 api for Valabind and friends
- [97星][3y] [C] s4n7h0/practical-reverse-engineering-using-radare2 Training Materials of Practical Reverse Engineering using Radare2
- [94星][2y] [Py] radareorg/r2con2017 r2con 2017 September 6-9
- [90星][3m] [Py] radareorg/r2con2019 slides and materials
- [89星][4m] [Py] securisec/r2wiki Radare 2 wiki
- [88星][1y] [TeX] zxgio/r2-cheatsheet Radare2 cheat-sheet
- [86星][1y] [HTML] radareorg/r2con2018
- [82星][8m] [C] nowsecure/dirtycow radare2 IO plugin for Linux and Android. Modifies files owned by other users via dirtycow Copy-On-Write cache vulnerability
- [79星][1m] [Shell] radareorg/radare2-pm Package Manager for Radare2
- [78星][3y] [Py] pinkflawd/r2graphity Creating function call graphs based on radare2 framwork, plot fancy graphs and extract behavior indicators
- [68星][22d] [C] radareorg/radare2-regressions Regression Tests for the Radare2 Reverse Engineer's Debugger
- [67星][3y] [Java] octopus-platform/bjoern Binary analysis platform based on Octopus and Radare2
- [63星][10m] [C] zigzagsecurity/survival-guide-radare2 Basic tutorials for reverse engineer with radare2
- [62星][2y] [C] tobaljackson/2017-sit-re-presentation Intro to radare2 presentation files.
- [56星][2y] [JS] jpenalbae/r2-scripts Multiple radare2 rpipe scripts
- [49星][2y] [JS] jpenalbae/rarop Graphical ROP chain builder using radare2 and r2pipe
- [41星][3y] [C] bluec0re/reversing-radare2 A reversing series with radare2
- [34星][3y] [CSS] monosource/radare2-explorations A book on learning radare2.
- [33星][2y] [Py] guedou/r2scapy a radare2 plugin that decodes packets with Scapy
- [28星][12m] [C] mrmacete/r2scripts Collection of scripts for radare2
- [27星][3y] [Py] gdataadvancedanalytics/r2graphity Creating function call graphs based on radare2 framwork, plot fancy graphs and extract behavior indicators
- [27星][2y] [C] yara-rules/r2yara r2yara - Module for Yara using radare2 information
- [27星][11m] radareorg/r2jp Japanese Community of radare2
- [26星][3y] [C] monosource/radare2-explorations-binaries Supplement to radare2-explorations.
- [25星][3y] [ObjC] kpwn/rapd2 simple radare2 rap:// server
- [24星][2y] [Rust] sushant94/rune rune - radare2 based symbolic emulator
- [21星][5y] [C] pastcompute/lca2015-radare2-tutorial Examples and demos for my LCA2015 radare2 tutorial
- [19星][10m] [Py] radare/radare2-r2pipe-api r2pipe-api repo
- [18星][2y] [Py] countercept/radare2-scripts A collection of useful radare2 scripts!
- [18星][4m] [C#] radareorg/r2wars Corewars but within r2
- [16星][2y] arnaugamez/ncnlabs-introrewithr2
- [16星][2y] enovella/r2con-prequals-rhme3 r2 the Rhme3! The RHme (Riscure Hack me) is a low level hardware CTF that comes in the form of an Arduino board (AVR architecture). It involves a set of SW and HW challenges to test your skills in different areas such as side channel analysis, fault injection, reverse-engineering and software exploitation. In our talk we will briefly recap RHme2…
- [16星][2y] [C] safiire/radare2-dan32 Binary, Analysis, and Disassembler Radare2 Plugins for Dan32 architechture binaries
- [16星][5y] [Py] tyilo/kextd_patcher Patch kextd using radare2
- [16星][7m] [Rust] radareorg/r2pipe.rs Rust crate for r2pipe
- [15星][5m] [JS] securisec/r2retdec Use a local instance of retdec to decompile functions in radare2
- [15星][2m] [C] esanfelix/r2con2019-ctf-kernel Kernel exploitation challenge(s) I prepared for the r2con 2019 CTF.
- [14星][1y] [Py] ndaprela/r2dbg interface for radare2 based on r2pipe tailored for debugging
- [13星][4y] [Py] shaded-enmity/r2-ropstats A set of tools based on radare2 for analysis of ROP gadgets and payloads.
- [12星][1y] [C] radare/radare2-au Audio Support for radare2
- [11星][1y] [Go] wolfvan/yararet Carving tool based in Radare2 & Yara
- [10星][3y] [Py] newlog/r2msdn r2 plugin to add MSDN documentation URLs and parameter names to imported function calls
- [10星][4m] [Py] ps1337/pwntools-r2 Launch radare2 like a boss from pwntools in tmux
- [10星][26d] [Go] radareorg/r2pm Radare2 cross platform package manager
- [9星][7m] [Py] jacobpimental/r2-gohelper gopclntab finder and analyzer for Radare2
- [9星][2y] [Java] redmed666/mal6raph mal6raph: 结合radare2 和 neo4j, 辅助函数级别的相似性分析
- [8星][2y] montekki/r2evm
- [8星][3y] [Py] newlog/r2com radare2 script to help on COM objects reverse engineering
- [8星][3y] [C] radare/gradare2 Port of gradare GTK/VTE frontend to r2
- [7星][12m] [Rust] radareorg/esil-rs Radare2's ESIL in Rust
- [7星][3y] [Py] thestr4ng3r/bokken Bokken is a GUI for radare2. Don't use this, use
- [6星][2y] [Py] d00rt/gootkit_string_patcher A python script using radare2 for decrypt and patch the strings of GootKit malware
- [6星][2y] [Py] h4ng3r/r2apktool radare2 based alternative to apktool
- [6星][27d] [Dockerfile] kr1tzb1tz/r2playground
- [6星][4m] [C] radareorg/r2hexagon Hexagon disassembler code generator from the official instruction manual.
- [5星][2y] jacobpimental/intro-to-radare2
- [5星][12m] securisec/r2wiki-rtd r2wiki for readthedocs
- [4星][4y] [Py] andrewaeva/strange-functions Extract functions and opcodes with radare2
- [4星][1y] [Py] mytbk/radare-uefi helper radare2 script to analyze UEFI firmware modules
- [4星][7m] [Rust] xermicus/r2deob deobfuscation PoC with r2 + ESIL
- [3星][2y] [Py] antonin-deniau/bnstrings Binaryninja plugin that use radare2 to find and add strings to binaryninja
- [2星][3y] h4ng3r/r2dextest Dalvik tests generator for radare2 using on androguard
- [2星][2y] [C++] jubal-r/ronin Radare2 GUI
- [0星][1y] [Py] d4em0n/r2snow Integrate radare2 with snowman decompiler
- [378星][27d] [JS] nowsecure/r2frida Radare2 and Frida better together.
- 重复区段: DBI->Frida->工具->与其他工具交互->Radare2 |
- [79星][8m] [Py] guedou/r2m2 radare2 + miasm2 = ♥
- [47星][11m] [Py] nowsecure/r2lldb radare2-lldb integration
- [34星][12m] [CSS] nowsecure/r2frida-book The radare2 + frida book for Mobile Application assessment
- 重复区段: DBI->Frida->工具->与其他工具交互->Radare2 |
- [175星][14d] [C++] radareorg/r2ghidra-dec Ghidra反编译器与Radare2深度集成
- 重复区段: Ghidra->插件->与其他工具交互->Radare2 |
- [125星][8m] [Py] danigargu/syms2elf 将IDA Pro和Radare2识别的符号(目前仅函数)导出到ELF符号表
- [123星][2m] [Py] radare/radare2ida Tools, documentation and scripts to move projects from IDA to R2 and viceversa
- 重复区段: IDA->插件->导入导出->Radare2 |
- [67星][1y] [JS] radareorg/radare2-webui webui repository for radare2
- [47星][8y] [Py] radare/bokken python-gtk UI for radare2
- [35星][3y] [C#] m4ndingo/radare2gui_dotnet Another radare2 gui for windows
- [23星][2y] [c++] dax89/r2gui Unofficial Qt5 frontend for Radare2
- [6176星][8d] [C++] radareorg/cutter 逆向框架 radare2的Qt界面,iaito的升级版
- [8星][8m] [Py] daringjoker/assembly-refrence A plugin for Cutter that show the information about the assembly instruction currently selected .. only for x86 and x64
- [8星][9m] [Py] radareorg/cutter-jupyter Jupyter Plugin for Cutter
- [6星][10m] [Py] securitykitten/cutter_scripts A collection of scripts for Cutter
- [2星][6m] [Py] javieryuste/radare2-deep-graph A Cutter plugin to generate radare2 graphs
- 2019.10 [prsecurity] Radare2 for RE CTF
- 2019.09 [securityartwork] YaraRET (I): Carving with Radare2 & Yara
- 2019.07 [freebuf] 教你使用Cutter和Radare2对APT32恶意程序流程图进行反混淆处理
- 2019.07 [THER] 0x0D - FLARE-On #3 Challenge Part 2 [Reversing with Radare2]
- 2019.07 [THER] 0x09 Cross References [Reversing with Radare2]
- 2019.07 [THER] 0x08 Navigation [Reversing with Radare2]
- 2019.07 [THER] 0x04 Target Application [Reversing with Radare2]
- 2019.06 [THER] 0x03 Environment Setup [Reversing with Radare2]
- 2019.06 [THER] 0x02 What is Radare2 [Reversing with Radare2]
- 2019.06 [THER] 0x00 Intro [Reversing with Radare2]
- 2019.06 [hitbsecconf] #HITB2019AMS D1T3 - Overcoming Fear: Reversing With Radare2 - Arnau Gamez Montolio
- 2019.05 [X0x0FFB347] Solving MalwareTech Shellcode challenges with some radare2 magic!
- 2019.05 [360] 使用Cutter和Radare2对APT32恶意程序流程图进行反混淆处理
- 2019.05 [SagiDana] Radare2 — Keep It Or Leave It?
- 2019.04 [X0x0FFB347] Solving MalwareTech String Challenges With Some Radare2 Magic!
- 2019.04 [radare] Radare2 Summer of Code 2019 Selection Results
- 2019.04 [radare] Radare2 Summer of Code 2019 Selection Results
- 2019.03 [sans] Binary Analysis with Jupyter and Radare2
- 2019.02 [freebuf] Radare2:一款类Unix命令行逆向安全框架
- 2019.02 [radare] Radare2 Community Survey Results
- 2019.02 [radare] Radare2 Community Survey Results
- 2019.01 [ly0n] Kaspersky “Terminal.exe” crackme analysis with Radare2
- 2019.01 [ly0n] Kaspersky “Terminal.exe” crackme analysis with Radare2
- 2019.01 [ly0n] Reversing x64 linux code with Radare2 part II
- 2019.01 [ly0n] Reversing x64 linux code with Radare2 part II
- 2019.01 [ly0n] Reversing C code in x64 systems with Radare2 part I
- 2019.01 [ly0n] Reversing C code in x64 systems with Radare2 part I
- 2018.10 [DEFCONConference] DEF CON 26 CAR HACKING VILLAGE - Ben Gardiner - CAN Signal Extraction from OpenXC with Radare2
- 2018.10 [PancakeNopcode] r2con2018 - Bug Classification using radare2 - by Andrea Sindoni
- 2018.10 [moveax] Protostar: Unravel stack0 with Radare2
- 2018.08 [radare] Radare2 and bioinformatics: a good match?
- 2018.08 [radare] Radare2 and bioinformatics: a good match?
- 2018.07 [radare] Background Tasks in radare2
- 2018.07 [radare] Background Tasks in radare2
- 2018.07 [pediy] [翻译]radare2高阶
- 2018.07 [pediy] [翻译]Radare2进阶
- 2018.07 [pediy] [翻译]radare2入门
- 2018.06 [megabeets] Decrypting APT33’s Dropshot Malware with Radare2 and Cutter – Part 2
- 2018.06 [sans] Binary analysis with Radare2
- 2018.05 [megabeets] 使用Radare2和Cutter解密APT33的Dropshot恶意软件
- 2018.04 [moveax] Dr Von Noizeman’s Nuclear Bomb defused with Radare2
- 2018.04 [reversingminds] 使用radare2分析GootKit银行恶意软件的简单方法
- 2018.03 [pediy] [翻译]在Windows平台下的使用radare2进行调试
- 2018.03 [moveax] BombLab Dissected with Radare2
- 2018.03 [dustri] Radare2 is accepted in the Google Summer of Code 2018
- 2018.03 [moveax] IOLI-Crackme with Radare2: Closing Thoughts
- 2018.02 [moveax] Crackme0x09 Dissected with Radare2
- 2018.02 [moveax] Crackme0x08 Dissected with Radare2
- 2018.02 [moveax] Crackme0x07 Dissected with Radare2
- 2018.02 [moveax] Crackme0x06 Dissected with Radare2
- 2018.01 [moveax] Crackme0x05 Dissected with Radare2
- 2018.01 [moveax] Crackme0x04 Dissected with Radare2
- 2018.01 [moveax] Radare2’s Visual Mode
- 2018.01 [moveax] Crackme0x03 Dissected with Radare2
- 2018.01 [megabeets] Reversing a Self-Modifying Binary with radare2
- 2018.01 [moveax] Crackme0x02 Dissected with Radare2
- 2018.01 [moveax] Crackme0x01 Dissected with Radare2
- 2018.01 [moveax] An excuse to learn Radare2
- 2017.12 [positive] Debugging EVM bytecode with radare2
- 2017.12 [goggleheadedhacker] Reverse Engineering With Radare2 — Part 2
- 2017.12 [positive] Reversing EVM bytecode with radare2
- 2017.12 [jacob16682] Reverse Engineering With Radare2 — Part 2
- 2017.12 [goggleheadedhacker] Reverse Engineering Using Radare2
- 2017.12 [jacob16682] Reverse Engineering Using Radare2
- 2017.12 [radiofreerobotron] ROPEmporium: Pivot 64-bit CTF Walkthrough With Radare2
- 2017.12 [PancakeNopcode] recon2017 - Bubble Struggle Call Graph Visualization with Radare2 - by mari0n
- 2017.11 [radiofreerobotron] ROPEmporium: Pivot 32-bit CTF Walkthrough With Radare2
- 2017.11 [aliyun] Radare2使用实战
- 2017.11 [aliyun] Radare2使用全解
- 2017.11 [dustri] Solving game2 from the badge of Black Alps 2017 with radare2
- 2017.10 [animal0day] Hack.lu CTF:使用radare2 和 pwntools (ret2libc) 解决 HeapHeaven
- 2017.10 [megabeets] 使用 radare2 逆向Gameboy ROM
- 2017.09 [PancakeNopcode] r2con2017 - Diaphora with radare2 by matalaz and pancake
- 2017.09 [dustri] Defeating IOLI with radare2 in 2017
- 2017.08 [rkx1209] GSoC Final: radare2 Timeless Debugger
- 2017.08 [rootedconmadrid] ABEL VALERO - Radare2 - 1.0 [Rooted CON 2017 - ENG]
- 2017.08 [rootedconmadrid] ABEL VALERO - Radare2 - 1.0 [Rooted CON 2017 - ESP]
- 2017.07 [pediy] [翻译]Radare2文档(1)
- 2017.05 [n0where] Reverse Engineering Framework: radare2
- 2017.03 [radare] Radare2 and Capstone
- 2017.03 [radare] Radare2 and Capstone
- 2017.03 [xpnsec] Radare2 - Using Emulation To Unpack Metasploit Encoders
- 2017.01 [PancakeNopcode] Reversing with Radare2 at OverdriveCon (unofficial periscope stream)
- 2017.01 [PancakeNopcode] radare2 1.0 r2con
- 2016.11 [dustri] Radare2 at the Grehack 2016
- 2016.11 [X0x6d696368] OpenOCD (ARC dev branch) dumping Zheino A1 firmware (with plausability check via radare2)
- 2016.10 [securityblog] Install latest radare2 on Kali
- 2016.10 [insinuator] Reverse Engineering With Radare2 – Part 3
- 2016.10 [X0x6d696368] OpenOCD dumping WD800JG firmware via Bus Blaster ... then import into Radare2
- 2016.10 [unlogic] FrogSEK KGM video walkthrough with radare2
- 2016.10 [unlogic] FrogSEK KGM video walkthrough with radare2
- 2016.09 [securityblog] Disassembling functions with Radare2
- 2016.09 [PancakeNopcode] Presentación de radare2 en la FiberParty 2009 (spanish)
- 2016.09 [dustri] Defeating crp-'s collide with radare2
- 2016.09 [PancakeNopcode] r2con - pwning embedded systems with radare2 by Daniel Romero
- 2016.09 [PancakeNopcode] r2con 2016 - Jay Rosenberg - Improving PE analysis on radare2
- 2016.09 [PancakeNopcode] r2con 2016 - SkUaTeR patching Cidox via radare2's r2k:// on kernel demo
- 2016.08 [insinuator] Reverse Engineering With Radare2 – Part 2
- 2016.08 [insinuator] Reverse Engineering With Radare2 – Part 1
- 2016.08 [radare] Retrieving configuration of a Remote Administration Tool (Malware) with radare2 statically
- 2016.08 [radare] Retrieving configuration of a Remote Administration Tool (Malware) with radare2 statically
- 2016.08 [radare] Crosscompile radare2 with dockcross
- 2016.08 [radare] Crosscompile radare2 with dockcross
- 2016.08 [insinuator] Reverse Engineering With Radare2 – Intro
- 2016.08 [PancakeNopcode] Neuroflip's radare2 0 sidparty (2010-03-17)
- 2016.06 [devit] Diving Into Radare2
- 2016.06 [unlogic] crackserial_linux with radare2
- 2016.06 [unlogic] crackserial_linux with radare2
- 2016.06 [radare] Radare2 Explorations: New book released!
- 2016.06 [radare] Radare2 Explorations: New book released!
- 2016.06 [unlogic] Binary Bomb with Radare2 - Secret Phase
- 2016.06 [unlogic] Binary Bomb with Radare2 - Secret Phase
- 2016.05 [unlogic] Binary Bomb with Radare2 - Phase 6
- 2016.05 [unlogic] Binary Bomb with Radare2 - Phase 6
- 2016.05 [unlogic] Binary Bomb with Radare2 - Phase 5
- 2016.05 [unlogic] Binary Bomb with Radare2 - Phase 5
- 2016.05 [unlogic] Binary Bomb with Radare2 - Phase 4
- 2016.05 [unlogic] Binary Bomb with Radare2 - Phase 4
- 2016.04 [unlogic] Binary Bomb with Radare2 - Phase 3
- 2016.04 [unlogic] Binary Bomb with Radare2 - Phase 3
- 2016.04 [PancakeNopcode] Radare2 from A to Z @ NcN 2015
- 2016.04 [unlogic] Binary Bomb with Radare2 - Phase 2
- 2016.04 [unlogic] Binary Bomb with Radare2 - Phase 2
- 2016.04 [aassfxxx] Breaking Cerber strings obfuscation with Python and radare2
- 2016.04 [unlogic] Binary Bomb with Radare2 - Phase 1
- 2016.04 [unlogic] Binary Bomb with Radare2 - Phase 1
- 2016.04 [unlogic] Binary Bomb with Radare2 - Prelude
- 2016.04 [unlogic] Binary Bomb with Radare2 - Prelude
- 2016.03 [techorganic] 30分钟学会Radare2
- 2016.02 [ZeroNights] Anton Kochkov — ESIL — universal IL (Intermediate Language) for Radare2
- 2016.01 [freebuf] 使用Radare2和Ruby开发恶意软件配置解析器
- 2016.01 [dustri] How to radare2 a fake openssh exploit
- 2015.12 [PancakeNopcode] Radare2 on Apple Watch
- 2015.12 [radare] Unpacking shikata-ga-nai by scripting radare2
- 2015.12 [radare] Unpacking shikata-ga-nai by scripting radare2
- 2015.11 [dustri] Exploiting exp200 from Defcamp 2015 finals with radare2
- 2015.11 [dustri] Reversing re200 from Defcamp (D-CTF) final 2015 with radare2
- 2015.11 [PancakeNopcode] Radare2's September Gource
- 2015.10 [PancakeNopcode] Skuater and ThePoPe explaining how the ESIL evaluation loop works. #radare2 #nn5ed #navajasnegras
- 2015.08 [dustri] Pwning exploit400 from the Nullcon 2014 CTF with radare2
- 2015.08 [dustri] Pwning sushi from BSides Vancouver CTF with radare2
- 2015.05 [radare] Defeating baby_rop with radare2
- 2015.05 [radare] Defeating baby_rop with radare2
- 2015.05 [radare] Using radare2 to pwn things
- 2015.05 [radare] Using radare2 to pwn things
- 2015.04 [dustri] Exploiting ezhp (pwn200) from PlaidCTF 2014 with radare2
- 2015.04 [PancakeNopcode] Radare2 debugger swipe on UbuntuTouch
- 2015.01 [radare] Parsing a fileformat with radare2
- 2015.01 [radare] Parsing a fileformat with radare2
- 2014.12 [dustri] Exploiting Zengarden (Boston Key Party 2014, pwn300) with radare2
- 2014.11 [radare] Radare2 is documented
- 2014.11 [radare] Radare2 is documented
- 2014.10 [radare] Solving 'At gunpoint' from hack.lu 2014 with radare2
- 2014.10 [radare] Solving 'At gunpoint' from hack.lu 2014 with radare2
- 2014.09 [radare] Adventures with Radare2 #1: A Simple Shellcode Analysis
- 2014.09 [radare] Adventures with Radare2 #1: A Simple Shellcode Analysis
- 2014.08 [dustri] PwniumCTF 2014 - kernel (150) with radare2
- 2014.05 [radare] Getting the latest radare2
- 2014.05 [radare] Getting the latest radare2
- 2014.03 [theevilbit] radare2 reverse engineering framework: rasm2
- 2014.03 [theevilbit] radare2 reverse engineering framework: rax2
- 2013.12 [toolswatch] radare2, the reverse engineering framework v0.9.6 released
- 2013.11 [dustri] Defeating crackme03 with radare2
- 2013.08 [dustri] Defeating ioli with radare2
- 2013.08 [dustri] Defeating crp-'s bf with radare2
- 2013.08 [dustri] Defeating crp-'s 888 with radare2
- 2012.08 [dustri] Defeating lincrackme3 with radare2
- 2019.12 [megabeets] 5 Ways to patch binaries with Cutter
- 2019.07 [THER] 0x0C - Cutter: FLARE-On #3 Challenge Part 1 [Reversing with Radare2]
- 2018.10 [PancakeNopcode] r2con2018 - Cutter by @xarkes
- 2018.08 [radare] GSoC 2018 Final: Debugging and Emulation Support for Cutter
- 2017.12 [n0where] Qt C++ radare2 GUI: Cutter
- [2820星][1m] [Py] androguard/androguard Reverse engineering, Malware and goodware analysis of Android applications ... and more (ninja !)
- [498星][4y] [Py] vector35/deprecated-binaryninja-python Deprecated Binary Ninja prototype written in Python
- [328星][5m] [Py] vector35/binaryninja-api Public API, examples, documentation and issues for Binary Ninja
- [280星][3m] [Py] pbiernat/ripr Package Binary Code as a Python class using Binary Ninja and Unicorn Engine
- [201星][14d] [JS] ret2got/disasm.pro A realtime assembler/disassembler (formerly known as disasm.ninja)
- [177星][6m] [Py] trailofbits/binjascripts Scripts for Binary Ninja
- [141星][2y] [Py] snare/binjatron Binary Ninja plugin for Voltron integration
- [95星][3y] appsecco/defcon24-infra-monitoring-workshop Defcon24 Workshop Contents : Ninja Level Infrastructure Monitoring
- [85星][3y] [Py] vector35/binaryninja-plugins Repository to track Binary Ninja Plugins, Themes, and other related tools
- [56星][2m] [Py] forallsecure/bncov Scriptable Binary Ninja plugin for coverage analysis and visualization
- [40星][1y] [Py] cetfor/papermachete A project that uses Binary Ninja and GRAKN.AI to perform static analysis on binary files with the goal of identifying bugs in software.
- [37星][10m] [Py] carstein/annotator Binary Ninja Function Annotator
- [31星][3y] [Py] nopdev/binjadock An extendable, tabbed, dockable UI widget plugin for BinaryNinja
- [31星][1m] [Py] whitequark/binja_itanium_cxx_abi Binary Ninja ItaniumC++ ABI 插件. 提供了一个自定义的 demangler,能够分析解析 RTTI 和 vtables,并发现基于虚函数指针的新函数
- [31星][6m] [Py] withzombies/bnil-graph A BinaryNinja plugin to graph a BNIL instruction tree
- [29星][2y] [Py] ernw/binja-ipython A plugin to integrate an IPython kernel into Binary Ninja.
- [28星][6m] [Py] fluxchief/binaryninja_avr Binaryninja AVR architecture plugin with lifting
- [25星][4m] [Py] trailofbits/objcgraphview A graph view plugin for Binary Ninja to visualize Objective-C
- [25星][19d] [Py] riverloopsec/hashashin Hashashin: A Fuzzy Matching Tool for Binary Ninja
- [24星][2y] [Py] nccgroup/binja_dynamics A PyQt5 frontend to the binjatron plugin for Binary Ninja that includes highlighting features aimed at making it easier for beginners to learn about reverse engineering
- [21星][6m] [Py] zznop/binjago Binary Ninja plugin for ROP gadget calculation
- [19星][4m] [Py] joshwatson/binaryninja-msp430 msp430 Architecture plugin for Binary Ninja
- [18星][2y] [Py] joshwatson/binaryninja-bookmarks Plugin for BinaryNinja that provides bookmarking functionality
- [18星][12m] [Py] transferwise/pg_ninja The ninja elephant obfuscation and replica tool
- [17星][2y] [Py] extremecoders-re/bnpy An architecture plugin for binary ninja to disassemble raw python bytecode
- [16星][6m] [Py] carstein/syscaller BinaryNinja 插件,发生系统调用时自动获取调用的参数
- [16星][1y] [Py] lunixbochs/bnrepl Run your Binary Ninja Python console in a separate Terminal window.
- [16星][3y] [Py] rootbsd/binaryninja_plugins Binary ninja plugins
- [15星][3y] [Py] orndorffgrant/bnhook binary ninja plugin for adding custom hooks to executables
- [15星][5m] [Py] zznop/bn-genesis Binary Ninja plugin suite for SEGA Genesis ROM hacking
- [14星][3y] [Py] coldheat/liil Linear IL view for Binary Ninja
- [12星][2y] [Py] gitmirar/binaryninjayaraplugin Yara Plugin for Binary Ninja
- [12星][8m] [Py] ktn1990/cve-2019-10869 (Wordpress) Ninja Forms File Uploads Extension <= 3.0.22 – Unauthenticated Arbitrary File Upload
- [11星][3m] [C++] 0x1f9f1/binja-pattern
- [10星][2y] [Py] chokepoint/bnpincoverage Visually analyze basic block code coverage in Binary Ninja using Pin output.
- [10星][5y] [Py] emileaben/scapy-dns-ninja Minimal DNS answering machine, for customized/programmable answers
- [10星][2m] [Py] zznop/bn-brainfuck Brainfuck architecture module and loader for Binary Ninja
- [9星][10m] [Py] manouchehri/binaryninja-radare2 DEPRECIATED
- [8星][2y] [Py] cah011/binja-avr AVR assembly plugin for Binary Ninja
- [8星][6m] [Py] joshwatson/binaryninja-microcorruption BinaryView Plugin for Microcorruption CTF memory dumps
- [8星][4m] [Py] whitequark/binja-i8086 16-bit x86 architecture for Binary Ninja
- [7星][1y] [Py] rick2600/xref_call_finder Plugin for binary ninja to find calls to function recursively
- [6星][1y] [Py] kudelskisecurity/binaryninja_cortex A Binary Ninja plugin to load Cortex-based MCU firmware
- [5星][6m] [Py] 0x1f9f1/binja-msvc
- [5星][3y] agnosticlines/binaryninja-plugins A repo with a listing of binary ninja scripts + plugins (massively inspired by
- [5星][6m] [Py] bkerler/annotate Binary Ninja plugin for annotation of arguments for functions
- [5星][5m] [Py] icecr4ck/bngb Binary Ninja Game Boy loader and architecture plugin for analysing and disassembling GB ROM.
- [4星][11m] [HTML] evanrichter/base16-binary-ninja Base16 Color Template for Binja
- [3星][2y] [Py] nallar/binja-function-finder Binary ninja plugin which adds simple tools for finding functions
- [2星][3m] [Py] 404d/peutils Binary Ninja plugin providing various niche utilities for working with PE binaries
- [2星][11m] [Py] blurbdust/binaryninja_plan9_aout Binary Ninja Plugin for disassembling plan 9 a.out binaries
- [2星][5m] [Py] icecr4ck/bnmiasm Plugin to visualize Miasm IR graph in Binary Ninja.
- [2星][3y] [C] jhurliman/binaryninja-functionmatcher A Binary Ninja plugin to match functions and transplant symbols between similar binaries
- [2星][3y] [Py] rick2600/textify_function Plugin for binary ninja to textify function to copy and paste
- [2星][6m] [Py] vasco-jofra/jump-table-branch-editor A binary ninja plugin that eases fixing jump table branches
- [1星][1y] [Py] arcnor/binja_search Binary Ninja search plugin
- [1星][2y] [Py] kapaw/binaryninja-lc3 LC-3 architecture plugin for Binary Ninja
- [0星][3y] [Py] ehennenfent/binja_spawn_terminal A tiny plugin for Binary Ninja that enables the ui to spawn terminals on Ubuntu and OS
- [149星][2y] [Py] hugsy/binja-retdec Binary Ninja plugin to decompile binaries using RetDec API
- [8星][3m] [Py] c3r34lk1ll3r/binrida Plugin for Frida in Binary Ninja
- [68星][9m] [Py] lunixbochs/revsync IDA和Binja实时同步插件
- 重复区段: IDA->插件->导入导出->BinaryNinja |
- [61星][6m] [Py] zznop/bnida 4个脚本,在IDA和BinaryNinja间交互数据
- 重复区段: IDA->插件->导入导出->BinaryNinja |
- ida_export 将数据从IDA中导入
- ida_import 将数据导入到IDA
- binja_export 将数据从BinaryNinja中导出
- binja_import 将数据导入到BinaryNinja
- [14星][6m] [Py] cryptogenic/idc_importer Binary Ninja插件,从IDA中导入IDC数据库转储
- 重复区段: IDA->插件->导入导出->BinaryNinja |
- 2019.08 [trailofbits] Reverse Taint Analysis Using Binary Ninja
- 2018.09 [aliyun] 使用Binary Ninja调试共享库
- 2018.09 [kudelskisecurity] Analyzing ARM Cortex-based MCU firmwares using Binary Ninja
- 2018.07 [aliyun] WCTF 2018 - binja - rswc
- 2018.04 [trailofbits] 使用Binary Ninja的MLIL和SSA, 挖掘二进制文件的漏洞. (MLIL: Medium Level IL, 中间层IL)(SSA: Single Static Assignment)
- 2018.01 [pediy] [翻译]逆向平台Binary Ninja介绍
- 2017.11 [] bnpy - A python architecture plugin for Binary Ninja
- 2017.10 [ret2] Untangling Exotic Architectures with Binary Ninja
- 2017.10 [chokepoint] Pin Visual Coverage Tool for Binary Ninja
- 2017.03 [GynvaelEN] Hacking Livestream #14: Binary Ninja Plugins (with carstein)
- 2016.12 [kchung] Binary Ninja: IPython and the Python Console
- 2016.03 [arm] Introduction to the Binary Ninja API
- [877星][8m] [Py] erocarrera/pefile pefile is a Python module to read and work with PE (Portable Executable) files
- [634星][10d] [C] thewover/donut Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from memory and runs them with parameters
- [537星][1y] [C#] ghostpack/safetykatz Mimikatz和 .NET PE Loader的结合
- [522星][4y] [C] jondonym/peinjector peinjector - MITM PE file infector
- [426星][2y] [Py] endgameinc/gym-malware 基于OpenAI Gym 实现的恶意代码操作环境,其目标是实现可以学习如何修改 PE 文件以达到特定目的(例如绕过AV)的 agent。(OpenAIGym:开发和通过比较强化学习算法的工具包)
- [388星][1y] [Assembly] hasherezade/pe_to_shellcode Converts PE into a shellcode
- [385星][3m] [Jupyter Notebook] endgameinc/ember 110万PE文件的数据集合, 可用于训练相关模型. PE文件信息主要包括: SHA256/histogram(直方图)/byteentropy(字节熵)/字符串/PE头信息/段信息/导入表/导出表
- [365星][2y] petoolse/petools PE Tools - Portable executable (PE) manipulation toolkit
- [344星][1y] [Assembly] egebalci/amber 反射式PE加壳器,用于绕过安全产品和缓解措施
- [337星][5m] [C] merces/pev The PE file analysis toolkit
- [316星][24d] [C++] trailofbits/pe-parse Principled, lightweight C/C++ PE parser
- [315星][14d] [VBA] itm4n/vba-runpe A VBA implementation of the RunPE technique or how to bypass application whitelisting.
- [296星][12d] [C++] hasherezade/libpeconv 用于映射和取消映射PE 文件的库
- [285星][7m] [Java] katjahahn/portex Java library to analyse Portable Executable files with a special focus on malware analysis and PE malformation robustness
- [283星][2y] [C++] google/syzygy a suite of tools for the instrumentation of COFF object files and PE binaries
- [227星][3y] [C++] secrary/infectpe Inject custom code into PE file [This project is not maintained anymore]
- [189星][5y] [C++] rwfpl/rewolf-x86-virtualizer Simple VM based x86 PE (portable exectuable) protector.
- [151星][6y] [Py] hiddenillusion/analyzepe Wraps around various tools and provides some additional checks/information to produce a centralized report of a PE file.
- [146星][5m] [C++] darthton/polychaos PE permutation library
- [140星][1y] [Py] codypierce/hackers-grep hackers-grep is a utility to search for strings in PE executables including imports, exports, and debug symbols
- [137星][22d] [Py] rvn0xsy/cooolis-ms Cooolis-ms is a server that supports the Metasploit Framework RPC. It is used to work with the Shellcode and PE loader. To some extent, it bypasses the static killing of anti-virus software, and allows the Cooolis-ms server to communicate with the Metasploit server. Separation.
- [129星][3m] [C++] nettitude/simplepeloader In-Memory PE Loader
- [122星][3y] [C] l0n3c0d3r/ceed A tiny x86 compiler with ELF and PE target
- [111星][2m] [C] hasherezade/chimera_pe ChimeraPE (a PE injector type - alternative to: RunPE, ReflectiveLoader, etc) - a template for manual loading of EXE, loading imports payload-side
- [111星][2m] [C] hasherezade/chimera_pe ChimeraPE (a PE injector type - alternative to: RunPE, ReflectiveLoader, etc) - a template for manual loading of EXE, loading imports payload-side
- [110星][7y] [C++] abhisek/pe-loader-sample Proof of concept implementation of in-memory PE Loader based on ReflectiveDLLInjection Technique
- [105星][6y] [Py] secretsquirrel/recomposer Randomly changes Win32/64 PE Files for 'safer' uploading to malware and sandbox sites.
- [96星][2y] [C++] hasherezade/pe_recovery_tools Helper tools for recovering dumped PE files
- [88星][3y] [C++] egebalci/cminer Cminer is a tool for enumerating the code caves in PE files.
- [83星][2y] [C++] benjaminsoelberg/reflectivepeloader Reflective PE loader for DLL injection
- [49星][7y] [C++] frankstain/pe-loader library, which help to describe or load and execute PE files.
- [45星][2m] [C++] avast/pelib PE file manipulation library.
- [42星][1y] [Py] jpcertcc/impfuzzy Fuzzy Hash calculated from import API of PE files
- [38星][3y] [Py] cysinfo/pymal PyMal is a python based interactive Malware Analysis Framework. It is built on the top of three pure python programes Pefile, Pydbg and Volatility.
- [38星][1m] [YARA] te-k/pe CLI tool to analyze PE files
- [37星][3y] [Py] dungtv543/dutas Analysis PE file or Shellcode
- [35星][4y] [C] motazreda/malwarefragmentationtool Malware Fragmentation Tool its a tool that simply fragment the PE file and it can disassemble the PE file, etc this tool very useful for people who do malware research or analysis for pe_files
- [33星][3y] [HTML] wolfram77web/app-peid PEiD detects most common packers, cryptors and compilers for PE files.
- [32星][1y] [C++] ntraiseharderror/dreadnought PoC for detecting and dumping code injection (built and extended on UnRunPE)
- [31星][2y] [Py] ihack4falafel/subrosa Basic tool to automate backdooring PE files
- [30星][1y] [C++] ntraiseharderror/unrunpe PoC for detecting and dumping process hollowing code injection
- [29星][2y] [Py] ice3man543/malscan A Simple PE File Heuristics Scanners
- [29星][2y] [C] jnastarot/native_peloader PE(compressed dll) memory loader using nt api
- [29星][4m] [Py] obscuritylabs/pefixup PE File Blessing - To continue or not to continue
- [28星][1y] [C++] jiazhang0/seloader Secure EFI Loader designed to authenticate the non-PE files
- [27星][5y] [Py] matonis/rippe ripPE - section extractor and profiler for PE file analysis
- [26星][2y] [C++] kernelm0de/runpe-processhollowing RunPE
- [24星][6y] [C++] edix/malwareresourcescanner Scanning and identifying XOR encrypted PE files in PE resources
- [24星][2y] [C++] polycone/pe-loader A Windows PE format file loader
- [21星][3m] [C] jackullrich/trunpe A modified RunPE (process hollowing) technique avoiding the usage of SetThreadContext by appending a TLS section which calls the original entrypoint.
- [18星][3y] [Py] 0xyg3n/mem64 Run Any Native PE file as a memory ONLY Payload , most likely as a shellcode using hta attack vector which interacts with Powershell.
- [17星][5y] [C] maldevel/pedumper Dump Windows PE file information in C
- [16星][2y] [Py] aserper/ahk-dumper Ahk-dumper is a tool to dump AutoHotKey code from the RDATA section of a PE file.
- [14星][7m] [Assembly] egebalci/iat_api Assembly block for finding and calling the windows API functions inside import address table(IAT) of the running PE file.
- [14星][2y] [C++] wyexe/peloader
- [12星][1y] [Go] egebalci/mappe MapPE constructs the memory mapped image of given PE files.
- [10星][3y] [Py] cloudtracer/pefile.pypy Pypy.js compatible version of pefile.py for use in offline browser implementation
- [10星][3y] johntroony/pe-codecaving Work files for my blog post "Code Caving in a PE file.
- [10星][5y] [C++] opensecurityresearch/slacker A prototype file slack space remover
- [8星][2y] [C] in3o/binclass Recovering Object information from a C++ compiled Binary/Malware (mainly written for PE files) , linked dynamically and completely Stripped.
- [8星][3y] [C++] thecxx/image PE Loader for win32
- [5星][2y] [Py] deadbits/pe-static Static file analysis for PE files
- [5星][2y] [C] jmcph4/peek PEek is a simple PE file viewer.
- [5星][4y] [C++] waleedassar/timedatestamp Discover TimeDateStamps In PE File
- [5星][11m] [Go] abdullah2993/go-runpe
- [3星][2y] [C++] kernelm0de/runpe_detecter RunPE Detecter
- [2星][4y] [Py] missmalware/importdict An easy way to identify imports of interest in a PE file
- [0星][9m] [Py] 0xd0cf11e/pefile Anything related to PE Files
- 2019.12 [aliyun] 手工shellcode注入PE文件
- 2019.10 [freebuf] PEpper:一款针对可执行程序的开源恶意软件静态分析工具
- 2019.09 [sevagas] Process PE Injection Basics
- 2019.07 [hexacorn] PE Section names – re-visited, again
- 2019.06 [hasherezade] PE-sieve v0.2.1 release notes - import recovery & unpacking ASPack (part 2)
- 2019.05 [0x00sec] Backdoorin pe files
- 2019.05 [360] Windows调试艺术——PE文件变形(一)
- 2019.05 [arxiv] [1905.01999] A Benchmark API Call Dataset for Windows PE Malware Classification
- 2019.04 [decoder] Combinig LUAFV PostLuafvPostReadWrite Race Condition PE with DiagHub collector exploit -> from standard user to SYSTEM
- 2019.04 [MalwareAnalysisForHedgehogs] Malware Theory - PE Malformations and Anomalies
- 2019.04 [freebuf] Xori:一款针对PE32和Shellcode的自动化反编译与静态分析库
- 2019.03 [hexacorn] PE files and the DemoScene
- 2019.03 [] 携带恶意PE文件的壁纸类应用出现在Google Play
- 2019.03 [] 携带恶意PE文件的壁纸类应用出现在Google Play
- 2019.03 [] Malicious PE files discovered on Google Play
- 2019.03 [hexacorn] PE Compilation Timestamps vs. forensics
- 2019.03 [cristivlad25] Machine Learning for Malware Detection - 4 - Portable Executable (PE) Files
- 2019.03 [hexacorn] Extracting and Parsing PE signatures en masse
- 2019.02 [hexacorn] PE files and the Easy Programming Language (EPL)
- 2019.01 [pediy] [原创]PE加载器的简单实现
- 2019.01 [fuzzysecurity] Powershell PE Injection: This is not the Calc you are looking for!
- 2019.01 [fuzzysecurity] Avoiding antivirus && Backdooring PE files
- 2019.01 [fuzzysecurity] Subvert-PE
- 2019.01 [fuzzysecurity] Interpret-PE
- 2019.01 [hshrzd] PE-bear – version 0.3.9 available
- 2019.01 [hexacorn] Hunting for additional PE timestamps
- 2019.01 [freebuf] 利用PNG像素隐藏PE代码:分析PNG Dropper新样本
- 2018.12 [pediy] [分享][原创]小型PE查看器
- 2018.11 [n0where] Investigate Inline Hooks: PE-sieve
- 2018.11 [hasherezade] PE-sieve 0.1.5 release notes - what are the dump modes about?
- 2018.11 [360] 一PE感染型木马行为分析、清理及感染文件修复
- 2018.10 [pediy] [原创]代码二次开发 C语言实现给自己的PE文件添加一个section(区段)
- 2018.10 [osandamalith] PE Sec Info – A Simple Tool to Manipulate ASLR and DEP Flags
- 2018.10 [pediy] [原创]PE文件解析 系列文章(二)
- 2018.10 [pediy] [原创]PE文件解析 系列文章(一)
- 2018.09 [andreafortuna] Some thoughts about PE Injection
- 2018.09 [infosecinstitute] Back-dooring PE Files on Windows [Updated 2018]
- 2018.08 [aliyun] 『功守道』软件供应链安全大赛·PE二进制赛季启示录:下篇
- 2018.08 [aliyun] 『功守道』软件供应链安全大赛·PE二进制赛季启示录:上篇
- 2018.08 [360] 『功守道』软件供应链安全大赛·PE二进制赛季启示录
- 2018.08 [pediy] PE结构导出表信息读取
- 2018.07 [didierstevens] Extracting DotNetToJScript’s PE Files
- 2018.06 [pentesttoolz] PE Linux – Linux Privilege Escalation Tool
- 2018.05 [reversingminds] A simple unpacker of a simple PE packer (shrinkwrap)
- 2018.04 [dist67] VBA Maldoc: Form-Embedded PE File
- 2018.04 [pediy] [原创][新手]010纯手工编辑打造PE文件
- 2018.04 [pediy] [原创]C++读取PE文件中的资源表
- 2018.04 [hshrzd] PE-bear – version 0.3.8 available
- 2018.04 [hexacorn] Enlightened and Unenlightened PE files
- 2018.04 [pediy] [原创]记一个PESpin0.3x壳的详细脱壳笔记和脱壳脚本
- 2018.03 [MalwareAnalysisForHedgehogs] Malware Theory - Memory Mapping of PE Files
- 2018.03 [MalwareAnalysisForHedgehogs] Malware Theory - Basic Structure of PE Files
- 2018.03 [BinaryAdventure] MALWARE ANALYSIS - Adlice PEViewer Introduction/Review
- 2018.02 [pediy] [原创]发一个我用C语言编写的PEInfo(附源码,基于win32 sdk)
- 2018.02 [pediy] [原创]浅谈XP下最小PE
- 2018.02 [randhome] Another PE tool
- 2018.01 [KirbiflintCracking] Testing my SimplePEReader
- 2018.01 [arxiv] [1801.08917] Learning to Evade Static PE Machine Learning Malware Models via Reinforcement Learning
- 2018.01 [pediy] [分享]PE结构体中导出表/导入表解析——初阶
- 2018.01 [hasherezade] Unpacking Ramnit with HollowsHunter/PE-sieve
- 2018.01 [hasherezade] Unpacking Loki Bot with HollowsHunter/PE-sieve
- 2017.12 [hasherezade] Unpacking TrickBot with PE-sieve
- 2017.12 [evi1cg] BypassAV With ReflectivePEInjection
- 2017.12 [hasherezade] DEMO: Unpackig process hollowing with PE-sieve
- 2017.12 [pediy] [翻译]利用PE文件映射库libpeconv来解决FlareOn4 CTF比赛的挑战题6
- 2017.12 [hasherezade] My experiments with ProcessDoppelganging - running a PE from any file
- 2017.12 [hasherezade] Unpacking Magniber ransomware with PE-sieve (former: 'hook_finder')
- 2017.12 [360] 深入分析PE可执行文件是如何进行加壳和数据混淆的
- 2017.11 [360] 手把手教你在PE文件中植入无法检测的后门(下)
- 2017.11 [hasherezade] DEMO: a custom PE loader using libpeconv
- 2017.11 [360] 手把手教你在PE文件中植入无法检测的后门(上)
- 2017.11 [hasherezade] RunPE - 32 and 64 bit
- 2017.11 [360] PE文件感染技术(Part II)
- 2017.11 [phrozen] RunPE Detector Version 2
- 2017.10 [pediy] [翻译]首款反射式PE壳<琥珀>简介
- 2017.10 [sans] PE files and debug info
- 2017.10 [pediy] [原创]ReflectiveLoader(远程线程的注入 PE的修正)
- 2017.10 [pentest] 加壳新姿势:首个“反射PE加壳器”Amber
- 2017.10 [4hou] Authenticode签名伪造——PE文件的签名伪造与签名验证劫持
- 2017.10 [pediy] [原创]由浅入深PE基础学习-菜鸟手动查询导出表、相对虚拟地址(RVA)与文件偏移地址转换(FOA)
- 2017.10 [3gstudent] Authenticode签名伪造——PE文件的签名伪造与签名验证劫持
- 2017.10 [3gstudent] Authenticode签名伪造——PE文件的签名伪造与签名验证劫持
- 2017.10 [qmemcpy] Manually dumping PE files from memory
- 2017.09 [pediy] [原创]写壳的一些成果[TLS完美处理,压缩功能实现,AntiDump-过LordPE,调用sprintf?,IAT重定向]
- 2017.09 [4hou] PE文件全解析
- 2017.09 [] Binary offsets, virtual addresses and pefile
- 2017.08 [freebuf] 浅谈非PE的攻击技巧
- 2017.08 [4hou] Microsoft图标显示错误,攻击者可任意隐藏恶意PE文件
- 2017.08 [360] 披着羊皮的狼:如何利用Windows图标显示漏洞伪装PE文件
- 2017.08 [MalwareAnalysisForHedgehogs] Malware Analysis - Unpacking RunPE Loyeetro Trojan
- 2017.08 [freebuf] 老毛桃PE盘工具木马:一款“通杀”浏览器的主页劫持大盗
- 2017.08 [MalwareAnalysisForHedgehogs] Malware Analysis - PortexAnalyzer Repair and Dump PE Files
- 2017.08 [cybereason] Windows 中的Microsoft 图标显示错误允许攻击者使用特殊图标伪装 PE 文件
- 2017.07 [pediy] [原创][原创]LordPE Bug修复
- 2017.07 [n0where] Professional PE file Explorer: PPEE
- 2017.07 [sans] PE Section Name Descriptions
- 2017.06 [toolswatch] PPEE v1.09 – Professional PE file Explorer
- 2017.05 [360] Bitdefender在处理PE代码签名的organizationName字段时存在缓冲区溢出漏洞
- 2017.05 [secist] PE结构学习02-导出表
- 2017.05 [secist] PE结构学习01-DOS头-NT头-节表头
- 2017.05 [mzrst] Professional PE Explorer compatibility
- 2017.04 [lucasg] The sad state of PE parsing
- 2017.04 [pediy] PE结构学习之理论基础
- 2017.04 [n0where] Inject Custom Code Into PE File: InfectPE
- 2017.04 [venus] 反检测技术二:制造PE文件后门
- 2017.03 [] 67,000 cuts with python-pefile
- 2017.03 [sans] Searching for Base64-encoded PE Files
- 2017.03 [4hou] 免杀的艺术:PE文件后门的植入(二)
- 2017.03 [n0where] Windows PE Binary Static Analysis Tool : BinSkim
- 2017.03 [pediy] [原创]PE2Shellcode
- 2017.02 [hasherezade] Unpacking a self overwriting PE (Neutrino bot - stage #1)
- 2017.02 [hasherezade] Unpacking a self-overwriting PE (Zbot)
- 2017.01 [360] 反侦测的艺术part2:精心打造PE后门(含演示视频)
- 2017.01 [pentest] Art of Anti Detection 2 – PE Backdoor Manufacturing
- 2016.12 [hexacorn] PE Section names – re-visited
- 2016.12 [hshrzd] Introducing PE_unmapper
- 2016.09 [pediy] [原创]PE简单加壳_隐藏/加密重定位信息工具C++源码
- 2016.09 [pediy] [原创]献上Win PE文件格式解释源码
- 2016.08 [toolswatch] PPEE Professional PE file Explorer v1.06
- 2016.08 [3gstudent] 隐写技巧——在PE文件的数字证书中隐藏Payload
- 2016.08 [3gstudent] 隐写技巧——在PE文件的数字证书中隐藏Payload
- 2016.07 [hexacorn] PEFix – simple PE file re-aligner
- 2016.06 [pediy] [原创]菜鸟对PEid 0.95 Cave 查找功能逆向
- 2016.06 [mzrst] Professional PE Explorer – PPEE
- 2016.06 [pediy] [翻译]Windows PE文件中的数字签名格式
- 2016.05 [hackingarticles] Hack Remote Windows 10 PC using Cypher (Adding Shellcode to PE files)
- 2016.05 [n0where] PE Executables Static Analyzer: Manalyze
- 2016.05 [0x00sec] PE File Infection
- 2016.05 [sans] CVE-2016-2208 Symantec Antivirus Engine Malformed PE Header Parser Memory Access Violation
- 2016.05 [freebuf] Manalyze:PE文件的静态分析工具
- 2016.04 [cyber] Presenting PeNet: a native .NET library for analyzing PE Headers with PowerShell
- 2016.04 [securityblog] Edit PE file properties using C
- 2016.02 [pediy] [原创]64位CreateProcess逆向:(三)PE格式的解析与效验
- 2016.02 [360] 在windows环境下使用Volatility或PE Capture捕捉执行代码(PE/DLL/驱动恶意文件)
- 2015.12 [secureallthethings] Add PE Code Signing to Backdoor Factory (BDF)
- 2015.12 [missmalware] PE Import Analysis for Beginners and Lazy People
- 2015.12 [pediy] [原创]一个C++的PE文件操作类
- 2015.12 [pediy] [原创]通过c++代码给PE文件添加一个区段
- 2015.11 [securityblog] FileAlyzer – Analyze files – Read PE information
- 2015.11 [securityblog] Read Portable Executable (PE) information
- 2015.11 [freebuf] 逆向工程(二):从一个简单的实例来了解PE文件
- 2015.11 [pediy] [原创][开源]LordPE框架设计之精简版
- 2015.11 [pediy] [原创]手查PE重定向
- 2015.11 [pediy] [原创][开源]Win32控制台解析PE文件
- 2015.11 [pediy] [原创]手查PE导出表
- 2015.10 [grandstreamdreams] Updating Dell BIOS using WinPE
- 2015.10 [n0where] PE Static Malware Analysis: PortEx
- 2015.09 [n0where] MITM PE file infector: PEInjector
- 2015.09 [] 奇技淫巧:不用PE,没有密码临机控制Win7
- 2015.08 [pediy] [原创]PE解析逆向LoadString
- 2015.08 [hexacorn] Two PE tools you might have never heard of. Now you do.
- 2015.06 [pediy] [原创][开源]EnumPE 枚举文件中的PNG
- 2015.05 [pediy] [原创]PE文件学习之地址转换器编写
- 2015.05 [guitmz] Having fun with PE files and GoLang
- 2015.05 [securityblog] Dump PE file in C
- 2015.03 [sans] From PEiD To YARA
- 2015.03 [pediy] [原创]元宵节献礼,用类的思想处理PE结构附源码
- 2015.01 [toolswatch] PEStudio v8.46 Released
- 2014.12 [coder] Developing PE file packer step-by-step. Step 4. Running
- 2014.10 [coder] Developing PE file packer step-by-step. Step 12 – bugfixes
- 2014.10 [coder] Developing PE file packer step-by-step. Step 11. Command line interface. Final version
- 2014.09 [coder] Developing PE file packer step-by-step. Step 9. Delay-loaded DLLs and Image Config
- 2014.09 [alex] PE Trick #1: A Codeless PE Binary File That Runs
- 2014.09 [coder] Developing PE file packer step-by-step. Step 8. DLL’s and exports
- 2014.09 [coder] Developing PE file packer step-by-step. Step 7. Relocations
- 2014.09 [coder] Developing PE file packer step-by-step. Step 6. TLS
- 2014.09 [coder] Developing PE file packer step-by-step. Step 5. Resources
- 2014.09 [coder] Developing PE file packer step-by-step. Step 3. Unpacking
- 2014.08 [viper] Analyzing and mining PE32 files
- 2014.08 [coder] Developing PE file packer step-by-step. Step 2. Packing
- 2014.08 [pediy] [原创]PECompact v2.xx脱壳之魔兽改键精灵去弹广告
- 2014.08 [coder] Developing PE file packer step-by-step. Step 1
- 2014.08 [pediy] [原创]PE文件格式解析
- 2014.07 [thomasmaurer] Add drivers to SCVMM Bare-Metal WinPE Image
- 2014.06 [toolswatch] PEStudio v8.29 – Static Investigation of Executables Released
- 2014.05 [malwarebytes] Five PE Analysis Tools Worth Looking At
- 2014.05 [ulsrl] PE Imports
- 2014.04 [sevagas] PE injection explained
- 2014.04 [yurichev] 9-Apr-2014: Couple of win32 PE patching utilities
- 2014.03 [hshrzd] PE-bear – version 0.3.7 available!
- 2014.03 [macnica] PEヘッダでパッカーの有無を見分ける方法
- 2014.02 [evilsocket] Libpe - a Fast PE32/PE32+ Parsing Library.
- 2014.02 [yurichev] 18-Feb-2014: PE add imports
- 2014.02 [hshrzd] PE-bear – version 0.3.6 avaliable!
- 2014.02 [dustri] PEiD to Yara, now with Python3!
- 2014.01 [hshrzd] PE-bear – version 0.3.5 avaliable!
- 2014.01 [coder] Developing PE file packer step-by-step. Step 10. Overall architecture
- 2013.12 [] 手工详细分析老壳 PEncrypt_4.0
- 2013.12 [pediy] [原创]PE解析软件
- 2013.12 [pediy] [原创][15Pb培训第三阶段课后小项目]PE解析工具
- 2013.12 [pediy] [原创]PEedit
- 2013.12 [pediy] [原创]PE文件编辑器
- 2013.11 [hshrzd] PE-bear – version 0.3.0 avaliable!
- 2013.10 [pediy] [原创][下载]PE文件壳的设计过程
- 2013.10 [yurichev] 16-Oct-2013: Add import to PE executable file
- 2013.09 [pediy] [原创]汇编编写Windows PE文件小工具
- 2013.09 [pediy] [分享]两个半成品PE-DIY工具
- 2013.09 [pediy] [原创]自己写的一个简单的PE资源查看工具(源码)
- 2013.08 [ulsrl] Robustly Parsing the PE Header
- 2013.08 [cerbero] PE Insider
- 2013.08 [pediy] [原创]基于ARM平台下的WINDOWS RT的PE文件逆向初步研究
- 2013.08 [pediy] [原创]学习PE写的一个添加节区的工具
- 2013.07 [trendmicro] Trend Micro Solutions for PE_EXPIRO
- 2013.07 [hshrzd] PE-bear – version 0.1.8 avaliable!
- 2013.07 [hshrzd] PE-bear – version 0.1.5 avaliable!
- 2013.07 [pediy] [原创]PEBundle+UPX的还原修复
- 2013.07 [hshrzd] Introducing PE-bear: a new viewer/editor for PE files
- 2013.07 [p0w3rsh3ll] Creating a WinPE bootable image with Powershell 4
- 2013.06 [debasish] PEiD Memory Corruption Vulnerability
- 2013.06 [pediy] [原创]PE文件菜单资源的格式分析
- 2013.06 [pediy] [原创]拿Win7系统下的notepad.exe文件用19个实例来猜测Win7PE加载器的一些行为
- 2013.06 [debasish] Injecting Shellcode into a Portable Executable(PE) using Python
- 2013.06 [pediy] [原创]PE感染&ShellCode编写技术补充
- 2013.05 [cerbero] CVE-2012-0158: RTF/OLE/CFBF/PE
- 2013.05 [pediy] [原创]自己写的PE查看工具及源码
- 2013.04 [coder] Developing PE file packer step-by-step. Step 12 – bugfixes
- 2013.04 [pediy] [原创]QueryPE我写的PE工具
- 2013.04 [cerbero] Detect broken PE manifests
- 2013.01 [pediy] [原创]高仿LoadPE源码
- 2013.01 [sans] Digital Forensics Case Leads: Sleeper Malware targets diplomatic entities in Europe & Asia, banking trojan travelling through Skype, DropBox decryption, PE file analysis, and retrieving iPhone VoiceMail
- 2013.01 [pediy] [原创]断断续续写了好长时间的LordPE仿制源代码
- 2013.01 [pediy] [原创]lua引导WindowsPE系统源码
- 2012.11 [hexacorn] Top 100+ malicious types of 32-bit PE files
- 2012.11 [welivesecurity] Win32/Morto – Made in China, now with PE file infection
- 2012.10 [pediy] [分享]为PE Optimizer添加拖放功能
- 2012.10 [hexacorn] Random Stats from 1.2M samples – PE Section Names
- 2012.10 [coder] Developing PE file packer step-by-step. Step 11. Command line interface. Final version
- 2012.09 [coder] Developing PE file packer step-by-step. Step 10. Overall architecture
- 2012.09 [coder] Developing PE file packer step-by-step. Step 9. Delay-loaded DLLs and Image Config
- 2012.09 [coder] Developing PE file packer step-by-step. Step 8. DLL’s and exports
- 2012.09 [coder] Developing PE file packer step-by-step. Step 7. Relocations
- 2012.09 [coder] Developing PE file packer step-by-step. Step 6. TLS
- 2012.09 [octopuslabs] R4ndom’s Tutorial #22: Code Caves and PE Sections
- 2012.09 [coder] Developing PE file packer step-by-step. Step 5. Resources
- 2012.09 [coder] Developing PE file packer step-by-step. Step 4. Running
- 2012.09 [coder] Developing PE file packer step-by-step. Step 3. Unpacking
- 2012.09 [coder] Developing PE file packer step-by-step. Step 2. Packing
- 2012.09 [coder] Developing PE file packer step-by-step. Step 1
- 2012.09 [hexacorn] PESectionExtractor – Extracting PE sections and their strings
- 2012.09 [hexacorn] Perfect Timestomping a.k.a. Finding suspicious PE files with clustering
- 2012.08 [rsa] Identifying the country of origin for a malware PE executable
- 2012.08 [pediy] [原创]手写Min PE(语音教程)
- 2012.08 [p0w3rsh3ll] Convert vbscript to powershell used in WinPE
- 2012.08 [p0w3rsh3ll] Powershell 3 in WinPE 4 on Hyper-V 3
- 2012.07 [p0w3rsh3ll] powershell memory requirements in WinPE 4.0
- 2012.07 [pediy] 点滴记录--stubPE之procs
- 2012.07 [pediy] 点滴记录--PE结构学习
- 2012.06 [cerbero] PE analysis (part 1)
- 2012.06 [pediy] [原创]iPE Src
- 2012.06 [pediy] [原创]PEInfo_v0.04 开源
- 2012.06 [pediy] [原创]基于《加密与解密》上的PE-Armor-0.46源码的整理版源码
- 2012.05 [pediy] [原创]一步一步实现在PE文件中添加可执行代码
- 2012.05 [p0w3rsh3ll] Powershell in WinPE
- 2012.05 [pediy] [原创]自己写的PE分析工具(附源代码)
- 2012.05 [joxeankoret] Embedding a shellcode in a PE file
- 2012.05 [pediy] [原创]PE监控器(监控系统PE文件的创建和改写操作)(开源)
- 2012.04 [malwarebytes] Intentional PE Corruption
- 2012.04 [pediy] [原创]一种保护应用程序的方法 模拟Windows PE加载器,从内存资源中加载DLL
- 2012.03 [pelock] PE Format Poster
- 2012.02 [hexacorn] Extracting Strings from PE sections
- 2011.12 [pediy] [原创]手工打造小PE总结
- 2011.11 [pediy] [原创]新人学习PE
- 2011.10 [pediy] [下载]自己弄的外壳PE-panzer,给大家玩玩
- 2011.10 [pediy] [原创]感染PE增加导入项实现注入
- 2011.10 [pediy] [原创]PE LOADER,可运行MS自带的程序
- 2011.09 [pediy] [原创]也谈PE重定位表
- 2011.09 [a1logic] PE File Format
- 2011.09 [pediy] [原创]清除 PE 文件里的数字签名
- 2011.08 [pediy] [原创]无hook无patch 无自定义peloader 在内核加载执行驱动
- 2011.08 [pediy] [原创]PE文件格式学习笔记
- 2011.07 [pediy] [原创]手脱PECompact 2.x+IAT修复的简单方法
- 2011.07 [pediy] [原创]PE文件病毒初探
- 2011.07 [pediy] [原创]我也发个PE文件查看器
- 2011.07 [pediy] [原创]PE格式解析工具
- 2011.07 [pediy] [原创]PESpin 1.33全保护脱壳笔记
- 2011.07 [vexillium] PE Import Table and custom DLL paths
- 2011.07 [vexillium] PE Import Table and custom DLL paths
- 2011.07 [reversinglabs] Constant Insecurity: Things you didn’t know about (PE) Portable Executable file format
- 2011.07 [hexblog] Unpacking mpress’ed PE+ DLLs with the Bochs plugin
- 2011.06 [pediy] [转帖]巨强悍的ASProtect脱壳机:ASProtect unpacker by PE_Kill
- 2011.05 [pediy] [原创]病毒修改PE文件过程
- 2011.04 [codereversing] Writing a File Infector/Encrypter: PE File Modification/Section Injection (2/4)
- 2011.04 [pediy] [原创]发一个我写的简单PE结构解析工具
- 2011.04 [pediy] [原创]给PEID 增加皮肤及音乐 一看就懂了哇
- 2011.03 [pediy] SDK获得文件指针后 怎么移动指针到PE头啊
- 2011.02 [pediy] 给PEiD添加换肤功能(易语言源码)
- 2011.02 [pediy] [原创]手工分析一个老壳PEncrypt_4.0 超详细
- 2011.02 [toolswatch] NPE File Analyzer v1.0.0.0 released
- 2011.02 [pediy] [讨论]关于给PE增加新输入表
- 2011.02 [pediy] [推荐]一起学习PE格式之一判断PE文件格式(一)(二)
- 2011.01 [pediy] 菜鸟编写PE文件分析工具
- 2010.12 [pediy] [原创]浅析PE文件感染
- 2010.12 [pediy] [下载]PECompact 2.x-3.x 最新脱壳机 [支持Dll重定位]
- 2010.12 [pediy] [原创]PE Fix bug SQLiteMaestro~ 自己动手,丰衣足食
- 2010.11 [pediy] [原创]提取嵌入文件中的 PE 文件
- 2010.11 [pediy] [原创]PE简单签名验证实现
- 2010.11 [pediy] [原创]手动打造97字节PE
- 2010.11 [pediy] [原创]豪杰超级DVD播放器Ⅲ破解之菜鸟了解PE文件
- 2010.11 [pediy] [原创]手工PE 大小460字节
- 2010.11 [pediy] [分享]发布 PESpin 1.32自动脱壳机
- 2010.10 [pediy] PE病毒学习(一、二、三、四、五、六、七、八)
- 2010.10 [pediy] [原创]解析PE结构之-----导出表
- 2010.10 [pediy] [原创]国庆PE总复习(1-7)合集
- 2010.09 [pediy] [原创]手脱PEX 0.99
- 2010.09 [pediy] [原创]极小的恶作剧程序(188字节)--PE学习
- 2010.08 [pediy] [原创]PECompact2变形工具
- 2010.08 [pediy] [原创]小菜自编PE分析工具
- 2010.06 [pediy] [原创]如何用程序判定一个PE文件是否加壳
- 2010.06 [pediy] [讨论]发现LordPE一个bug
- 2010.06 [pediy] [原创]自己构建PE
- 2010.05 [pediy] [原创]PE资源字符串ID计算方法
- 2010.05 [pediy] [原创]菜鸟对PELOCK的分析..没技术..职业灌水
- 2010.02 [pediy] [原创]PE-Armor壳后继报道:从密码表逆向恢复策略!
- 2010.02 [pediy] [原创]也谈PE-Armor0.49记事本的脱壳经历
- 2010.02 [pediy] [原创]手写PE文件介绍PE文件(添加了图标资源,看图吧)
- 2010.02 [pediy] [原创]PE格式简析
- 2010.02 [pediy] [原创]MSIL-PE-EXE 感染策略
- 2010.01 [pediy] [原创]一个不太通用的PE感染方法
- 2010.01 [pediy] [原创]PESpin v1.32脱壳机
- 2009.12 [pediy] [原创]简易的PE loader
- 2009.05 [pediy] [原创]利用python+pefile库做PE格式文件的快速开发
- 2009.04 [pediy] [原创]PELoader + 多线程解密的壳样例
- 2009.03 [pediy] [原创]软件保护壳专题 - PE Loader的构建
- 2005.01 [pediy] [2005.1月话题]保护模式与 PE Loader 行为研究
- [1915星][22d] [C#] lucasg/dependencies A rewrite of the old legacy software "depends.exe" in C# for Windows devs to troubleshoot dll load dependencies issues.
- [1333星][10m] [C] fancycode/memorymodule Library to load a DLL from memory.
- [1146星][27d] [C#] perfare/il2cppdumper Restore dll from Unity il2cpp binary file (except code)
- [793星][11m] [C#] terminals-origin/terminals Terminals is a secure, multi tab terminal services/remote desktop client. It uses Terminal Services ActiveX Client (mstscax.dll). The project started from the need of controlling multiple connections simultaneously. It is a complete replacement for the mstsc.exe (Terminal Services) client. This is official source moved from Codeplex.
- [388星][7m] [C++] hasherezade/dll_to_exe Converts a DLL into EXE
- [367星][1y] [PS] netspi/pesecurity PowerShell module to check if a Windows binary (EXE/DLL) has been compiled with ASLR, DEP, SafeSEH, StrongNaming, and Authenticode.
- [363星][19d] [C#] 3f/dllexport .NET DllExport
- [296星][2y] [C++] sensepost/rattler 自动识别可用于 DLLpreloading 攻击的 DLL
- [265星][3y] [C++] professor-plum/reflective-driver-loader injection technique base off Reflective DLL injection
- [244星][2y] [C#] jephthai/openpasswordfilter An open source custom password filter DLL and userspace service to better protect / control Active Directory domain passwords.
- [240星][10m] [C++] wbenny/detoursnt Detours with just single dependency - NTDLL
- [230星][1y] [C#] misaka-mikoto-tech/monohooker hook C# method at runtime without modify dll file (such as UnityEditor.dll)
- [215星][6m] [C#] erfg12/memory.dll C# Hacking library for making PC game trainers.
- [214星][26d] [C++] chuyu-team/mint Contains the definitions for the Windows Internal UserMode API from ntdll.dll, samlib.dll and winsta.dll.
- [190星][13d] [C++] s1lentq/regamedll_cs a result of reverse engineering of original library mod HLDS (build 6153beta) using DWARF debug info embedded into linux version of HLDS, cs.so
- [164星][7m] [C] bytecode77/r77-rootkit Ring 3 Rootkit DLL
- [156星][4y] [Py] borjamerino/pazuzu Reflective DLL to run binaries from memory
- [140星][7m] [Visual Basic .NET] dzzie/pdfstreamdumper research tool for the analysis of malicious pdf documents. make sure to run the installer first to get all of the 3rd party dlls installed correctly.
- [136星][27d] [C] mity/mctrl C library providing set of additional user interface controls for Windows, intended to be complementary to standard Win32API controls from USER32.DLL and COMCTL32.DLL.
- [133星][3m] [C++] itm4n/usodllloader Windows - Weaponizing privileged file writes with the Update Session Orchestrator service
- [133星][3m] [C#] fireeye/duedlligence Shellcode runner for all application whitelisting bypasses
- [123星][1y] [C] cylancevulnresearch/reflectivedllrefresher Universal Unhooking
- [121星][29d] [C++] phackt/stager.dll Code from this article:
- [116星][3m] [C#] infosecn1nja/sharpdoor SharpDoor is alternative RDPWrap written in C# to allowed multiple RDP (Remote Desktop) sessions by patching termsrv.dll file.
- [113星][2m] [C++] outflanknl/recon-ad Recon-AD, an AD recon tool based on ADSI and reflective DLL’s
- [112星][10m] [C] strivexjun/memorymodulepp Library to load a DLL from memory
- [92星][5y] [Py] neo23x0/dllrunner Smart DLL execution for malware analysis in sandbox systems
- [89星][1y] [PS] realoriginal/reflectivepotato MSFRottenPotato built as a Reflective DLL.
- [82星][2y] [C] hvqzao/foolavc foolav successor - loads DLL, executable or shellcode into memory and runs it effectively bypassing AV
- [81星][11m] [C] mr-un1k0d3r/maliciousdllgenerator DLL Generator for side loading attack
- [77星][1m] [C] hasherezade/module_overloading A more stealthy variant of "DLL hollowing"
- [73星][1y] [Batchfile] b4rtik/hiddenpowershelldll
- [72星][1y] [C#] 0xbadjuju/rundotnetdll32 A tool to run .Net DLLs from the command line
- [67星][4y] [C] microwave89/rtsectiontest An Attempt to Bypass Memory Scanners By Misusing the ntdll.dll "RT" Section.
- [66星][11m] [C++] jacksonvd/pwnedpasswordsdll Open source solution to check prospective AD passwords against previously breached passwords
- [59星][2m] [Py] mavenlin/dll_wrapper_gen Automatic generation of Dll wrapper for both 32 bit and 64 bit Dll
- [55星][23d] [C] danielkrupinski/vac-hooks Hook WinAPI functions used by Valve Anti-Cheat. Log calls and intercept arguments & return values. DLL written in C.
- [55星][8m] [C] gosecure/dllpasswordfilterimplant DLL Password Filter Implant with Exfiltration Capabilities
- [54星][2y] [PS] byt3bl33d3r/invoke-autoit Loads the AutoIt DLL and PowerShell assemblies into memory and executes the specified keystrokes
- [53星][7m] [C] strivexjun/hidedll Hide DLL / Hide Module / Hide Dynamic Link Library
- [52星][2y] [C] shadowsocks/libsscrypto Build libsscrypto.dll for shadowsocks-windows.
- [51星][2y] [JS] cerebral/webpack-packager A service that packages DLL bundles and manifests
- [50星][3y] [Visual Basic .NET] fireeye/remote_lookup Resolves DLL API entrypoints for a process w/ remote query capabilities.
- [47星][2y] [JS] cerebral/webpack-dll A service that converts a package into a DLL and manifest
- [47星][1y] [C++] lianglixin/memdllloader 加载内存当中的DLL文件
- [45星][2y] [C#] amarkulo/openpasswordfilter An open source custom password filter DLL and userspace service to better protect / control Active Directory domain passwords.
- [44星][5m] [C#] userr00t/universalunityhooks A framework designed to hook into and modify methods in unity games via dlls
- [43星][1y] [C#] enkomio/rundotnetdll A simple utility to list all methods of a given .NET Assembly and to invoke them
- [43星][5m] [C] w1nds/dll2shellcode dll转shellcode工具
- [42星][1y] [C++] userexistserror/dllloadershellcode Shellcode to load an appended Dll
- [42星][1y] [C] wanttobeno/dllprotect dll文件加解密和内存加载
- [38星][17d] [Rust] verideth/dll_hook-rs Rust code to show how hooking in rust with a dll works.
- [36星][2y] [C#] scavanger/memorymodule.net Loading a native DLL in the memory.
- [36星][1y] [C#] adrenak/unidll Editor window to create DLLs from C# code in Unity
- [36星][11m] [C#] codefoundryde/legacywrapper LegacyWrapper uses a x86 wrapper to call legacy dlls from a 64 bit process (or vice versa).
- [35星][2m] [C] nordicsemiconductor/pynrfjprog Python wrapper around the nrfjprog dynamic link library (DLL)
- [35星][2y] [C#] 0xbadjuju/tellmeyoursecrets A C# DLL to Dump LSA Secrets
- [33星][4y] [C++] 5loyd/makecode Dll Convert to Shellcode.
- [32星][10m] [C] ctxis/capemon CAPE monitor DLLs
- [32星][11m] [C++] jacksonvd/pwnedpasswordsdll-api Open source solution to check prospective AD passwords against previously breached passwords
- [31星][2y] [C++] rprop/cppdll CppDLL a small tool that will help you generate Cpp Header(.h) and Import Library(.lib) from Dynamic Link Library(.dll)
- [30星][2y] deroko/payloadrestrictions EMET 集成到 Win10Insider 之后改名为 PayloadRestrictions,文章分析了 PayloadRestrictions.dll 的加载过程
- [27星][2y] [C] 1ce0ear/dllloaderunpacker a Windows malware reversing tool to unpack the DLL loader malware in runtime.
- [27星][2y] [C] deroko/activationcontexthook activationcontexthook:Hook 进程,强制进程加载重定向的 DLL
- [27星][7m] [C++] jnastarot/soul_eater it can extract functions from .dll, .exe, .sys and it be work! :)
- [27星][9m] [C++] karaulov/warcraftiii_dll_126-127 Improvements for Warcraft III 126a used in new DoTA (d1stats.ru). Auto unload from w3x map and load to Warcraft III !
- [27星][3y] [C] tinysec/runwithdll windows create process with a dll load first time via LdrHook
- [27星][3y] [JS] fliphub/d-l-l Simplified DLL config creator & handler
- [23星][3y] [C] david-reguera-garcia-dreg/phook Full DLL Hooking, phrack 65
- [23星][5y] [C++] liamkarlmitchell/signaturescanner I wanted a nicer signature scanner that worked the way I wanted. Include however you want in your own DLL project.
- [23星][1y] [Assembly] osandamalith/pesecinfo A simple tool to view important DLL Characteristics and change DEP and ASLR
- [23星][7y] [C++] wyyqyl/hidemodule The dll that can hide itself and then delete itselft.
- [22星][3y] [C++] bblanchon/dllhelper How to GetProcAddress() like a boss
- [21星][5m] [C#] empier/memoryeditor [C#]Main.exe < - > [C_DLL] < - > [C_KERNEL] = Memory_Editor via Kernel
- [21星][5m] [Shell] exe-thumbnailer/exe-thumbnailer Thumbnailer for .exe/.dll/.msi/.lnk files on Linux systems.
- [19星][3y] [C++] changeofpace/remote-process-cookie-for-windows-7 Obtain remote process cookies by performing a brute-force attack on ntdll.RtlDecodePointer using known pointer encodings.
- [19星][10m] [C] graykernel/grayfrost C++ DLL Bootstrapper for spinning up the CLR for C# Payloads
- [19星][8m] [C++] benjaminsoelberg/rundll-ng A better alternative to RunDLL32
- [18星][2y] [C++] 3gstudent/passwordfilter 2 ways of Password Filter DLL to record the plaintext password
- [15星][7m] [C] 1captainnemo1/dllreverseshell A CUSTOM CODED FUD DLL, CODED IN C , WHEN LOADED , VIA A DECOY WEB-DELIVERY MODULE( FIRING A DECOY PROGRAM), WILL GIVE A REVERSE SHELL (POWERSHELL) FROM THE VICTIM MACHINE TO THE ATTACKER CONSOLE , OVER LAN AND WAN.
- [15星][2y] [C] jnastarot/ice9 ice9 - is anticheat based on usermode tricks and undocumented methods , builded as dll for loading trought the shibari framework
- [15星][2y] [C++] ms-jdow/rtlsdr-cplusplus-vs2010 MS Visual Studio version of the Oliver Jowett branch for rtlsdr.dll. This version is in C++ with slight additional functonality.
- [15星][10d] [C++] wohlsoft/lunalua LunaLua - LunaDLL with Lua, is a free extension for SMBX game engine
- [14星][2y] [JS] 3gstudent/exceldllloader Execute DLL via the Excel.Application object's RegisterXLL() method
- [14星][4y] hexx0r/cve-2015-6132 Microsoft Office / COM Object DLL Planting
- [14星][1y] [C++] hmihaidavid/hooks A DLL that performs IAT hooking
- [13星][2y] [C] 3gstudent/add-dll-exports Use to generate DLL through Visual Studio
- [11星][1y] [Py] makipl/aslr_disabler Disables ASLR flag IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE in IMAGE_OPTIONAL_HEADER on pre-compiled EXE. Works for both 32 and 64 bit Windows EXE/PE images
- [11星][2y] [C++] seanpesce/d3d11-wrapper d3d11.dll wrapper for intercepting DirectX 11 function calls.
- [9星][1y] [C++] abinmm/memdllloader_blackbone Windows memory hacking library
- [9星][1y] [C++] dissectmalware/winnativeio Using Undocumented NTDLL Functions to Read/Write/Delete File
- [8星][2y] [C++] mgostih/snifferih DLL Hooking Packet Sniffer
- [6星][1y] [C++] ovidiuvio/libntdbg ntdll native api wrapper, used by VSDebugPro
- [5星][6y] [C++] sanje2v/mantapropertyextension This extension extends Windows Explorer Property System to show information about EXE, DLL, OBJ and other binary files
- [5星][3y] [C] xiaomagexiao/gamedll gamedll
- [5星][3y] [C++] wyexe/newyugioh_cheatdll_x64
- [4星][1y] [C++] aschrein/apiparse Small project to learn windows dll hooking techniques based on sources of renderdoc and apitrace
- [4星][2y] [C] re4lity/cve-2017-11907 Windows: heap overflow in jscript.dll in Array.sort
- [4星][1y] [C++] rtcrowley/offensive-netsh-helper Maintain Windows Persistence with an evil Netshell Helper DLL
- [3星][9m] secforce/macro-keystrokes PoC of execution of commands on a Word macro, without the use of rundll32.exe and importation of kernel32 libraries such as CreateRemoteThread or CreateProcessA. This technique simply relies on sending keystrokes to the host.
- [3星][4y] [C] thomaslaurenson/cellxml-offreg CellXML-offreg.exe is a portable Windows tool that parses an offline Windows Registry hive file and converts it to the RegXML format. CellXML-offreg leverages the Microsoft Windows offreg.dll library to aid in parsing the Registry structure.
- [2星][4y] [C#] ericlaw1979/dllrewriter Rewrite Chrome.dll so Alt+F,C maps to Close Tab
- [2星][2y] [C++] wanttobeno/dlib-attacher 给PE添加dll,只支持32位程序。
- [1星][2y] [c++] C4t0ps1s/dllgrabber
- [1星][C#] ceramicskate0/outlook_data_exfil DLL/plugin that is a POC for data exfil via Outlook
- [1星][3y] [C#] giovannidicanio/safearraysamples Mixed C++/C# project containing a native DLL that produces array data using safe arrays, that are consumed by a C# UI.
- [0星][2y] [C] vallejocc/poc-find-chrome-ktlsprotocolmethod Proof of Concept code to download chrome.dll symbols from chromium symbols store and find the bssl::kTLSProtocolMethod table of pointers (usually hooked by malware)
- 2019.12 [freebuf] 如何使用ADSI接口和反射型DLL枚举活动目录
- 2019.11 [tyranidslair] The Internals of AppLocker - Part 4 - Blocking DLL Loading
- 2019.09 [hexacorn] RunDll32 — API calling
- 2019.09 [4hou] 《MiniDumpWriteDump via COM+ Services DLL》的利用测试
- 2019.08 [osandamalith] Converting an EXE to a DLL
- 2019.06 [4hou] 域渗透——利用dnscmd在DNS服务器上实现远程加载Dll
- 2019.06 [hexacorn] Playing with Delay-Loaded DLLs…
- 2019.05 [3gstudent] 域渗透——利用dnscmd在DNS服务器上实现远程加载Dll
- 2019.05 [3gstudent] 域渗透——利用dnscmd在DNS服务器上实现远程加载Dll
- 2019.05 [4sysops] PS Protector: Convert your PowerShell module into a .NET assembly DLL
- 2019.05 [0x00sec] Malicious DLL execution using Apple's APSDaemon.exe signed binary
- 2019.04 [4hou] Qt5漏洞导致Cisco WebEx和Malwarebytes反病毒产品可远程加载任意DLL
- 2019.04 [id] DLL CryptoMix
- 2019.03 [CyborgElf] How To Make an Internal DLL Game Hack C++ (Rainbow Six Siege)
- 2019.02 [] No Source Code For a 14-Year Old Vulnerable DLL? No Problem. (CVE-2018-20250)
- 2018.12 [srcincite] 思科Webex桌面会议App提权漏洞, 可导致RCE
- [1094星][6y] [C] stephenfewer/reflectivedllinjection Reflective DLL injection is a library injection technique in which the concept of reflective programming is employed to perform the loading of a library from memory into a host process.
- [963星][2y] [C] fdiskyou/injectallthethings Seven different DLL injection techniques in one single project.
- [713星][5m] [C++] darthton/xenos Windows DLL 注入器
- [588星][2m] [PS] monoxgas/srdi Shellcode implementation of Reflective DLL Injection. Convert DLLs to position independent shellcode
- [370星][7y] [C++] opensecurityresearch/dllinjector 实现各种方法的dll注入工具
- [273星][2y] [C++] gellin/teamviewer_permissions_hook_v1 A proof of concept injectable C++ dll, that uses naked inline hooking and direct memory modification to change your TeamViewer permissions.
- [190星][2y] [C] sud01oo/processinjection Some ways to inject a DLL into a alive process
- [189星][7y] [C++] hzphreak/vminjector DLL Injection tool to unlock guest VMs
- [189星][7y] [C++] hzphreak/vminjector DLL Injection tool to unlock guest VMs
- [188星][7d] [C++] wunkolo/uwpdumper DLL and Injector for dumping UWP applications at run-time to bypass encrypted file system protection.
- [173星][12m] [C++] jonatan1024/clrinject 将 C#EXE 或 DLL 程序集注入任意CLR 运行时或者其他进程的 AppDomain
- [173星][6m] [C++] strivexjun/driverinjectdll Using Driver Global Injection dll, it can hide DLL modules
- [168星][6y] [Py] infodox/python-dll-injection Python toolkit for injecting DLL files into running processes on Windows
- [142星][4y] [C] dismantl/improvedreflectivedllinjection An improvement of the original reflective DLL injection technique by Stephen Fewer of Harmony Security
- [109星][2y] [C] securestate/syringe A General Purpose DLL & Code Injection Utility
- [91星][2y] [C] 3gstudent/inject-dll-by-process-doppelganging Process Doppelgänging
- [87星][3y] [C] zerosum0x0/threadcontinue Reflective DLL injection using SetThreadContext() and NtContinue()
- [85星][3y] [C] countercept/doublepulsar-usermode-injector 使用 DOUBLEPULSAR payload 用户模式的 Shellcode 向其他进程注入任意 DLL
- [78星][1m] [C++] nefarius/injector Command line utility to inject and eject DLLs
- [71星][1y] [C++] 3gstudent/inject-dll-by-apc Asynchronous Procedure Calls
- [71星][1y] [C] alex9191/kernel-dll-injector Kernel-Mode Driver that loads a dll into every new created process that loads kernel32.dll module
- [61星][9d] [C] danielkrupinski/memject Simple Dll injector loading from memory. Supports PE header and entry point erasure. Written in C99.
- [58星][3y] [C++] azerg/remote_dll_injector Stealth DLL injector
- [56星][8m] [C] rapid7/reflectivedllinjection Reflective DLL injection is a library injection technique in which the concept of reflective programming is employed to perform the loading of a library from memory into a host process.
- [53星][2y] [C++] mq1n/dllthreadinjectiondetector
- [52星][2y] [C] nccgroup/ncloader A session-0 capable dll injection utility
- [51星][1y] [C] adrianyy/keinject Kernel LdrLoadDll injector
- [51星][3y] [C++] zer0mem0ry/standardinjection A simple Dll Injection demonstration
- [50星][1y] [C] realoriginal/reflective-rewrite Attempt to rewrite StephenFewers Reflective DLL Injection to make it a little more stealthy. Some code taken from Meterpreter & sRDI. Currently a work in progress.
- [49星][2y] [C++] zodiacon/dllinjectionwiththreadcontext This is a sample that shows how to leverage SetThreadContext for DLL injection
- [46星][4y] [C++] papadp/reflective-injection-detection a program to detect reflective dll injection on a live machine
- [40星][3y] [C++] zer0mem0ry/manualmap A Simple demonstration of manual dll injector
- [36星][10m] [C++] nanoric/pkn core of pkn game hacking project. Including mainly for process management, memory management, and DLL injecttion. Also PE analysis, windows registry management, compile-time sting encryption, byte-code emulator, etc. Most of them can run under kernel mode.
- [36星][2y] [C++] rolfrolles/wbdeshook DLL-injection based solution to Brecht Wyseur's wbDES challenge (based on SysK's Phrack article)
- [36星][2y] [C++] blole/injectory command-line interface dll injector
- [34星][1m] [Assembly] danielkrupinski/inflame User-mode Windows DLL injector written in Assembly language (FASM syntax) with WinAPI.
- [30星][1y] [C++] psmitty7373/eif Evil Reflective DLL Injection Finder
- [29星][1y] [C++] notscimmy/libinject Currently supports injecting signed/unsigned DLLs in 64-bit processes
- [29星][3y] [C++] stormshield/beholder-win32 A sample on how to inject a DLL from a kernel driver
- [27星][1y] [HTML] flyrabbit/winproject Hook, DLLInject, PE_Tool
- [27星][7m] [C++] m-r-j-o-h-n/swh-injector An Injector that can inject dll into game process protected by anti cheat using SetWindowsHookEx.
- [27星][5y] [C] olsut/kinject-x64 Kinject - kernel dll injector, currently available in x86 version, will be updated to x64 soon.
- [27星][12m] [C] sqdwr/loadimageinject LoadImage Routine Inject Dll
- [26星][2y] [C] ice3man543/zeusinjector An Open Source Windows DLL Injector With All Known Techniques Available
- [25星][6y] [C] whyallyn/paythepony Pay the Pony is hilarityware that uses the Reflective DLL injection library to inject into a remote process, encrypt and demand a ransom for files, and inflict My Little Pony madness on a system.
- [23星][12d] [Py] fullshade/py-memject A Windows .DLL injector written in Python
- [21星][5y] [C] nyx0/dll-inj3cti0n Another dll injection tool.
- [20星][9m] [C#] enkomio/managedinjector A C# DLL injection library
- [20星][6y] [C#] tmthrgd/dll-injector Inject and detour DLLs and program functions both managed and unmanaged in other programs, written (almost) purely in C#. [Not maintained].
- [19星][6y] [C++] coreyauger/slimhook Demonstration of dll injection. As well loading .net runtime and calling .net code. Example hijacking d3d9 dll and altering rendering of games.
- [17星][7y] [C] strobejb/injdll DLL Injection commandline utility
- [17星][3y] [C#] cameronaavik/ilject Provides a way which you can load a .NET dll/exe from disk, modify/inject IL, and then run the assembly all in memory without modifying the file.
- [15星][1y] [C] ntraiseharderror/phage Reflective DLL Injection style process infector
- [15星][3y] [C] portcullislabs/wxpolicyenforcer Injectable Windows DLL which enforces a W^X memory policy on a process
- [14星][1y] [C#] ulysseswu/vinjex A simple DLL injection lib using Easyhook, inspired by VInj.
- [13星][5y] [C++] matrix86/wincodeinjection Dll Injection and Code injection sample
- [13星][4y] [C++] spl0i7/dllinject Mineweeper bot by DLL Injection
- [11星][8m] [C#] ihack4falafel/dll-injection C# program that takes process id and path to DLL payload to perform DLL injection method.
- [11星][2y] [C++] sherazibrahim/dll-injector I created a dll injector I am going to Open source its Code. But remember one thing that is any one can use it only for Educational purpose .I again say do not use it to damage anyone's Computer.But one thing if you are using it for some good purpose like to help someone who really need help then I permit you to use it.
- [7星][1y] [C] haidragon/newinjectdrv APC注入DLL内核层
- [7星][2y] [C++] pfussell/pivotal A MITM proxy server for reflective DLL injection through WinINet
- [7星][4m] [C] userexistserror/injectdll Inject a Dll from memory
- [6星][1y] thesph1nx/covenant Metepreter clone - DLL Injection Backdoor
- [6星][5y] [C] mwwolters/dll-injection
- [5星][4y] [C++] ciantic/remotethreader Helps you to inject your dll in another process
- [4星][6m] [C++] reclassnet/reclass.net-memorypipeplugin A ReClass.NET plugin which allows direct memory access via dll injection.
- [1星][10m] [PS] getrektboy724/maldll A bunch of malicius dll to inject to a process
- 2019.12 [freebuf] 如何防止恶意的第三方DLL注入到进程
- 2019.06 [aliyun] Windows 10 Task Scheduler服务DLL注入漏洞分析
- 2018.10 [pediy] [原创]代替创建用户线程使用ShellCode注入DLL的小技巧
- 2018.10 [4hou] 如何利用DLL注入绕过Win10勒索软件保护
- 2018.10 [0x00sec] Reflective Dll Injection - Any Way to check If a process is already injected?
- 2018.09 [pediy] [原创]win10_arm64 驱动注入dll 到 arm32程序
- 2018.08 [freebuf] sRDI:一款通过Shellcode实现反射型DLL注入的强大工具
- 2018.07 [4hou] 注入系列——DLL注入
- 2018.06 [0x00sec] Reflective DLL Injection - AV detects at runtime
- 2018.06 [qq] 【游戏漏洞】注入DLL显示游戏窗口
- 2017.12 [secist] Mavinject | Dll Injected
- 2017.12 [secvul] SSM终结dll注入
- 2017.10 [nsfocus] 【干货分享】Sandbox技术之DLL注入
- 2017.10 [freebuf] DLL注入新姿势:反射式DLL注入研究
- 2017.10 [pediy] [原创]通过Wannacry分析内核shellcode注入dll技术
- 2017.09 [360] Dll注入新姿势:SetThreadContext注入
- 2017.08 [silentbreaksecurity] sRDI – Shellcode Reflective DLL Injection
- 2017.08 [360] DLL注入那些事
- 2017.08 [freebuf] 系统安全攻防战:DLL注入技术详解
- 2017.08 [pediy] [翻译]多种DLL注入技术原理介绍
- 2017.07 [0x00sec] Reflective DLL Injection
- 2017.07 [zerosum0x0] 利用 SetThreadContext() 和 NtContinue() 实现反射 DLL 加载
- 2017.07 [zerosum0x0] Proposed Windows 10 EAF/EMET "Bypass" for Reflective DLL Injection
- 2017.05 [360] NSA武器库:DOUBLEPULSAR的内核DLL注入技术
- 2017.05 [lallouslab] 7 DLL injection techniques in Microsoft Windows
- 2017.05 [3or] mimilib DHCP Server Callout DLL injection
- 2017.05 [3or] Hunting DNS Server Level Plugin dll injection
- 2017.04 [arvanaghi] DLL Injection Using LoadLibrary in C
- 2017.04 [countercept] Analyzing the DOUBLEPULSAR Kernel DLL Injection Technique
- 2017.04 [countercept] NSA武器库:DOUBLEPULSAR的内核DLL注入技术
- 2017.04 [pentestlab] DLL Injection
- 2016.06 [lowleveldesign] !injectdll – a remote thread approach
- 2016.04 [ketansingh] Hacking games with DLL Injection
- 2016.02 [freebuf] 通过 DLL 注入和代码修改绕过 XIGNCODE3 的反作弊保护
- 2016.01 [freebuf] DLL注入的几种姿势(二):CreateRemoteThread And More
- 2016.01 [freebuf] DLL注入的几种姿势(一):Windows Hooks
- 2015.08 [rapid7] Using Reflective DLL Injection to exploit IE Elevation Policies
- 2015.07 [pediy] [原创]今天写了个apc注入dll代码,可以当工具使用
- 2015.05 [WarrantyVoider] DAI dll injection test - successfull
- 2015.04 [securestate] DLL Injection Part 2: CreateRemoteThread and More
- 2015.04 [securestate] DLL Injection Part 2: CreateRemoteThread and More
- 2015.03 [securestate] DLL Injection Part 1: SetWindowsHookEx
- 2015.03 [securestate] DLL Injection Part 1: SetWindowsHookEx
- 2015.03 [securestate] DLL Injection Part 0: Understanding DLL Usage
- 2015.03 [securestate] DLL Injection Part 0: Understanding DLL Usage
- 2014.04 [pediy] [分享]重读老文章:DLL注入的又一个梗
- 2014.04 [pediy] [分享]老文章系列:APC注入DLL的梗
- 2014.01 [osandamalith] Ophcrack Path Subversion Arbitrary DLL Injection Code Execution
- 2013.09 [debasish] Inline API Hooking using DLL Injection
- 2013.09 [freebuf] 对国内各种安全卫士产品的一种通用虐杀、DLL注入、本地代码执行的方法
- 2013.06 [msreverseengineering] What is DLL Injection and How is it used for Reverse Engineering?
- 2013.05 [pediy] [原创]关于dll注入方法
- 2013.03 [pediy] [原创]DLL注入之远线程方式
- 2013.02 [pediy] [原创]易语言静态编译的DLL注入到其他语言写的EXE中后的完美卸载
- 2012.10 [octopuslabs] DLL Injection – A Splash Bitmap
- 2012.09 [debasish] KeyLogging through DLL Injection[The Simplest Way]
- 2012.09 [volatility] MoVP 2.1 Atoms (The New Mutex), Classes and DLL Injection
- 2012.06 [freebuf] [更新]一款非常不错的dll注入器 – RemoteDLL V2
- 2011.11 [pediy] [原创]滴水逆向学习收获1-双进程无dll注入(1楼,17楼,21楼,27楼,30楼,33楼)[已更新至33楼]
- 2011.06 [pediy] [原创]利用钩子函数来注入DLL的一个具体应用:点击桌面不同图标,播放相应音符
- 2011.01 [pediy] [原创]进程管理dll注入综合小工具[附源码]
- 2010.12 [pediy] [原创]Ring3下劫持CreateProcess注入dll
- 2010.01 [pediy] [原创]dll注入辅助工具[带源码]
- 2009.08 [pediy] [原创]最简单的DLL注入
- 2009.07 [pediy] [原创]注入DLL之ANSI版--改自Jeffrey的《windows核心编程》
- 2008.11 [pediy] [原创]N种内核注入DLL的思路及实现
- 2007.12 [pediy] [原创]QueueUserApc实现DLL注入
- 2006.11 [pediy] 再谈Dll注入NetTransport 2.25.337[原创]
- 2006.10 [pediy] [原创]Dll注入NetTransport 2.25.337
- 2005.08 [pediy] ApiHook,InjectDll 单元及其应用 [Delphi代码]
- [431星][7m] [Pascal] mojtabatajik/robber 查找易于发生DLL劫持的可执行文件
- [299星][11m] [C++] anhkgg/superdllhijack 一种通用Dll劫持技术,不再需要手工导出Dll的函数接口了
- [175星][5m] [C++] strivexjun/aheadlib-x86-x64 hijack dll Source Code Generator. support x86/x64
- [126星][1y] [PS] itm4n/ikeext-privesc Windows IKEEXT DLL Hijacking Exploit Tool
- [113星][5y] [C++] adamkramer/dll_hijack_detect Detects DLL hijacking in running processes on Windows systems
- [93星][10m] [C++] cyberark/dllspy DLL Hijacking Detection Tool
- [79星][1y] [C#] djhohnstein/.net-profiler-dll-hijack Implementation of the .NET Profiler DLL hijack in C#
- [68星][18d] [C++] itm4n/cdpsvcdllhijacking Windows 10 CDPSvc DLL Hijacking - From LOCAL SERVICE to SYSTEM
- [49星][3y] [C++] enigma0x3/messagebox PoC dlls for Task Scheduler COM Hijacking
- [44星][5y] [JS] rapid7/dllhijackauditkit This toolkit detects applications vulnerable to DLL hijacking (released in 2010)
- [32星][12m] [Assembly] zeffy/prxdll_templates Thread-safe and deadlock free template projects for hijacking various Windows system DLLs
- [28星][24d] [C] myfreeer/qbittorrent-portable dll-hijack based qbittorrent portable plugin
- [24星][4y] [C] fortiguard-lion/anti-dll-hijacking
- [23星][9m] [C] djhohnstein/wlbsctrl_poc C++ POC code for the wlbsctrl.dll hijack on IKEEXT
- [18星][9m] [C#] djhohnstein/tsmsisrv_poc C# POC code for the SessionEnv dll hijack by utilizing called functions of TSMSISrv.dll
- [12星][2y] [C++] guanginuestc/dll-hijacking
- [11星][4m] [C] myfreeer/vscode-portable make visual studio code portable with dll-hijack
- [2星][1y] kernelm0de/cve-2018-8090 DLL Hijacking in Quickheal Total Security/ Internet Security/ Antivirus Pro (Installers)
- 2019.06 [4hou] 戴尔预装的SupportAssist组件存在DLL劫持漏洞,全球超过1亿台设备面临网络攻击风险
- 2019.05 [4hou] 《Lateral Movement — SCM and DLL Hijacking Primer》的利用扩展
- 2019.04 [3gstudent] 《Lateral Movement — SCM and DLL Hijacking Primer》的利用扩展
- 2019.04 [3gstudent] 《Lateral Movement — SCM and DLL Hijacking Primer》的利用扩展
- 2019.04 [specterops] Lateral Movement — SCM and Dll Hijacking Primer
- 2019.01 [sans] DLL Hijacking Like a Boss!
- 2018.11 [t00ls] 一种通用DLL劫持技术研究
- 2018.11 [pediy] [原创]一种通用DLL劫持技术研究
- 2018.09 [DoktorCranium] Understanding how DLL Hijacking works
- 2018.09 [astr0baby] Understanding how DLL Hijacking works
- 2018.08 [parsiya] DVTA - Part 5 - Client-side Storage and DLL Hijacking
- 2018.08 [parsiya] DVTA - Part 5 - Client-side Storage and DLL Hijacking
- 2018.06 [cybereason] Attackers incriminate a signed Oracle process for DLL hijacking, running Mimikatz
- 2018.05 [360] 独辟蹊径:如何通过URL文件实现DLL劫持
- 2018.05 [insert] 利用URL文件实现DLL劫持
- 2017.10 [cybereason] Siofra, a free tool built by Cybereason researcher, exposes DLL hijacking vulnerabilities in Windows programs
- 2017.08 [securiteam] SSD Advisory – Dashlane DLL Hijacking
- 2017.05 [4hou] Windows 下的 7 种 DLL 劫持技术
- 2017.05 [pediy] [原创]让代码飞出一段钢琴曲(freepiano小助手)(全局键盘钩子+dll劫持)+有码
- 2017.03 [pentestlab] DLL Hijacking
- 2017.03 [pediy] [原创]不用导出任何函数的DLL劫持注入,完美!
- 2017.03 [sophos] Q&A: Wikileaks, the CIA, ‘Fine Dining’ and DLL hijacks
- 2017.03 [opera] DLL hijacking and the Opera browser
- 2017.02 [4hou] 如何利用 DLL hijack 轻松绕过AMSI?
- 2016.12 [4hou] DLL劫持漏洞自动化识别工具Rattler测试
- 2016.12 [3gstudent] DLL劫持漏洞自动化识别工具Rattler测试
- 2016.12 [3gstudent] DLL劫持漏洞自动化识别工具Rattler测试
- 2016.10 [trustfoundry] What is DLL Hijacking?
- 2016.08 [hackingarticles] Hack Remote Windows PC using Office OLE Multiple DLL Hijack Vulnerabilities
- 2016.05 [pediy] [原创]DLL劫持生成器 源码开放(纯WINDOWS SDK)+ 实例分析
- 2016.03 [] 深入解析DLL劫持漏洞
- 2016.01 [360] DLL劫持攻击指南
- 2016.01 [gracefulsecurity] PrivEsc: DLL Hijacking
- 2015.12 [textslashplain] DLL Hijacking Just Won’t Die
- 2015.12 [fortinet] A Crash Course In DLL Hijacking
- 2015.09 [freebuf] 老树开新花:DLL劫持漏洞新玩法
- 2015.09 [trendmicro] Shadow Force Uses DLL Hijacking, Targets South Korean Company
- 2015.07 [securiteam] SSD Advisory – Internet Explorer 11 Rendering Engine DLL Hijacking
- 2015.05 [securify] Exploiting the Xamarin.Android DLL hijack vulnerability
- 2015.03 [sans] Detecting DLL Hijacking on Windows
- 2015.01 [welivesecurity] Corel vulnerabilities could allow hackers in via DLL hijacking
- 2013.08 [DoktorCranium] Dll Hijacking Reloaded
- 2013.06 [pediy] [原创]VEH-硬件断点+dll劫持内存补丁
- 2013.06 [tencent] DLL劫持漏洞解析
- 2013.01 [freebuf] Dll Hijack检测工具—Dll Hijack Auditor
- 2012.12 [antiy] DLL劫持恶意代码对主动防御技术的挑战
- 2012.11 [nobunkum] COM Hijacking, or DLL Hijacking come back
- 2012.02 [pediy] [原创]lpk.dll劫持病毒分析[附查杀工具及源码]
- 2011.08 [greyhathacker] McAfee VirusScan Enterprise DLL hijacking autostart entry point
- 2010.09 [sans] Digital Forensics Practitioners Take Note: MS DLL Hijacking
- 2010.09 [pediy] [原创]纯汇编USP10.DLL劫持
- 2010.08 [sans] DLL hijacking - what are you doing ?
- 2010.08 [dankaminsky] Regarding DLL Hijacking
- 2010.08 [corelan] DLL Hijacking (KB 2269637) – the unofficial list
- 2010.08 [trustedsec] SET v0.6.1 – Metasploit DLL Hijack Demo
- 2010.08 [rapid7] Exploiting DLL Hijacking Flaws
- 2010.08 [sans] DLL hijacking vulnerabilities
- 2009.11 [pediy] usp10.dll木马逆向之dll劫持
- 2009.01 [pediy] [原创]DLL劫持USER32
- 2008.03 [pediy] [样章1]《加密与解密(第三版)》--18.2.4 DLL劫持技术(内存补丁技术)
- [2355星][11d] [C] hfiref0x/uacme Defeating Windows User Account Control
- [2307星][1m] [PS] k8gege/k8tools K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)
- [1688星][3m] [Py] rootm0s/winpwnage UAC bypass, Elevate, Persistence and Execution methods
- [226星][2y] fuzzysecurity/defcon25 UAC 0day, all day!
- [143星][2y] [C++] hjc4869/uacbypass A demo to bypass windows 10 default UAC configuration using IFileOperation and dll hijacking
- [121星][9m] [C] dimopouloselias/alpc-mmc-uac-bypass UAC Bypass with mmc via alpc
- [104星][3y] [C++] cn33liz/tpminituacbypass Bypassing User Account Control (UAC) using TpmInit.exe
- [86星][4y] [Visual Basic .NET] vozzie/uacscript Windows 7 UAC Bypass Vulnerability in the Windows Script Host
- [79星][3y] [PS] winscripting/uac-bypass
- [75星][8m] [Go] 0x9ef/golang-uacbypasser UAC bypass techniques implemented and written in Go
- [75星][3m] [Py] zenix-blurryface/sneakyexe Embedding a "UAC-Bypassing" function into your custom payload
- [67星][2y] [C++] 3gstudent/use-com-objects-to-bypass-uac
- [62星][9m] [Ruby] gushmazuko/winbypass Windows UAC Bypass
- [59星][5y] [C++] malwaretech/uacelevator Passive UAC elevation using dll infection
- [53星][2y] fsecurelabs/defcon25_uac_workshop UAC 0Day all day!
- [42星][10m] [C++] bytecode77/slui-file-handler-hijack-privilege-escalation 利用 slui.exe 的文件 Handler 劫持漏洞实现 UAC 绕过和本地提权
- [40星][4m] [C#] nyan-x-cat/uac-escaper Escalation / Bypass Windows UAC
- [36星][3y] [C++] cn33liz/tpminituacanniversarybypass Bypassing User Account Control (UAC) using TpmInit.exe
- [36星][2y] fuzzysecurity/defcon-beijing-uac Slide deck for DefCon Beijing
- [29星][1y] [C] dro/uac-launchinf-poc Windows 10 UAC bypass PoC using LaunchInfSection
- [27星][1y] [C++] alphaseclab/bypass-uac
- [17星][1y] [C] advancedhacker101/bypass-uac Small utility written in c++ to bypass windows UAC prompt
- [14星][2y] [PS] bartblaze/dccwuacbypass PowerShell script to bypass UAC using DCCW
- [12星][3m] [Py] rootm0s/uub UIAccess UAC Bypass using token duplication and keyboard events
- [10星][1y] 125k/uac_bypass_hid This payload bypasses the UAC
- [10星][1y] 125k/uac_bypass_hid This payload bypasses the UAC
- [9星][2m] [C++] pedro-javierf/twicexploit Proof of concept open source implementation of an UAC bypass exploit, based in 2 windows failures.
- [6星][3y] [Batchfile] caledoniaproject/sdclt-win10-uacbypass
- [3星][2y] [Batchfile] genome21/bypassuac Program bypasses the UAC prompt for Admin privileges when running a program.
- 2019.11 [4hou] CVE-2019-1388: Windows UAC权限提升漏洞
- 2019.10 [freebuf] UAC绕过初探
- 2019.09 [4sysops] Security options in Windows Server 2016: Accounts and UAC
- 2019.08 [freebuf] SneakyEXE:一款嵌入式UAC绕过工具
- 2019.04 [markmotig] Brute Forcing Admin Passwords with UAC
- 2019.03 [4hou] 通过模拟可信目录绕过UAC的利用分析
- 2019.03 [aliyun] 如何滥用Access Tokens UIAccess绕过UAC
- 2019.02 [3gstudent] 通过模拟可信目录绕过UAC的利用分析
- 2019.02 [3gstudent] 通过模拟可信目录绕过UAC的利用分析
- 2019.02 [sans] UAC is not all that bad really
- 2019.01 [fuzzysecurity] Anatomy of UAC Attacks
- 2019.01 [sevagas] Yet another sdclt UAC bypass
- 2018.11 [4hou] 利用metasploit绕过UAC的5种方式
- 2018.11 [tenable] UAC Bypass by Mocking Trusted Directories
- 2018.10 [0x000x00] How to bypass UAC in newer Windows versions
- 2018.10 [tyranidslair] Farewell to the Token Stealing UAC Bypass
- 2018.10 [freebuf] 使用Metasploit绕过UAC的多种方法
- 2018.09 [freebuf] 一种绕过UAC的技术介绍
- 2018.09 [hackingarticles] Multiple Ways to Bypass UAC using Metasploit
- 2018.09 [hexacorn] A bit of a qUACkery – how to elevate… w/o doing a single thing ;)
- 2018.05 [4hou] 如何利用注册表修改技术绕过UAC限制
- 2018.05 [360] 利用注册表键值绕过UAC实现提权
- 2018.05 [3gstudent] 通过COM组件IARPUninstallStringLauncher绕过UAC
- 2018.05 [3gstudent] 通过COM组件IARPUninstallStringLauncher绕过UAC
- 2018.03 [rehmann] Edimax EW-7811Un, EW-7611ULB, EW-7722UTn, EW-7811UTC, EW-7822ULC, EW7833UAC USB Wifi Drivers
- 2018.01 [ZeroNights] James Forshaw - Abusing Access Tokens for UAC Bypasses
- 2017.12 [caceriadespammers] UAC Bypass & Research con UAC-A-Mola por @pablogonzalezpe
- 2017.11 [hackingarticles] 7 Ways to Privilege Escalation of Windows 7 PC (Bypass UAC)
- 2017.10 [4hou] 如何利用CLR绕过UAC
- 2017.09 [freebuf] 如何通过.NET程序绕过UAC
- 2017.09 [360] 利用感染的PPT文件绕过UAC策略
- 2017.09 [360] 如何通过特权.NET应用绕过UAC
- 2017.09 [3gstudent] Use CLR to bypass UAC
- 2017.09 [aliyun] Empire中的Invoke-WScriptBypassUAC利用分析
- 2017.09 [4hou] Empire中的Invoke-WScriptBypassUAC利用分析
- 2017.09 [4hou] 绕过UAC系列之 SDCLT的利用
- 2017.09 [3gstudent] Empire中的Invoke-WScriptBypassUAC利用分析
- 2017.09 [3gstudent] Empire中的Invoke-WScriptBypassUAC利用分析
- 2017.09 [fortinet] 研究人员发现利用 CVE-2017-0199 漏洞的 PowerPoint 文件,同时恶意文档自带 UAC 绕过功能
- 2017.08 [360] 利用CMSTP.exe实现UAC Bypass和加载DLL
- 2017.08 [secist] 添加bypassuac_comhijack.rb模块绕过UAC
- 2017.08 [hackingarticles] Bypass UAC in Windows 10 using bypass_comhijack Exploit
- 2017.06 [bartblaze] 使用“显示颜色校准”工具绕过 UAC
- 2017.06 [hackingarticles] Bypass UAC Protection of Remote Windows 10 PC (Via FodHelper Registry Key)
- 2017.06 [pentestlab] 利用 SDCLT 绕过 UAC。(SDCLT:Win7 引入,执行备份和恢复操作,自动提升权限)
- 2017.06 [4hou] 利用fodhelper.exe实现无文件Bypass UAC
- 2017.06 [pentestlab] 利用 Fodhelper (通过修改注册表)绕过 UAC
- 2017.05 [4hou] 如何使用SilentCleanup绕过UAC?
- 2017.05 [3gstudent] Study Notes of using SilentCleanup to bypass UAC
- 2017.05 [winscripting] 无文件绕过 UAC:通过修改注册表,操纵 fodhelper.exe 启动时加载的文件(fodhelper.exe:Win10 引入的文件,具有微软签名,启动时自动提升为管理员权限)
- 2017.05 [4hou] 如何使用任务计划程序绕过UAC?
- 2017.05 [moxia] 如何利用sdclt磁盘备份工具绕过UAC
- 2017.05 [360] 看我如何利用事件查看器绕过UAC(用户帐户控制)
- 2017.05 [pentestlab] UAC Bypass – Task Scheduler
- 2017.05 [pentestlab] UAC Bypass – Event Viewer
- 2017.04 [4hou] 如何利用sdclt.exe绕过UAC?
- 2017.03 [360] 看我如何利用sdclt.exe实现无文件绕过UAC
- 2017.03 [3gstudent] Study Notes of using sdclt.exe to bypass UAC
- 2017.03 [freebuf] 如何利用sdclt磁盘备份工具绕过UAC
- 2017.03 [win] Prevent interactive logon of Local Admins - Only allow UAC elevation
- 2017.03 [enigma0x3] 使用SDCLT.EXE实现“无文件”UAC绕过
- 2017.03 [enigma0x3] 使用App Path绕过UAC
- 2017.03 [sans] Another example of maldoc string obfuscation, with extra bonus: UAC bypass
- 2017.02 [decoder] Bypassing UAC from a remote powershell and escalating to “SYSTEM”
- 2017.01 [sans] Malicious Office files using fileless UAC bypass to drop KEYBASE malware
- 2017.01 [flashpoint] Dridex Banking Trojan Returns, Leverages New UAC Bypass Method
- 2016.12 [360] Fareit木马新变种:恶意宏绕过UAC提权新方法
- 2016.12 [fortinet] Malicious Macro Bypasses UAC to Elevate Privilege for Fareit Malware
- 2016.12 [sans] UAC Bypass in JScript Dropper
- 2016.12 [mdsec] Eventvwr File-less UAC Bypass CNA
- 2016.11 [venus] UAC 攻击剖析
- 2016.11 [hasherezade] DEMO: A malware bypassing UAC set to max (Windows 7 32bit)
- 2016.10 [freebuf] 巧用COM接口IARPUninstallStringLauncher绕过UAC
- 2016.09 [freebuf] 动手打造Bypass UAC自动化测试小工具,可绕过最新版Win10
- 2016.09 [360] Bypass-UAC-帮你绕过Windows的用户账户控制
- 2016.09 [freebuf] Bypass UAC的一个实例分析
- 2016.08 [hackingarticles] Hack Admin Access of Remote Windows 10 PC using TpmInit UACBypass
- 2016.08 [3gstudent] Study Notes Weekly No.1(Monitor WMI & ExportsToC++ & Use DiskCleanup bypass UAC)
- 2016.08 [3gstudent] Study Notes Weekly No.1(Monitor WMI & ExportsToC++ & Use DiskCleanup bypass UAC)
- 2016.08 [ensilo] Adding UAC Bypass to the Attacker’s Tool Set
- 2016.08 [360] 使用EVENTVWR.EXE和注册表劫持实现“无文件”UAC绕过
- 2016.08 [uacmeltdown] Bypassing User Account Control (UAC) using TpmInit.exe
- 2016.08 [enigma0x3] “Fileless” UAC Bypass Using eventvwr.exe and Registry Hijacking
- 2016.07 [enigma0x3] Bypassing UAC on Windows 10 using Disk Cleanup
- 2016.06 [DoktorCranium] Windows 10 UAC bypass with custom Meterpreter payloads
- 2016.03 [pediy] [原创]一个32位程序bypass win7 - win10 UAC(x86/x64)
- 2016.02 [freebuf] BypassUAC:Windows系统UAC绕过利器
- 2015.10 [evi1cg] 使用Powershell Bypass UAC
- 2015.10 [freebuf] Windows用户帐户控制 (UAC) 的绕过与缓解方式
- 2015.10 [freebuf] 利用PowerShell绕过UAC
- 2015.09 [harmj0y] Invoke-BypassUAC
- 2015.09 [360] 借用UAC完成的提权思路分享
- 2015.09 [freebuf] 借用UAC完成的提权思路分享
- 2015.09 [mikefrobbins] Working around UAC (User Access Control) without running PowerShell elevated
- 2015.07 [cmu] The Risks of Disabling the Windows UAC
- 2015.07 [cyberarms] System level Access and Plain Text Passwords using Bypass UAC and Mimikatz
- 2015.06 [grandstreamdreams] Stop UAC screen blackouts or UAC dimming delays
- 2015.05 [cylance] Trick me once, ShameOnUAC
- 2015.05 [privacy] Adaptive Penetration Testing 4: Windows UAC Bypass
- 2015.05 [myonlinesecurity] Microsoft patches AppCompat UAC bypass vulnerability | Bleen
- 2015.03 [securityblog] Invoking UAC for Privilege Escalation in batch file
- 2015.01 [pediy] [分享]win8.1 x86/x64 bypass UAC新玩法
- 2014.12 [greyhathacker] Bypassing Windows User Account Control (UAC) and ways of mitigation
- 2014.11 [malwaretech] Passive UAC Elevation
- 2014.07 [publicintelligence] DHS Unaccompanied Alien Children (UACs) 2014 Location of Origin Map
- 2014.05 [rapid7] From the Trenches: The New Generate Dynamic Stager Auxiliary, UAC Bypass and NAT
- 2014.04 [pediy] Bypass Win8.1 UAC源码 + 文档
- 2014.04 [pediy] 绕过win8.1 x64 UAC视频演示
- 2014.04 [secureidentity] Fileservers and UAC
- 2014.03 [hackingarticles] Bypass UAC Protection of Remote Windows PC in Memory Injection
- 2013.11 [myonlinesecurity] Using a standard User Account with high UAC settings in Windows 7
- 2013.10 [codeinsecurity] Steam UAC bypass via code execution
- 2013.02 [securityblog] Enable or Disable UAC from command line
- 2011.12 [] 突破UAC,获取system提权
- 2011.05 [infosecblog] Non-supporting of UAC
- 2011.02 [rebootuser] Windows 7, UAC & Network Applications
- 2011.01 [trustedsec] Windows UAC Bypass now in Metasploit!
- 2011.01 [trustedsec] Bypass Windows 7 x86/x64 UAC Fully Patched – Meterpreter Module
- 2010.06 [publicintelligence] Naval Security Group Activity (NAVSECGRUACT) Sugar Grove
- 2008.05 [microsoft] UAC, an Excellent Description and Discussion by Crispin Cowan
- 2007.08 [pediy] [原创]解决Vista下文件名中带Update不能通过UAC认证的问题。
- 2007.02 [microsoft] The Value of UAC in Windows Vista
- 2006.06 [microsoft] Windows Vista User Account Control (UAC)
- [206星][1y] [JS] jpcertcc/sysmonsearch Investigate suspicious activity by visualizing Sysmon's event log
- [126星][5m] [JS] baronpan/sysmonhunter An easy ATT&CK-based Sysmon hunting tool, showing in Blackhat USA 2019 Arsenal
- [19星][10m] [Py] jymcheong/sysmonresources Consolidation of various resources related to Microsoft Sysmon & sample data/log
- [17星][6m] olafhartong/sysmon-configs Various complete configs
- [12星][4y] defensivedepth/sysmon_ossec OSSEC Decoder & Rulesets for Sysmon Events
- [10星][6m] sametsazak/sysmon Sysmon and wazuh integration with Sigma sysmon rules [updated]
- [9星][1y] [PS] davebremer/export-sysmonlogs
- [9星][2y] kidcrash22/sysmon-threat-intel
- [8星][19d] [PS] hestat/ossec-sysmon A Ruleset to enhance detection capabilities of Ossec using Sysmon
- [1星][3y] [PS] nick-c/sysmon-installer A Sysmon Install script using the Powershell Application Deployment Toolkit
- [1星][3m] [PS] op7ic/sysmonfencer A tool designed to help in deployment and log collection for Sysmon across windows domain
- [0星][2y] [PS] stahler/sysmon_powershell Sysmon demo with PowerShell examples
- 2019.12 [vanimpe] Use Sysmon DNS data for incident response
- 2019.11 [4hou] 你不知道的威胁狩猎技巧:Windows API 与 Sysmon 事件的映射
- 2019.10 [HackersOnBoard] Subverting Sysmon Application of a Formalized Security Product Evasion Methodology
- 2019.09 [sans] Parsing Sysmon Events for IR Indicators
- 2019.09 [blackhillsinfosec] Getting Started With Sysmon
- 2019.09 [osandamalith] Unloading the Sysmon Minifilter Driver
- 2019.09 [specterops] Shhmon — Silencing Sysmon via Driver Unload
- 2019.09 [4hou] 如何逃逸Sysmon工具对DNS的监控
- 2019.09 [olafhartong] Sysmon 10.4 release
- 2019.09 [blackhillsinfosec] Webcast: Windows logging, Sysmon, and ELK
- 2019.08 [blackhillsinfosec] Webcast: Implementing Sysmon and Applocker
- 2019.07 [eforensicsmag] Using Sysmon and ETW For So Much More | By David Kennedy
- 2019.06 [nosecurecode] Sysmon in a Box
- 2019.06 [binarydefense] Using Sysmon and ETW For So Much More - Binary Defense
- 2019.06 [360] 如何规避Sysmon DNS监控
- 2019.06 [SecurityWeekly] Sysmon DNS Logging, Gravwell - PSW #608
- 2019.06 [xpnsec] Evading Sysmon DNS Monitoring
- 2019.06 [olafhartong] Using Sysmon in Azure Sentinel
- 2019.05 [olafhartong] Sysmon 10.0 - New features and changes
- 2019.02 [specterops] Putting Sysmon v9.0 AND/OR Grouping Logic to the Test
- 2019.02 [hexacorn] Sysmon – ideas, and gotchas
- 2019.01 [pediy] [原创]开源逆向的部分微软的sysmon工具的源代码
- 2019.01 [salesforce] Test out Bro-Sysmon
- 2019.01 [sans] Threat Hunting via Sysmon
- 2019.01 [sans] Threat Hunting in the Enterprise with Winlogbeat, Sysmon, and ELK
- 2019.01 [sans] Hunting with Sysmon to Unveil the Evil
- 2018.12 [specterops] Real-Time Sysmon Processing via KSQL and HELK — Part 3: Basic Use Case 🏹
- 2018.12 [specterops] Real-Time Sysmon Processing via KSQL and HELK — Part 2: Sysmon-Join KSQL Recipe 📖
- 2018.11 [salesforce] Open Sourcing Bro-Sysmon
- 2018.11 [securityartwork] Evading AV with Shellter. I also have Sysmon & Wazuh III. GAME OVER
- 2018.11 [specterops] Real-Time Sysmon Processing via KSQL and HELK — Part 1: Initial Integration 🏗
- 2018.11 [securityartwork] Evading AV with Shellter. I also have Sysmon and Wazuh II
- 2018.11 [securityartwork] Evading AV with Shellter. I also have Sysmon and Wazuh I
- 2018.10 [4hou] 绕过Sysmon的两种方法
- 2018.10 [360] 如何规避Sysmon
- 2018.10 [darkoperator] Operating Offensively Against Sysmon
- 2018.09 [root9b] DETECTING ADVANCED THREATS WITH SYSMON, WEF, AND ELASTICSEARCH
- 2018.09 [jpcert] Visualise Sysmon Logs and Detect Suspicious Device Behaviour -SysmonSearch-
- 2018.09 [360] 微软轻量级系统监控工具sysmon原理与实现完全分析(下篇)
- 2018.08 [360] 微软轻量级系统监控工具sysmon原理与实现完全分析(上篇)
- 2018.07 [syspanda] Threat Hunting: Fine Tuning Sysmon & Logstash to find Malware Callbacks C&C
- 2018.07 [hexacorn] Sysmon doing lines, part 5
- 2018.07 [4hou] 如何使用Sysmon来检测利用CMSTP绕过UAC的攻击
- 2018.07 [360] 使用 Sysmon 来检测利用 CMSTP 绕过 UAC 的攻击
- 2018.07 [specterops] Categorizing and Enriching Security Events in an ELK with the Help of Sysmon and ATT&CK
- 2018.07 [cyberwardog] Categorizing and Enriching Security Events in an ELK with the Help of Sysmon and ATT&CK
- 2018.06 [hexacorn] Sysmon doing lines, part 3
- 2018.06 [olafhartong] Endpoint detection Superpowers on the cheap — part 3 — Sysmon Tampering
- 2018.03 [360] 测试你的DFIR工具: Sysmon事件日志中的安全问题剖析
- 2018.03 [danielbohannon] Test Your DFIR Tools: Sysmon Edition
- 2018.03 [silentbreaksecurity] Windows Events, Sysmon and Elk…oh my! (Part 2)
- 2018.02 [silentbreaksecurity] Windows Events, Sysmon and Elk…oh my!
- 2018.02 [HITCON] [HITCON CMT 2017] R1D201 - Tracking Mimikatz by Sysmon and Elasticsearch
- 2017.12 [hexacorn] Sysmon doing lines, part 2
- 2017.11 [darkoperator] Operational Look at Sysinternals Sysmon 6.20 Update
- 2017.11 [nosecurecode] Sysmon View 1.4 released!
- 2017.11 [nosecurecode] Sysmon View 1.4 released!
- 2017.11 [cqureacademy] Building A Perfect Sysmon Configuration File
- 2017.11 [freebuf] 如何使用Sysmon监视工具来寻找含有宏的恶意文档
- 2017.10 [syspanda] Monitoring the monitor: Sysmon status
- 2017.10 [4hou] 用Sysmon进行威胁狩猎:发现具有宏的Word文档
- 2017.10 [n00py] Detecting CrackMapExec (CME) with Bro, Sysmon, and Powershell logs
- 2017.10 [darkoperator] Sysinternals Sysmon 6.10 Tracking of Permanent WMI Events
- 2017.10 [4hou] 如何使用Sysmon寻找带宏的Word恶意文档
- 2017.10 [360] Sysmon在威胁检测中的应用:检测启用宏的Word文档
- 2017.10 [malwarenailed] Hunting Mimikatz Using Sysmon + ELK - Part 2 of Series
- 2017.10 [syspanda] 实战使用 Sysmon 进行Threat Hunting。包括从点击邮件链接到下载并执行 Payload 全过程
- 2017.10 [hexacorn] Sysmon doing lines
- 2017.09 [malwarenailed] Enhanced PowerShell Logging and Sysmon Logs to ElasticSearch and Visualization/Dashboarding using Kibana - Part 1 of Series
- 2017.08 [n0where] Tracking & Visualizing Sysmon Logs: Sysmon View
- 2017.08 [nosecurecode] Sysmon Shell – Release 1.1
- 2017.08 [nosecurecode] Sysmon Shell – Release 1.1
- 2017.07 [nosecurecode] 使用 Sysmon View 可视化及监控 Sysmon 事件
- 2017.07 [nosecurecode] Visualizing & Tracking Sysmon events with Sysmon View 1.2
- 2017.07 [syspanda] Detecting Outbound connections Pt. 1 – Sysmon
- 2017.06 [securitylogs] Sysmon & the pyramid of hell!
- 2017.06 [nosecurecode] Updated SysmonView
- 2017.06 [nosecurecode] Updated Sysmon View
- 2017.05 [syspanda] Sysmon: Getting started
- 2017.05 [logrhythm] Detecting WannaCry Activity on Sysmon-Enabled Hosts
- 2017.05 [nosecurecode] Sysmon View
- 2017.05 [nosecurecode] Sysmon View
- 2017.04 [3or] 使用 sysmon 狩猎mimikatz:监控 OpenProcess()
- 2017.04 [4hou] 通过APC实现Dll注入——绕过Sysmon监控
- 2017.04 [cyberwardog] Chronicles of a Threat Hunter: Hunting for Remotely Executed Code via Services & Lateral Movement with Sysmon, Win Event Logs, and ELK
- 2017.04 [3gstudent] 通过APC实现Dll注入——绕过Sysmon监控
- 2017.04 [3gstudent] 通过APC实现Dll注入——绕过Sysmon监控
- 2017.04 [cyberwardog] Chronicles of a Threat Hunter: Hunting for In-Memory Mimikatz with Sysmon, Win Event Logs, and ELK - Part III (Overpass-the-Hash - EIDs 10, 4624, 4648, 4768)
- 2017.03 [cyberwardog] Chronicles of a Threat Hunter: Hunting for WMImplant with Sysmon and ELK - Part I (EID 1,12, 13, 17 & 18)
- 2017.03 [cyberwardog] Chronicles of a Threat Hunter: Hunting for In-Memory Mimikatz with Sysmon and ELK - Part II (Event ID 10)
- 2017.03 [nosecurecode] Sysmon Shell
- 2017.03 [nosecurecode] Sysmon Shell
- 2017.03 [cyberwardog] Chronicles of a Threat Hunter: Hunting for In-Memory Mimikatz with Sysmon and ELK - Part I (Event ID 7)
- 2017.03 [rsa] Why Sysmon when you have NWE
- 2017.03 [nettitude] Effectively analysing sysmon logs
- 2017.03 [syspanda] Advanced Sysmon filtering using Logstash
- 2017.03 [cyberwardog] Building a Sysmon Dashboard with an ELK Stack
- 2017.03 [syspanda] Setting up Windows Event Forwarder Server (WEF) (Domain) – Sysmon Part 2/3
- 2017.02 [syspanda] Deploying Sysmon through Group Policy (GPO) Updated scroll down
- 2017.02 [rsa] Log - Sysmon 6 Windows Event Collection
- 2017.02 [darkoperator] Posh-Sysmon Module for Creating Sysmon Configuration Files
- 2017.02 [holisticinfosec] Toolsmith Release Advisory: Sysmon v6 for Securitay
- 2017.02 [nettitude] Putting attackers in hi vis jackets with sysmon
- 2017.02 [angelalonso] Hunting malicious behaviour abusing PowerShell with Sysmon and Splunk
- 2017.02 [freebuf] 使用Sysmon和Splunk探测网络环境中横向渗透
- 2017.01 [securitylogs] Presentation on Sysmon Deployment
- 2017.01 [securitylogs] Sysmon 5 : New opportunities for hunting
- 2016.12 [freebuf] 使用轻量级工具Sysmon监视你的系统
- 2016.12 [] Sysmon - The Best Free Windows Monitoring Tool You Aren't Using
- 2016.10 [cqureacademy] Sysmon: how to set up, update and use?
- 2016.09 [jshlbrd] Hunter’s Tool Chest: Sysmon
- 2016.05 [securitylogs] Sysmon version 4 : Cool filtering!
- 2016.05 [securitylogs] Sysmon logs at scale analyzed with Splunk
- 2015.12 [defensivedepth] New Sysmon OSSEC Decoders….
- 2015.09 [defensivedepth] #SOCAugusta Deck: Sysmon & Security Onion Integration
- 2015.06 [defensivedepth] Sysmon & Security Onion, Part 5: Sysmon Event Collection
- 2015.06 [root9b] Detecting Advanced Threats with Sysmon, WEF, and ElasticSearch
- 2015.05 [defensivedepth] Sysmon & Security Onion, Part 4: Integrating Security Onion and Sysmon
- 2015.04 [p0w3rsh3ll] Deploy Sysmon with PowerShell Desired State Configuration
- 2015.04 [defensivedepth] Sysmon & Security Onion, Part 3: Enterprise Security Monitoring
- 2015.04 [defensivedepth] Sysmon & Security Onion, Part 2: Rise of Intelligence-Driven Computer Network Defense
- 2015.04 [defensivedepth] Sysmon & Security Onion: Monitoring Key Windows Processes for Anomalies
- 2015.03 [defensivedepth] Sysmon & Security Onion, Part 1: Rise of the Encrypted Web
- 2015.03 [defensivedepth] Using Sysmon To Enrich Security Onion’s Host-Level Capabilities
- 2015.03 [bsk] Detect System File Manipulations with SysInternals Sysmon
- 2015.02 [crowdstrike] Parsing Sysmon Events for IR Indicators
- 2015.02 [holisticinfosec] toolsmith: Sysmon 2.0 & EventViz
- 2015.02 [bsk] Sysmon Example Config XML
- 2015.01 [] OS X 10.9.x - sysmond XPC Privilege Escalation
- 2014.08 [sans] Using Sysinternals System Monitor (Sysmon) in a Malware Analysis Lab
- 2014.08 [darkoperator] Sysinternals New Tool Sysmon (System Monitor)
- [1228星][10d] [JS] jpcertcc/logontracer 通过可视化和分析Windows事件日志来调查恶意的Windows登录
- [865星][22d] [C++] google/uiforetw User interface for recording and managing ETW traces
- [654星][10m] [Roff] palantir/windows-event-forwarding 使用 Windows 事件转发实现网络事件监测和防御
- [640星][3y] [PS] hlldz/invoke-phant0m Windows Event Log Killer
- [609星][19d] [PS] sbousseaden/evtx-attack-samples 与特定攻击和利用后渗透技术相关的Windows事件样例
- [504星][10m] [C#] lowleveldesign/wtrace Command line tracing tool for Windows, based on ETW.
- [479星][5m] [PS] sans-blue-team/deepbluecli a PowerShell Module for Threat Hunting via Windows Event Logs
- [446星][9m] [PS] nsacyber/event-forwarding-guidance 帮助管理员使用Windows事件转发(WEF)收集与安全相关的Windows事件日志
- [393星][10m] [Py] williballenthin/python-evtx 纯Python编写的Windows事件日志解析器
- [341星][1y] [C++] qax-a-team/eventcleaner A tool mainly to erase specified records from Windows event logs, with additional functionalities.
- [306星][1m] [C#] zodiacon/procmonx 通过Windows事件日志获取与Process Monitor显示的相同的信息,无需内核驱动
- [282星][3m] [C#] fireeye/silketw flexible C# wrappers for ETW
- [282星][10m] [C#] nsacyber/windows-event-log-messages 检索Windows二进制文件中嵌入的Windows事件日志消息的定义,并以discoverable的格式提供它们
- [261星][3m] [C++] gametechdev/presentmon Tool for collection and processing of ETW events related to DXGI presentation.
- [249星][3m] [C++] microsoft/krabsetw KrabsETW provides a modern C++ wrapper and a .NET wrapper around the low-level ETW trace consumption functions.
- [214星][2y] [Py] thiber-org/userline 从Windows安全事件中查询并报告用户登录关系
- [146星][5m] [Py] fireeye/pywintrace Python 编写的 ETW(Event Tracing for Windows) Wrapper
- [144星][2y] [PS] jepaynemsft/weffles Build a fast, free, and effective Threat Hunting/Incident Response Console with Windows Event Forwarding and PowerBI
- [128星][4m] [Py] mvelazc0/oriana Oriana is a threat hunting tool that leverages a subset of Windows events to build relationships, calculate totals and run analytics. The results are presented in a Web layer to help defenders identify outliers and suspicious behavior on corporate environments.
- [99星][3y] [C#] cyberpoint/ruxcon2016etw Ruxcon2016 POC Code
- [82星][2y] [C#] zacbrown/powerkrabsetw PowerKrabsEtw is a PowerShell interface for doing real-time ETW tracing.
- [70星][5m] [Py] dgunter/evtxtoelk A lightweight tool to load Windows Event Log evtx files into Elasticsearch.
- [54星][6m] [PS] tasox/logrm LogRM is a post exploitation powershell script which it uses windows event logs to gather information about internal network
- [47星][2y] [Py] devgc/eventmonkey A Windows Event Processing Utility
- [43星][2y] [C#] zacbrown/hiddentreasure-etw-demo 在内存取证中,使用 ETW(Windows事件追踪) 挖掘宝藏的新方式
- [30星][2y] [C#] zacbrown/powershellmethodauditor PowerShellMethodAuditor listens to the PowerShell ETW provider and logs PowerShell method invocations.
- [29星][2y] [C#] aviavni/nativeleakdetector Win32 memory leak detector with ETW
- [28星][5m] fuzzysecurity/bh-arsenal-2019 SilkETW & SilkService
- [27星][4y] [Py] williballenthin/python-evt Pure Python parser for classic Windows Event Log files (.evt)
- [22星][4y] [C#] lallousx86/wepexplorer Windows Events Providers Explorer
- [12星][1y] [PS] piesecurity/windowseventstocsvtimeline Simple Powershell scripts to collect all Windows Event Logs from a host and parse them into one CSV timeline.
- [7星][4m] [PS] 1cysw0rdk0/whodunnit A PS forensics tool for Scraping, Filtering and Exporting Windows Event Logs
- [7星][5y] [R] holisticinfosec/eventviz EventViz Windows event log viewer
- [4星][3m] [C#] ceramicskate0/swelf Simple Windows Event Log Forwarder (SWELF). Its easy to use/simply works Log Forwarder, EVTX Parser and Reader. Make it your log forwarder through the configuration of the software. Now in early release here at
- [2星][1y] [C++] randomascii/bigfiles This repo exists for storing large data files such as ETW traces or crash dumps, often associated with blog posts
- 2019.12 [Cooper] EventList, Matching Windows Event Log IDs With MITRE ATT&CK - Miriam Wiesner
- 2019.09 [adventuresincyberchallenges] Powershell Encoded Payload In Clear Text in Windows Event Log 4688
- 2019.09 [Cyb3rWard0g] Threat Hunting with ETW events and HELK — Part 2: Shipping ETW events to HELK ⚒
- 2019.09 [Cyb3rWard0g] Threat Hunting with ETW events and HELK — Part 1: Installing SilkETW 🏄♀🏄
- 2019.05 [freebuf] SilkETW:一款针对Windows事件追踪的自定义C#封装工具
- 2019.04 [4sysops] Forward Windows events to a Syslog server with free SolarWinds Event Log Forwarder for Windows
- 2019.02 [360] ETW注册表监控windows内核实现原理
- 2019.01 [sans] Rocking Your Windows EventID with ELK Stack
- 2019.01 [sans] Threat Hunting via Windows Event Logs
- 2019.01 [sans] Hunting for Lateral Movement Using Windows Event Log
- 2018.12 [palantir] Tampering with Windows Event Tracing: Background, Offense, and Defense
- 2018.12 [sophos] Hunting for threats with Intercept X and the Windows Event Collector
- 2018.08 [4sysops] Query multiple Windows event logs with PowerShell
- 2018.07 [criteo] Grab ETW Session, Providers and Events
- 2018.07 [3gstudent] Windows Event Viewer Log (EVT)单条日志清除(三)——删除当前系统指定指定时间段evt日志记录
- 2018.07 [3gstudent] Windows Event Viewer Log (EVT)单条日志清除(三)——删除当前系统指定指定时间段evt日志记录
- 2018.07 [pentesttoolz] LogonTracer – Investigate Malicious Windows Logon By Visualizing And Analyzing Windows Event Log
- 2018.07 [dragos] EvtxToElk: A Python Module to Load Windows Event Logs into ElasticSearch
- 2018.07 [3gstudent] Windows Event Viewer Log (EVT)单条日志清除(二)——程序实现删除evt文件指定时间段的日志记录
- 2018.07 [3gstudent] Windows Event Viewer Log (EVT)单条日志清除(二)——程序实现删除evt文件指定时间段的日志记录
- 2018.07 [3gstudent] Windows Event Viewer Log (EVT)单条日志清除(一)——删除思路与实例
- 2018.07 [3gstudent] Windows Event Viewer Log (EVT)单条日志清除(一)——删除思路与实例
- 2018.06 [hecfblog] ETW Event Tracing for Windows and ETL Files
- 2018.04 [5yx] Windows Event Log to the Dark Side
- 2018.03 [intrinsec] Centralisation des journaux avec Windows Event Forwarding
- 2018.03 [illuminati] Performance Series Part 1 – How to collect an ETW/Xperf trace to capture general performance issues
- 2018.01 [rsa] Feed - Windows Event ID Criticality
- 2017.09 [blackhillsinfosec] End-Point Log Consolidation with Windows Event Forwarder
- 2017.09 [fireeye] pywintrace 介绍
- 2017.09 [redplait] ETW private loggers
- 2017.08 [asd] Technical Guidance for Windows Event Logging
- 2017.07 [huntingmalware] Hooking Windows events without knowing anything about C/C++
- 2017.07 [clong] The Windows Event Forwarding Survival Guide
- 2017.06 [illuminati] Quick and Dirty – Collect an ETW shutdown trace on Windows 7.
- 2017.05 [redplait] kernel etw traces in windows 10
- 2017.04 [4hou] 隐藏的宝藏:ETW的入侵检测(第1部分)
- 2017.03 [p0w3rsh3ll] ETW provider security – fix event id 30
- 2017.03 [syspanda] Sending Windows Event Forwarder Server (WEF) Logs to Elasticsearch (Winlogbeat)
- 2017.03 [syspanda] Setting up Windows Event Forwarder Server (WEF) (Domain) – GPO Deployment Part 3/3
- 2017.03 [syspanda] Setting up Windows Event Forwarder Server (WEF) (Domain) Part 1/3
- 2017.02 [guardicore] Who’s Afraid of ETW? GuardiCore Guide to Building a Robust Windows Agent
- 2017.01 [rsa] Logs - Collecting Windows Events with WEC
- 2017.01 [rsa] ESA - Intrusion Detection with Windows Event Logs
- 2016.11 [4hou] 如何通过ETW实现对USB键盘的键盘记录?
- 2016.10 [3gstudent] Study Notes Weekly No.3(Use odbcconf to load dll & Get-Exports & ETW USB Keylogger)
- 2016.10 [3gstudent] Study Notes Weekly No.3(Use odbcconf to load dll & Get-Exports & ETW USB Keylogger)
- 2016.09 [sans] Windows Events log for IR/Forensics ,Part 2
- 2016.09 [sans] Windows Events log for IR/Forensics ,Part 1
- 2016.09 [n0where] Python Windows Event Log Parser: python-evtx
- 2016.08 [sans] Recommended Reading: Intrusion Detection Using Indicators of Compromise Based on Best Practices and Windows Event Logs
- 2016.08 [logz] Windows Event Log Analysis with Winlogbeat & Logz.io
- 2016.01 [lallouslab] Windows Events Providers Explorer
- 2015.12 [jaapbrasser] PSBlogweek: PowerShell logging in the Windows Event log
- 2015.07 [vanimpe] Use EvtxParser to convert Windows Event Log files to XML
- 2015.06 [summitroute] Shipping Windows Events to Heka and ElasticSearch
- 2014.10 [windowsir] Windows Event Logs
- 2014.04 [lowleveldesign] LowLevelDesign.NLog.Ext and ETW targets for NLog
- 2013.02 [sans] Parsing Windows Eventlogs in Powershell
- 2012.09 [lowleveldesign] Diagnosing ADO.NET with ETW traces
- 2012.03 [lowleveldesign] A managed ETW provider and the 15002 error
- 2011.05 [thomasmaurer] Powershell: How to export Windows Eventlogs with Powershell
- 2009.04 [sans] Strange Windows Event Log entry
- 2008.03 [chuvakin] Poll #7: What tools do you use for Windows Event Log collection?
- 2007.12 [alienvault] Tutorial 5: Windows event logging
- [921星][7m] [PS] api0cradle/ultimateapplockerbypasslist The goal of this repository is to document the most common techniques to bypass AppLocker.
- [132星][13d] [PS] nsacyber/applocker-guidance Configuration guidance for implementing application whitelisting with AppLocker. #nsacyber
- [51星][8m] [PS] api0cradle/poweral A Powershell module that helps you identify AppLocker weaknesses
- [40星][2y] milkdevil/ultimateapplockerbypasslist
- [37星][4y] [C#] cn33liz/sharpcat SharpCat - A Simple Reversed Command Shell which can be started using InstallUtil (Bypassing AppLocker)
- [33星][2y] [C] demonsec666/secist_applocker
- [20星][1y] ivan1ee/regasm_installutil_applockerbypass AppLocker Bypass With Regasm/InstallUtil
- [14星][2y] [XSLT] 3gstudent/use-msxsl-to-bypass-applocker Learn from Casey Smith@subTee
- [8星][5y] [PS] strictlymike/invoke-schmapplocker Bypass AppLocker EXE file policies
- [7星][11m] api0cradle/applocker-stuff Just some random stuff for AppLocker
- [5星][2y] homjxi0e/applockerbpg AppLocker Bypassing Method )(
- 2019.11 [tyranidslair] The Internals of AppLocker - Part 3 - Access Tokens and Access Checking
- 2019.11 [tyranidslair] The Internals of AppLocker - Part 2 - Blocking Process Creation
- 2019.11 [tyranidslair] The Internals of AppLocker - Part 1 - Overview and Setup
- 2019.09 [blackhillsinfosec] Getting Started With AppLocker
- 2019.08 [p0w3rsh3ll] How to delete a single Applocker rule
- 2019.05 [oddvar] A small discovery about AppLocker
- 2019.04 [4hou] 通过regsrv32.exe绕过Applocker应用程序白名单的多种方法
- 2019.03 [4sysops] Application whitelisting: Software Restriction Policies vs. AppLocker vs. Windows Defender Application Control
- 2019.03 [4hou] 逃避手段再开花——从一个能逃避AppLocker和AMSI检测的Office文档讲起
- 2019.03 [yoroi] The Document that Eluded AppLocker and AMSI
- 2019.03 [p0w3rsh3ll] Applocker and PowerShell: how do they tightly work together?
- 2019.02 [4hou] 如何以管理员身份绕过AppLocker
- 2019.02 [oddvar] Bypassing AppLocker as an admin
- 2019.01 [hackingarticles] Windows Applocker Policy – A Beginner’s Guide
- 2019.01 [t00ls] 投稿文章:Bypass Applocker + 免杀执行任意 shellcode [ csc + installUtil ]
- 2018.12 [hecfblog] Daily Blog #580: Applocker and Windows 10
- 2018.12 [hecfblog] Daily Blog #581: Forensic Lunch Test Kitchen 12/28/18 Syscache Applocker and Server 2012
- 2018.12 [360] 多维度对抗Windows AppLocker
- 2018.12 [tsscyber] BloodHound.xpab — Applocker bypass
- 2018.10 [tsscyber] AppLocker Bypass — presentationhost.exe
- 2018.10 [oddvar] %Temp%orary Constrained Language mode in AppLocker
- 2018.10 [xpnsec] AppLocker CLM Bypass via COM
- 2018.09 [aliyun] 如何通过COM绕过AppLocker的约束语言模式(CLM)
- 2018.09 [360] 如何利用COM绕过AppLocker CLM
- 2018.09 [oddvar] AppLocker – Making sure that local rules are removed
- 2018.09 [mdsec] AppLocker CLM Bypass via COM
- 2018.09 [360] 如何绕过AppLocker自定义规则
- 2018.09 [improsec] AppLocker - hash badlisting
- 2018.09 [improsec] AppLocker - hash badlisting
- 2018.09 [rastamouse] Enumerating AppLocker Config
- 2018.07 [oddvar] AppLocker for admins – Does it work?
- 2018.05 [4hou] 利用CMSTP绕过AppLocker并执行代码
- 2018.05 [oddvar] Real whitelisting attempt using AppLocker
- 2018.05 [pentestlab] 利用cmstp.exe绕过AppLocker(任意DLL远程/本地执行)
- 2018.04 [3gstudent] 利用Assembly Load & LoadFile绕过Applocker的分析总结
- 2018.04 [3gstudent] 利用Assembly Load & LoadFile绕过Applocker的分析总结
- 2018.04 [aliyun] 利用PowerShell诊断脚本执行命令并绕过AppLocker
- 2018.03 [secist] AppLocker_Bypass List
- 2018.03 [3gstudent] 使用LUA脚本绕过Applocker的测试分析
- 2018.03 [3gstudent] 使用LUA脚本绕过Applocker的测试分析
- 2018.03 [aliyun] 使用LUA脚本绕过Applocker的测试分析
- 2018.02 [4hou] 如何利用PowerShell诊断脚本执行命令并绕过AppLocker
- 2018.02 [secist] Secist_Applocker_Bypass:一款applocker绕过的集合工具
- 2018.01 [bohops] Loading Alternate Data Stream (ADS) DLL/CPL Binaries to Bypass AppLocker
- 2018.01 [bohops] 利用 PowerShell 预装的诊断脚本 CL_Invocation.ps1/CL_LoadingAssembly.ps1 实现命令执行和 AppLocker 绕过
- 2017.12 [oddvar] Windows AppLocker 加固(Part 2)
- 2017.12 [oddvar] 绕过 Windows AppLocker 的若干技巧(Part 2)
- 2017.12 [oddvar] 基于上面的研究, 对AppLocker 加固
- 2017.09 [4hou] 绕过AppLocker系列之Regasm和Regsvcs的利用
- 2017.07 [4hou] 绕过AppLocker系列之CreateRestrictedToken的利用
- 2017.07 [4hou] 绕过AppLocker系列之弱路径规则的利用
- 2017.07 [4hou] 绕过AppLocker系列之控制面板的利用
- 2017.07 [4hou] 如何利用msxsl绕过AppLocker?
- 2017.07 [3gstudent] Use msxsl to bypass AppLocker
- 2017.07 [4hou] 绕过AppLocker系列之MSBuild的利用
- 2017.07 [evi1cg] Bypass AppLocker With MSXSL.EXE
- 2017.07 [pentestlab] AppLocker Bypass – CreateRestrictedToken
- 2017.07 [pentestlab] AppLocker Bypass – MSXSL
- 2017.06 [4hou] 绕过AppLocker系列之Rundll32的利用
- 2017.06 [aliyun] 绕过AppLocker系列之MSIEXEC的利用
- 2017.06 [4hou] 绕过AppLocker系列之MSIEXEC的利用
- 2017.06 [360] AppLocker绕过之文件拓展名
- 2017.06 [pentestlab] AppLocker Bypass – MSIEXEC
- 2017.06 [4hou] 看我如何利用文件扩展名绕过AppLocker?
- 2017.06 [pentestlab] AppLocker Bypass – IEExec
- 2017.06 [pentestlab] 利用文件后缀绕过 AppLocker
- 2017.06 [pentestlab] 利用 Assembly Load 绕过AppLocker
- 2017.06 [pentestlab] 利用 BgInfo 的配置文件执行脚本绕过 AppLocker
- 2017.05 [pentestlab] 在 .csproj(C#项目工程文件)中嵌入C#代码(执行ShellCode),由MSBuild 编译此 .csproj 文件导致ShellCode 执行。此功能可广泛应用于绕过 AppLocker、应用程序白名单等技术。文中列举了返回 Meterpreter Session、执行 PowerShell 脚本、执行 Mimikatz dump 密码等。
- 2017.05 [freebuf] 利用Regsvr32绕过Applocker的限制策略
- 2017.05 [360] 如何通过修改注册表绕过AppLocker
- 2017.05 [pentestlab] 使用 Control Panel 的注册表项绕过 AppLocker
- 2017.05 [pentestlab] 使用 Rundll32 绕过AppLocker
- 2017.05 [pentestlab] AppLocker 绕过:AppLocker默认允许所有 Windows 目录及 ProgramFiles 目录下的文件运行,普通用户可以将恶意文件置于以下目录,从而绕过 AppLocker
- 2017.05 [pentestlab] AppLocker 绕过:使用具有微软签名的 Regasm、Regsvcs 执行恶意DLL
- 2017.05 [contextis] 如何通过修改注册表绕过AppLocker
- 2017.05 [] AppLocker Bypass – InstallUtil
- 2017.05 [pentestlab] 使用 Regsvr32 绕过AppLocker
- 2017.05 [pentestlab] AppLockerBypass – InstallUtil
- 2017.02 [4hou] 不可阻挡的PowerShell :Red Teamer告诉你如何突破简单的AppLocker策略
- 2016.11 [evi1cg] Bypassing Applocker with msiexec
- 2016.09 [evi1cg] Bypassing Applocker with MSBuild.exe
- 2016.09 [evi1cg] AppLocker Bypass Techniques
- 2016.05 [cybrary] [podcast] Software Restriction Policies and Applocker
- 2016.04 [360] 利用regsvr32可以绕过MS Applocker保护机制运行代码
- 2016.03 [malwarebytes] Windows AppLocker: An Introduction
- 2016.01 [freebuf] Applocker:Windows网络保护之应用程序控制策略
- 2015.04 [p0w3rsh3ll] Configure Applocker with Desired State Configuration
- 2014.10 [pentestpartners] Using Applocker to protect your users from themselves, and you from your users
- 2014.08 [sans] AppLocker Event Logs with OSSEC 2.8
- 2012.02 [p0w3rsh3ll] Working with Applocker and Filepath Rules
- 2012.01 [p0w3rsh3ll] Working with GPO and Applocker
- 2011.07 [zeltser] AppLocker for Containing Windows Malware in the Enterprise
- [9星][3y] [C#] lowleveldesign/send2procmon A command line tool that sends its input data to a running procmon instance.
- [0星][6y] [Py] ldh0227/pmonparser Process Monitor Log File Parser (Only Input Support csv format)
- [0星][8m] [Py] xrkk/procmonlogfilter 解析ProcessMonitor生成的日志,过滤有效信息,并导入IDA等工具中查看。(代码编写于2017年,此处仅做备份。)
- [12676星][14d] [C#] 0xd4d/dnspy .NET debugger and assembly editor
- [9261星][11d] [C#] icsharpcode/ilspy .NET Decompiler
- [3694星][27d] [C#] 0xd4d/de4dot .NET deobfuscator and unpacker.
- [3263星][7m] [JS] sindresorhus/speed-test Test your internet connection speed and ping using speedtest.net from the CLI
- [1657星][14d] [C#] jbevain/cecil C#库, 探查/修改/生成 .NET App/库
- [251星][1y] [C#] brianhama/de4dot .NET deobfuscator and unpacker.
- [217星][11m] [C#] rainwayapp/warden Warden.NET is an easy to use process management library for keeping track of processes on Windows.
- [173星][2m] [ASP] lowleveldesign/debug-recipes My notes collected while debugging various .NET and Windows problems.
- [70星][8m] [C#] fsecurelabs/sharpcliphistory SharpClipHistory is a .NET application written in C# that can be used to read the contents of a user's clipboard history in Windows 10 starting from the 1809 Build.
- [52星][16d] [C#] 9ee1/capstone.net .NET Core and .NET Framework binding for the Capstone Disassembly Framework
- [1521星][11m] [PS] joefitzgerald/packer-windows 使用Packer创建Vagrant boxes的模板
- [1347星][1m] [Go] securitywithoutborders/hardentools 禁用许多有危险的Windows功能
- [1156星][1y] [HTML] nsacyber/windows-secure-host-baseline Windows 10和Windows Server 2016 DoD 安全主机基准设置的配置指南
- [1008星][6m] adolfintel/windows10-privacy Win10隐私指南
- [508星][17d] [PS] stefanscherer/packer-windows Windows Packer 模板:Win10, Server 2016, 1709, 1803, 1809, 2019, 1903, Insider with Docker
- [1348星][22d] [C] intel/haxm Intel 开源的英特尔硬件加速执行管理器,通过硬件辅助的虚拟化引擎,加速 Windows/macOS 主机上的 IA emulation((x86/ x86_64) )
- [1011星][1y] [C] ionescu007/simplevisor 英特尔VT-x虚拟机管理程序,简单、可移植。支持Windows和UEFI
- [717星][23d] [C++] tandasat/hyperplatform 基于Intel VT-x的虚拟机管理程序,旨在在Windows上提供精简的VM-exit过滤平台
- [570星][12m] [C] asamy/ksm 快速、hackable且简单的x64 VT-x虚拟机管理程序,支持Windows和Linux
- 重复区段: Linux->工具->新添加 |
- [449星][3y] [POV-Ray SDL] hzqst/syscall-monitor 使用Intel VT-X/EPT实现的系统调用追踪工具,类似于Sysinternal的Process Monitor,支持Win7+
- 重复区段: Windows->工具->系统调用 |
- [189星][10m] [C++] kelvinhack/khypervisor 适用于Windows的类似于bluepill的轻量级、嵌套VMM,提供并模拟英特尔VT-x的基本功能
- [933星][9m] [C] microsoft/windows-driver-frameworks Windows驱动框架(WDF)
- [781星][19d] axtmueller/windows-kernel-explorer Windows内核研究工具
- [510星][5m] [Py] rabbitstack/fibratus Windows内核探索和跟踪工具
- [479星][1m] [C] jkornev/hidden Windows驱动,带用户模式接口:隐藏文件系统和注册表对象、保护进程等
- [325星][2y] [Rust] pravic/winapi-kmd-rs Rust编写的Windows内核模式驱动
- [278星][2y] [C++] sam-b/windows_kernel_address_leaks Windows上从用户模式泄漏内核模式信息的示例
- [278星][12d] [PS] microsoftdocs/windows-driver-docs 官方Windows驱动程序工具包文档
- [232星][4y] [C] markjandrews/wrk-v1.2 Windows研究内核
- [490星][14d] [Batchfile] chef-koch/regtweaks Windows注册表调整(Win 7-Win 10)
- [288星][8m] [Py] williballenthin/python-registry 用于对Windows NT注册表文件进行纯读取访问的Python库
- [161星][1y] msuhanov/regf Windows注册表文件格式规范
- [725星][2m] [HTML] j00ru/windows-syscalls Windows 系统调用表(NT/2000/XP/2003/Vista/2008/7/2012/8/10)
- [449星][3y] [POV-Ray SDL] hzqst/syscall-monitor 使用Intel VT-X/EPT实现的系统调用追踪工具,类似于Sysinternal的Process Monitor,支持Win7+
- 重复区段: Windows->工具->VT |
- [328星][2m] [C] hfiref0x/syscalltables Windows NT x64系统调用表
- [277星][2y] [Assembly] tinysec/windows-syscall-table Win XP 到 Win 10 的系统调用表,包括 SSDT 和 Shadow SSDT
- [1296星][4y] [C++] microsoft/microsoft-pdb Microsoft提供的有关PDB格式的信息
- [949星][3m] [C] basil00/divert 用户模式数据包拦截库,适用于Win 7/8/10
- [863星][14d] [C++] henrypp/simplewall 为Windows 过滤平台提供的配置界面
- [726星][2m] [Py] diyan/pywinrm Python实现的WinRM客户端
- [578星][3y] [Pascal] t-d-k/librecrypt Windows的透明、即时磁盘加密,兼容LUKS
- [570星][1m] [C] hfiref0x/winobjex64 Windows对象浏览器. x64
- [463星][8m] [C#] microsoft/dbgshell PowerShell编写的Windows调试器引擎前端
- [418星][15d] [C] samba-team/samba 适用于Linux和Unix的标准Windows interoperability程序套件
- [405星][3y] [C++] rwfpl/rewolf-wow64ext 在64位Windows系统上的WOW64 layer下运行x86程序
- [403星][3y] [C#] zenlulz/memorysharp Windows程序内存编辑库,C#编写,可向远程进程注入输入和代码,或读取远程进程内存
- [389星][2m] [C#] microsoft/binskim 二进制静态分析工具,可为PE和ELF二进制格式提供安全性和正确性分析
- [387星][19d] [Jupyter Notebook] microsoft/windowsdefenderatp-hunting-queries 在MS Defender ATP中进行高级查询的示例
- [370星][27d] [Ruby] winrb/winrm 在Windows中使用WinRM的功能调用原生对象的SOAP库。Ruby编写
- [367星][1y] [PS] netspi/pesecurity 检查PE(EXE/DLL)编译选项是否有:ASLR, DEP, SafeSEH, StrongNaming, Authenticode。PowerShell模块
- [360星][12d] [C#] digitalruby/ipban 监视Windows/Linux系统的登录失败和不良行为,并封禁对应的IP地址。高度可配置,精简且功能强大。
- [353星][2y] [C++] zerosum0x0/winrepl 实现了“读取->执行->打印 循环”的Windows汇编代码,x86+x64
- [318星][3y] [C] sdhand/x11fs 操作X windows
- [298星][3y] [C++] googleprojectzero/symboliclink-testing-tools 用于测试Windows的各种符号链接类型的一套工具
- [289星][2y] [C++] godaddy/procfilter Windows 进程过滤系统。可以使用 Yara 规则匹配进程模块,从而阻止匹配的进程启动
- [281星][1y] [C++] fireeye/flare-wmi 描述Windows管理规范(WMI)技术的各种文档和代码项目
- [269星][12m] [Py] hakril/pythonforwindows 简化Python与Windows操作系统交互的库
- [238星][5m] [PS] microsoft/aaronlocker Windows应用程序白名单
- [233星][10m] [Go] masterzen/winrm Windows远程命令执行,命令行工具+库,Go编写
- [232星][1y] [C++] ionescu007/simpleator Windows x64用户模式应用程序模拟器
- [229星][4m] [C] tishion/mmloader 绕过Windows PE Loader,直接从内存中加载DLL模块(x86/x64)
- [228星][3m] [C] leecher1337/ntvdmx64 在64位版本上执行Windows DOS版的 NTVDM
- [226星][1y] [C++] rexdf/commandtrayhost 监控Windows systray的命令行工具
- [222星][2y] [C++] intelpt/windowsintelpt 实现Intel Skylake架构下的Intel处理器追踪功能的Windows驱动
- [210星][3m] adguardteam/adguardforwindows Windows系统范围的AdBlocker
- [208星][10m] [C] hzqst/unicorn_pe 模拟Windows PE文件的代码执行,基于Unicorn
- [206星][3y] [C++] k2/ehtrace 跟踪Windows上二进制文件的执行。
- [205星][3m] [C] jasonwhite/ducible 使PE和PDB的构建具有可复制性
- [202星][2y] [Py] euske/pyrexecd 独立的SSH服务器(Windows)
- [193星][11m] [C] ionescu007/winipt 利用Win10 1809添加的Intel处理器追踪功能进行进程追踪
- [192星][1m] [C++] blackint3/openark 反Rootkit工具(Windows)
- [192星][3y] [Ruby] zed-0xff/pedump 转储PE文件,Ruby编写
- [174星][3y] [C#] gangzhuo/kcptun-gui-windows 隧道工具kcptun的GUI
- [171星][2m] [Py] gleeda/memtriage 快速查询Windows计算机上的内存。使用Winpmem驱动访问物理内存,使用Volatility分析
- [164星][3y] [C++] zer0mem0ry/runpe 在与主机进程相同的地址空间中运行另一个Windows PE
- [163星][2m] [PS] dsccommunity/activedirectorydsc 包含用于部署和配置Active Directory的DSC资源
- [158星][7m] [C#] wohlstand/destroy-windows-10-spying 禁用/销毁Windows的间谍功能
- [151星][3y] [C] pustladi/windows-2000 Windows 2000专业版的源码
- [151星][2y] [Rust] trailofbits/flying-sandbox-monster 如何将 Windows Defender 放到沙箱中运行,以及关于 Windows 系统上 Rust 的若干思考
- [149星][1y] [C++] justasmasiulis/nt_wrapper 对原生Windows系统API的Wrapper
- [143星][11d] [C#] microsoft/windowsprotocoltestsuites 针对Windows开放规范的实现提供了互操作性测试
- [137星][4y] [Py] pentestmonkey/pysecdump 从Windows系统中转储安全相关信息,Python编写
- [136星][6y] [C++] zer0fl4g/nanomite Windows上用于x64和x86的图形调试器
- [135星][2m] [C] nomorefood/putty-cac Windows 安全Shell客户端,支持智能卡&证书
- [134星][2y] [Py] binarydefense/auto-ossec 为Linux和Windows自动配置OSSEC代理
- [134星][7m] [CMake] pothosware/pothossdr Pothos SDR Windows开发环境
- [133星][1y] [C++] 3gstudent/eventlogedit-evtx--evolution 从Windows XML事件日志(EVTX)文件中删除个别行
- [133星][3y] [C++] ioactive/i-know-where-your-page-lives 对的Windows 10内核进行非随机化
- [129星][2y] [Py] dviros/rat-via-telegram 使用Telegram控制已经攻克的Windows主机
- [124星][5m] [Py] fireeye/flare-qdb 操纵和修改Windows和Linux的软件行为的调试器,包括命令行工具和Python调试器
- [116星][3y] [Batchfile] bartblaze/disable-intel-amt Windows系统禁用AMT
- [115星][8m] [C++] dragonquesthero/pubg-pak-hacker 使用Windows内核驱动隐藏文件及自身,绕过BE
- [114星][4y] [C++] chengchengcc/ark-tools Windows Ark 工具的工程和一些demo
- [111星][8m] [C] wbenny/ksocket 在Windows驱动中使用WSK建立网络连接的示例
- [108星][2m] [PS] powershell/windowscompatibility Module that allows Windows PowerShell Modules to be used from PSCore6
- [107星][1m] [Py] ernw/windows-insight The content of this repository aims to assist efforts on analysing inner working principles, functionalities, and properties of the Microsoft Windows operating system. This repository stores relevant documentation as well as executable files needed for conducting analysis studies.
- [107星][5y] [C] malwaretech/tinyxpb Windows XP 32-Bit Bootkit
- [106星][2y] [C++] zerosum0x0/puppetstrings Hitch a free ride to Ring 0 on Windows
- [105星][4m] soffensive/windowsblindread A list of files / paths to probe when arbitrary files can be read on a Microsoft Windows operating system
- [105星][11m] [Py] thelinuxchoice/pyrat Windows远控
- [104星][2y] [C++] iceb0y/windows-container A lightweight sandbox for Windows application
- [102星][3m] [C++] giovannidicanio/winreg Convenient high-level C++ wrapper around the Windows Registry API
- [100星][2y] [C] shellster/dcsyncmonitor Monitors for DCSYNC and DCSHADOW attacks and create custom Windows Events for these events.
- [100星][2m] [C#] tyranid/windowsrpcclients This respository is a collection of C# class libraries which implement RPC clients for various versions of the Windows Operating System from 7 to Windows 10.
- [98星][10d] [C] libyal/libevtx Library and tools to access the Windows XML Event Log (EVTX) format
- [97星][3y] [C++] luctalpe/wmimon Tool to monitor WMI activity on Windows
- [96星][2y] [PS] australiancybersecuritycentre/windows_event_logging Windows Event Forwarding subscriptions, configuration files and scripts that assist with implementing ACSC's protect publication, Technical Guidance for Windows Event Logging.
- [96星][4y] [PS] nsacyber/certificate-authority-situational-awareness Identifies unexpected and prohibited certificate authority certificates on Windows systems. #nsacyber
- [94星][11m] [PS] equk/windows tweaks for Windows
- [93星][2y] [C++] kentonv/dvorak-qwerty "Dvorak-Qwerty ⌘" (DQ) keyboard layout for Windows and Unix/Linux/X
- [89星][2y] [PS] realparisi/wmi_monitor Log newly created WMI consumers and processes to the Windows Application event log
- [89星][17d] [C++] sinakarvandi/process-magics This is a collection of interesting codes about Windows Process creation.
- [89星][22d] [C] vigem/hidguardian Windows kernel-mode driver for controlling access to various input devices.
- [87星][1y] [PS] deepzec/win-portfwd Powershell script to setup windows port forwarding using native netsh client
- [87星][8y] [C] zoloziak/winnt4 Windows NT4 Kernel Source code
- [86星][1y] [C++] malwaretech/appcontainersandbox An example sandbox using AppContainer (Windows 8+)
- [86星][4y] [JS] nsacyber/locklevel A prototype that demonstrates a method for scoring how well Windows systems have implemented some of the top 10 Information Assurance mitigation strategies. #nsacyber
- [84星][3y] [C++] outflanknl/netshhelperbeacon Example DLL to load from Windows NetShell
- [83星][1y] [Py] silascutler/lnkparse Windows Shortcut file (LNK) parser
- [82星][2m] [C] 0xcpu/winaltsyscallhandler Some research on AltSystemCallHandlers functionality in Windows 10 20H1 18999
- [82星][5y] [C] nukem9/virtualdbghide Windows kernel mode driver to prevent detection of debuggers.
- [82星][2y] [Go] snail007/autostart autostart tools to set your application auto startup after desktop login,only for desktop version of linux , windows , mac.
- [81星][13d] [C] andreybazhan/symstore The history of Windows Internals via symbols.
- [80星][3y] [C++] cbayet/poolsprayer Simple library to spray the Windows Kernel Pool
- [80星][3y] [C++] wpo-foundation/win-shaper Windows traffic-shaping packet filter
- [75星][1m] [C++] sidyhe/dxx Windows Kernel Driver with C++ runtime
- [74星][2y] [C++] eyeofra/winconmon Windows Console Monitoring
- [72星][5y] [C#] khr0x40sh/whitelistevasion Collection of scripts, binaries and the like to aid in WhiteList Evasion on a Microsoft Windows Network.
- [71星][10m] [PS] iamrootsh3ll/anchorwatch A Rogue Device Detection Script with Email Alerts Functionality for Windows Subsystem
- [70星][4y] [C++] nccgroup/windowsdaclenumproject A collection of tools to enumerate and analyse Windows DACLs
- [69星][11m] [PS] itskindred/winportpush A simple PowerShell utility used for pivoting into internal networks via a compromised Windows host.
- [68星][20d] [C++] nmgwddj/learn-windows-drivers Windows drivers 开发的各个基础示例,包含进程、内存、注册表、回调等管理
- [68星][1m] [PS] dsccommunity/certificatedsc This DSC Resource module can be used to simplify administration of certificates on a Windows Server.
- [67星][4m] [Go] 0xrawsec/gene Signature Engine for Windows Event Logs
- [66星][2y] [C#] parsingteam/teleshadow2 TeleShadow - Telegram Desktop Session Stealer (Windows)
- [66星][5y] [C++] rwfpl/rewolf-dllpackager Simple tool to bundle windows DLLs with PE executable
- [65星][8m] [C] xiao70/x70fsd Windows file system filter drivers(minifilter) to encrypt, compress, or otherwise modify file-based data require some of the most complex kernel software developed for Windows.
- [63星][6m] [PS] rgl/windows-domain-controller-vagrant Example Windows Domain Controller
- [62星][3y] [C] arvanaghi/windows-dll-injector A basic Windows DLL injector in C using CreateRemoteThread and LoadLibrary. Implemented for educational purposes.
- [62星][4y] [Py] poorbillionaire/windows-prefetch-parser Parse Windows Prefetch files: Supports XP - Windows 10 Prefetch files
- [62星][1y] tyranid/windows-attacksurface-workshop Workshop material for a Windows Attack Surface Analysis Workshop
- [61星][5y] [C] evilsocket/libpe A C/C++ library to parse Windows portable executables written with speed and stability in mind.
- [61星][3y] [C++] maldevel/driver-loader Windows驱动加载器
- [61星][1y] [Py] srounet/pymem A python library for windows, providing the needed functions to start working on your own with memory editing.
- [61星][1y] [C++] tandasat/debuglogger A software driver that lets you log kernel-mode debug output into a file on Windows.
- [60星][3y] [PS] kevin-robertson/conveigh Conveigh is a Windows PowerShell LLMNR/NBNS spoofer detection tool
- [60星][2m] [Go] konimarti/opc OPC DA client in Golang for monitoring and analyzing process data based on Windows COM.
- [59星][8d] [C++] henrypp/errorlookup Simple tool for retrieving information about Windows errors codes.
- [59星][4y] [Py] psychomario/pyinject A python module to help inject shellcode/DLLs into windows processes
- [58星][5y] [C] hackedteam/soldier-win RCS Soldier for Windows
- [57星][7m] [PS] gnieboer/gnuradio_windows_build_scripts A series of Powershell scripts to automatically download, build from source, and install GNURadio and -all- it's dependencies as 64-bit native binaries then package as an msi using Visual Studio 2015
- [57星][6y] [Assembly] hackedteam/core-win64 RCS Agent for Windows (64bit)
- [57星][2y] [C#] mch2112/sharp80 TRS80 Emulator for Windows
- [55星][3y] [C#] nccgroup/mnemosyne mnemosyne:通用Windows内存抓取工具
- [55星][1y] [C#] tyranid/windowsruntimesecuritydemos Demos for Presentation on Windows Runtime Security
- [54星][26d] [Go] giuliocomi/backoori Tool aided persistence via Windows URI schemes abuse
- [53星][2y] [C#] guardicore/azure_password_harvesting Plaintext Password harvesting from Azure Windows VMs
- [53星][5y] [C++] hackedteam/core-win32 RCS Agent for Windows (32bit)
- [52星][2m] [TSQL] horsicq/xntsv XNTSV program for detailed viewing of system structures for Windows.
- [52星][1y] [PS] pldmgg/winadmincenterps Copy of Windows Admin Center (
- [51星][1y] [C++] tomladder/winlib Windows Manipulation Library (x64, User/Kernelmode)
- [50星][7m] [C] hfiref0x/mpenum Enumerate Windows Defender threat families and dump their names according category
- [50星][3y] [Py] matthewdunwoody/block-parser Parser for Windows PowerShell script block logs
- [49星][3y] [Py] dfirfpi/dpapilab Windows DPAPI laboratory
- [49星][3y] [PS] enclaveconsulting/crypto-pki Scripts related to Windows cryptography and PKI.
- [49星][7m] [C++] 0x00-0x00/cve-2019-0841-bypass A fully automatic CVE-2019-0841 bypass targeting all versions of Edge in Windows 10.
- [48星][2y] [C++] cherrypill/system_info Hardware information tool for Windows
- [48星][1m] [PS] littl3field/audix Audix is a PowerShell tool to quickly configure the Windows Event Audit Policies for security monitoring
- [47星][7m] [Go] hectane/go-acl Go library for manipulating ACLs on Windows
- [47星][1y] [C++] silica/sandbox Application virtualization tool for Windows
- [46星][6m] [C#] ericzimmerman/prefetch Windows Prefetch parser. Supports all known versions from Windows XP to Windows 10.
- [46星][2y] [C++] nccgroup/psr Pointer Sequence Reverser - enable you to see how Windows C++ application is accessing a particular data member or object.
- [46星][2m] [C#] brunull/pace A Remote Access Tool for Windows.
- [46星][13d] [Assembly] borjamerino/windows-one-way-stagers Windows Stagers to circumvent restrictive network environments
- [45星][3y] [C] gentilkiwi/basic_rpc Samples about Microsoft RPC and native API calls in Windows C
- [45星][19d] [TSQL] kacos2000/windowstimeline SQLite query & Powershell scripts to parse the Windows 10 (v1803+) ActivitiesCache.db
- [45星][3y] [PS] lazywinadmin/winformps PowerShell functions for Windows Forms controls
- [45星][28d] [C#] damonmohammadbagher/nativepayload_reverseshell This is Simple C# Source code to Bypass almost "all" AVS, (kaspersky v19, Eset v12 v13 ,Trend-Micro v16, Comodo & Windows Defender Bypassed via this method Very Simple)
- [44星][14d] [Py] technowlogy-pushpender/technowhorse TechNowHorse is a RAT (Remote Administrator Trojan) Generator for Windows/Linux systems written in Python 3.
- [43星][9m] [C] souhailhammou/drivers Windows Drivers
- [42星][2y] [C] nixawk/awesome-windows-debug Debug Windows Application / Kernel
- [42星][7m] [Visual Basic .NET] s1egesystems/ghostsquadhackers-javascript-encrypter-encoder Encrypt/Encode your Javascript code. (Windows Scripting)
- [42星][1y] [C++] 3gstudent/windows-eventlog-bypass Use subProcessTag Value From TEB to identify Event Log Threads
- [41星][3y] [PS] sikkandar-sha/sec-audit PowerShell Script for Windows Server Compliance / Security Configuration Audit
- [40星][1y] [Py] mnrkbys/vss_carver Carves and recreates VSS catalog and store from Windows disk image.
- [40星][6m] [Py] silv3rhorn/artifactextractor Extract common Windows artifacts from source images and VSCs
- [39星][3y] [C] scubsrgroup/taint-analyse Windows平台下的细粒度污点分析工具
- [39星][6m] [HTML] sophoslabs/cve-2019-0888 PoC for CVE-2019-0888 - Use-After-Free in Windows ActiveX Data Objects (ADO)
- [38星][1y] [C++] 3gstudent/eventlogedit-evt--general Remove individual lines from Windows Event Viewer Log (EVT) files
- [38星][5m] [C#] nyan-x-cat/disable-windows-defender Changing values to bypass windows defender C#
- [38星][2y] [Py] roothaxor/pystat Advanced Netstat Using Python For Windows
- [38星][3y] [C++] yejiansnake/windows-sys-base windows 系统API C++封装库,包含进程间通讯,互斥,内存队列等通用功能
- [37星][1y] [C++] rokups/reflectiveldr Position-idependent Windows DLL loader based on ReflectiveDLL project.
- [36星][4y] [PS] 5alt/zerorat ZeroRAT是一款windows上的一句话远控
- [36星][5y] [C++] kkar/teamviewer-dumper-in-cpp Dumps TeamViewer ID,Password and account settings from a running TeamViewer instance by enumerating child windows.
- [36星][4y] [C++] n3k/ekoparty2015_windows_smep_bypass Windows SMEP Bypass U=S
- [36星][1y] [C] realoriginal/alpc-diaghub Utilizing the ALPC Flaw in combiniation with Diagnostics Hub as found in Server 2016 and Windows 10.
- [35星][12d] [PS] dsccommunity/xfailovercluster This module contains DSC resources for deployment and configuration of Windows Server Failover Cluster.
- [35星][7m] [PS] swisscom/powergrr PowerGRR is an API client library in PowerShell working on Windows, Linux and macOS for GRR automation and scripting.
- [35星][6m] [C++] parkovski/wsudo Proof of concept sudo for Windows
- [34星][5m] [C++] blackint3/none UNONE and KNONE is a couple of open source base library that makes it easy to develop software on Windows.
- [34星][1m] [C#] ericzimmerman/appcompatcacheparser AppCompatCache (shimcache) parser. Supports Windows 7 (x86 and x64), Windows 8.x, and Windows 10
- [34星][1y] [PS] ptylenda/kubernetes-for-windows Ansible playbooks and Packer templates for creating hybrid Windows/Linux Kubernetes 1.10+ cluster with experimental Flannel pod network (host-gw backend)
- [34星][2y] [C++] swwwolf/obderef Decrement Windows Kernel for fun and profit
- [34星][26d] [C] zfigura/semblance Disassembler for Windows executables. Supports 16-bit NE (New Executable), MZ (DOS), and PE (Portable Executable, i.e. Win32) files.
- [33星][2y] [Batchfile] 3gstudent/winpcap_install Auto install WinPcap on Windows(command line)
- [33星][3y] [C++] kingsunc/minidump windows软件崩溃解决方案
- [32星][3y] [C++] ecologylab/ecotuiodriver Diver to convert tuio touch events into windows touch events. Started as GSoC 2012 project.
- [32星][3y] [C++] swwwolf/cbtest Windows kernel-mode callbacks tutorial driver
- [31星][5m] [C] csandker/inmemoryshellcode A Collection of In-Memory Shellcode Execution Techniques for Windows
- [31星][8y] [C] hackedteam/driver-win64 Windows (64bit) agent driver
- [31星][2y] [C++] hsluoyz/rmtsvc A web-based remote desktop & control service for Windows.
- [30星][3y] [CSS] botherder/flexikiller flexikiller:移除FlexiSpy 木马(Windows/Mac)
- [30星][2y] [C#] modzero/mod0umleitung modzero DNS Masquerading Server for Windows
- [29星][7y] [Shell] artemdinaburg/optimizevm Make Windows VMs Faster
- [29星][1y] [Py] skelsec/windows_ad_dos_poc PoC code for crashing windows active directory
- [29星][3y] [Py] 6e726d/pywiwi Python Windows Wifi
- [28星][2y] [C] bot-man-jl/wfp-traffic-redirection-driver WFP Traffic Redirection Driver is used to redirect NIC traffic on network layer and framing layer, based on Windows Filtering Platform (WFP).
- [28星][2y] defcon-russia/shortcut_auto_bind Windows LNK/URL shortcut auto-binding hotkey (not a bug, feature)
- [28星][8y] [C] hackedteam/driver-win32 Windows (32bit) agent driver
- [28星][4y] [C] icewall/forcedelete Windows driver including couple different techniques for file removal when regular operation isn't possible.
- [28星][5y] [C++] michael4338/tdi Windows Kernel Driver - Create a driver device in TDI layer of windows kernel to capture network data packets
- [28星][10m] [C#] raandree/managedpasswordfilter Windows Password Filter that uses managed code internally
- [27星][5m] [C#] 717021/pcmgr Windows 任务管理器重制版 A rebulid version for Windows task manager.
- [27星][3y] [C++] int0/ltmdm64_poc ltmdm64_poc:利用ltmdm64.sys 的漏洞绕过 Windows 7 SP1 x64 的代码完整性检查
- [27星][7m] [C++] slyd0g/timestomper PoC that manipulates Windows file times using SetFileTime() API
- [27星][2y] [Py] the404hacking/windows-python-rat A New Microsoft Windows Remote Administrator Tool [RAT] with Python by Sir.4m1R.
- [26星][7y] [C++] avalon1610/lpc windows LPC library
- [26星][3y] [Pascal] martindrab/vrtuletree VrtuleTree is a tool that displays information about driver and device objects present in the system and relations between them. Its functionality is very similar to famous DeviceTree, however, VrtuleTree emhasises on stability and support of latest Windows versions
- [26星][2y] [C++] strikerx3/whvpclient Windows Hypervisor Platform client
- [26星][4y] [Py] stratosphereips/stratospherewindowsips The Stratosphere IPS is a free software IPS that uses network behavior to detect and block malicious actions.
- [25星][2y] [C++] apriorit/custom-bootloader A demo tutorial for low-level and kernel developers - developing a custom Windows boot loader
- [25星][6y] [C++] dominictobias/detourxs A x86/64 library for detouring functions on Windows OS
- [24星][4y] [C] ltangjian/firewall Based on the research of Windows network architecture and the core packet filtering firewall technology, using NDIS intermediate driver, the article achieved the filter of the core layer, and completed the Windows Personal Firewall Design and Implementation.
- [24星][5y] [C++] michael4338/ndis Windows Kernel Driver - Create a driver device in intermediate layer of Windows kernel based on NDIS, which communicates with and connect upper layer (user mode applications) and lower layer (miniport driver/network card). Create self-defined protocols for transmitting data and control communications by simulating very simple HTTP, TCP and ARP p…
- [24星][1y] [Py] rootm0s/casper 👻 Socket based RAT for Windows with evasion techniques and other features for control
- [24星][4y] [C++] thecybermind/ipredir IP redirection+NAT for Windows
- [24星][3m] [C] hypersine/windowssudo A linux-like su/sudo on Windows. Transferred from
- [23星][3y] [C] hedgeh/sewindows 在Windows上建立一个开源的强制访问控制框架及SDK。使Windows平台的应用开发者,可以不用关心操作系统底层技术,只用进行简单的SDK调用或配置就可以保护自己的应用程序。
- [23星][4y] [JS] kolanich/cleanunwantedupdates A set of scripts to detect updates of Microsoft (TM) Windows (TM) OS which harm users' privacy and uninstall them
- [22星][1y] [C] codereba/netmon network filter driver that control network send speed, based on windows tdi framework.
- [21星][4y] [C#] adamcaudill/curvelock Experimental File & Message Encryption for Windows
- [21星][3y] [Visual Basic .NET] appsecco/winmanipulate A simple tool to manipulate window objects in Windows
- [21星][2y] [C] microwave89/drvtricks drvtriks kernel driver for Windows 7 SP1 and 8.1 x64, that tricks around in your system.
- [21星][1y] [JS] mindpointgroup/stig-cli A CLI for perusing DISA STIG content Mac, Linux, and Windows Compatible
- [20星][3y] [C++] andrewgaspar/km-stl A drop-in replacement for the C++ STL for kernel mode Windows drivers. The goal is to have implementations for things like the standard algorithms that don't require memory allocations or exceptions, and for implementations of type traits and other compile-time related headers. Full implementation of the STL is a non-goal.
- [20星][7m] [C] mtth-bfft/ntsec Standalone tool to explore the security model of Windows and its NT kernel. Use it to introspect privilege assignments and access right assignments, enumerate attack surfaces from the point of view of a sandboxed process, etc.
- [20星][1m] [C++] mullvad/libwfp C++ library for interacting with the Windows Filtering Platform (WFP)
- [20星][3y] [PS] rasta-mouse/invoke-loginprompt Invokes a Windows Security Login Prompt and outputs the clear text password.
- 2019.11 [aliyun] ARM EXP 开发 - 绕过 DEP 执行 mprotect()
- 2019.07 [codingvision] Bypassing ASLR and DEP - Getting Shells with pwntools
- 2019.01 [fuzzysecurity] MS13-009 Use-After-Free IE8 (DEP)
- 2019.01 [fuzzysecurity] BlazeVideo HDTV Player 6.6 Professional SEH&DEP&ASLR
- 2019.01 [fuzzysecurity] NCMedia Sound Editor Pro v7.5.1 SEH&DEP&ASLR
- 2019.01 [fuzzysecurity] ALLMediaServer 0.8 SEH&DEP&ASLR
- 2018.12 [360] CoolPlayer bypass DEP(CVE-2008-3408)分析
- 2018.09 [duo] Weak Apple DEP Authentication Leaves Enterprises Vulnerable to Social Engineering Attacks and Rogue Devices
- 2018.09 [3or] ARM Exploitation - Defeating DEP - executing mprotect()
- 2018.09 [3or] ARM Exploitation - Defeating DEP - execute system()
- 2018.06 [pediy] [原创]Easy MPEG to DVD Burner 1.7.11 SEH + DEP Bypass Local Buffer Overflow
- 2018.05 [pediy] [翻译]DEP缓解技术(一)
- 2017.12 [360] 利用缓解技术:数据执行保护(DEP)
- 2017.12 [0x00sec] Exploit Mitigation Techniques - Data Execution Prevention (DEP)
- 2017.10 [freebuf] 在64位系统中使用ROP+Return-to-dl-resolve来绕过ASLR+DEP
- 2017.10 [freebuf] 如何在32位系统中使用ROP+Return-to-dl来绕过ASLR+DEP
- 2017.08 [pediy] [原创]利用Ret2Libc挑战DEP——利用ZwSetInformationProcess
- 2017.06 [360] ropasaurusrex:ROP入门教程——DEP(下)
- 2017.06 [360] ropasaurusrex:ROP入门教程——DEP(上)
- 2017.05 [myonlinesecurity] fake clothing order Berhanu (PURCHASE DEPARTMENT) using winace files delivers Loki bot
- 2017.04 [4hou] Windows Shellcode学习笔记——利用VirtualAlloc绕过DEP
- 2017.03 [4hou] Windows Shellcode学习笔记——通过VirtualProtect绕过DEP
- 2017.03 [3gstudent] Windows Shellcode学习笔记——利用VirtualAlloc绕过DEP
- 2017.03 [3gstudent] Windows Shellcode学习笔记——利用VirtualAlloc绕过DEP
- 2017.03 [pediy] [原创]VUPlayer 2.49 - '.pls' Stack Buffer Overflow (Bypass DEP)
- 2017.03 [3gstudent] Windows Shellcode学习笔记——通过VirtualProtect绕过DEP
- 2017.03 [3gstudent] Windows Shellcode学习笔记——通过VirtualProtect绕过DEP
- 2016.11 [freebuf] “优雅”的Linux漏洞:用罕见方式绕过ASLR和DEP保护机制
- 2016.03 [myonlinesecurity] YOUR REFUND DEPOSIT COPY Lloyds Bank – fake PDF malware
- 2016.03 [trendmicro] Massive Malvertising Campaign in US Leads to Angler Exploit Kit/BEDEP
- 2016.01 [pediy] [翻译]Windows Exploit开发教程第九章-Exploitme3 (DEP)
- 2015.12 [ly0n] MS08_067 exploit analysis – part II defeating DEP
- 2015.12 [ly0n] MS08_067 exploit analysis – part II defeating DEP
- 2015.12 [freebuf] 利用Chakra JIT绕过DEP和CFG
- 2015.12 [conix] CONIX participe au DEP 2015
- 2015.12 [tencent] 利用Chakra JIT绕过DEP和CFG
- 2015.11 [knapsy] QuickZipV4.60 缓冲区溢出漏洞详解
- 2015.03 [trendmicro] BEDEP: Backdoors Brought Into The Light By Flash Zero-Days
- 2015.02 [freebuf] 黄金搭档:安全研究人员发现Flash 0day漏洞与BEDEP病毒存在密切关联
- 2015.02 [trendmicro] BEDEP Malware Tied To Adobe Zero-Days
- 2014.09 [ekoparty] SAP SECURITY IN DEPTH en la #eko10
- 2014.06 [netspi] Verifying ASLR, DEP, and SafeSEH with PowerShell
- 2014.03 [nsfocus] Microsoft Silverlight DEP/ASLR安全保护机制绕过漏洞
- 2014.02 [tekwizz123] Bypassing ASLR and DEP on Windows 7: The Audio Converter Case
- 2013.11 [mcafee] Solving the Mystery of the Office Zero-Day Exploit and DEP
- 2013.08 [pediy] [原创]异想天开之文档格式漏洞ByPass ASLR+DEP
- 2013.05 [pediy] [原创]DEP异常内核流程分析
- 2013.02 [corelan] DEPS – Precise Heap Spray on Firefox and IE10
- 2012.06 [sogeti] Bypassing ASLR and DEP on Adobe Reader X
- 2012.06 [a1logic] Disable DEP and ASLR on Windows 7 64bit at compile time
- 2012.05 [freebuf] Windows 8 DEP bypass
- 2012.02 [pediy] [原创]利用stackpivot和ROP绕过ASLR+DEP学习笔记
- 2011.10 [dist67] White Hat Shellcode Workshop: Enforcing Permanent DEP
- 2011.08 [pediy] [翻译]利用msvcr71.dll 与mona.py实现通用绕过DEP/ASLR
- 2011.07 [pediy] [求助]safeseh和DEP都开启了,有办法破吗
- 2011.07 [corelan] Universal DEP/ASLR bypass with msvcr71.dll and mona.py
- 2011.03 [pediy] [原创]Winamp Overflow Exploit (Win7 ASLR and DEP Bypass)
- 2011.01 [trendmicro] Using Information Leakage to Avoid ASLR+DEP
- 2010.09 [pediy] [翻译]Exploit 编写系列教程第十篇:用ROP束缚DEP-酷比魔方
- 2010.09 [immunityinc] DEPLIB 2.0
- 2010.06 [corelan] Exploit writing tutorial part 10 : Chaining DEP with ROP – the Rubik’s[TM] Cube
- 2010.03 [trendmicro] New Exploit Bypasses DEP
- 2009.12 [talosintelligence] DEP and Heap Sprays
- 2009.12 [pediy] [翻译]Exploit 编写系列教程第六篇 绕过Cookie,SafeSeh,HW DEP 和ASLR
- 2009.09 [corelan] Exploit writing tutorial part 6 : Bypassing Stack Cookies, SafeSeh, SEHOP, HW DEP and ASLR
- 2009.02 [pediy] [原创]MS08-067通用bypass DEP的缓冲区溢出栈帧构造方法的学习
- 2008.11 [talosintelligence] Fun with SSDT Hooks and DEP
- 2008.11 [immunityinc] DEPLIB
- 2017.06 [lowleveldesign] How to decode managed stack frames in procmon traces
- 2017.02 [lowleveldesign] When procmon trace is not enough
- 2016.09 [dist67] Malware: Process Explorer & Procmon
- 2015.06 [guyrleech] Advanced Procmon Part 2 – Filtering inclusions
- 2014.12 [guyrleech] Advanced Procmon Part 1 – Filtering exclusions
- [930星][15d] [Py] eliben/pyelftools Parsing ELF and DWARF in Python
- [787星][2m] [C] nixos/patchelf A small utility to modify the dynamic linker and RPATH of ELF executables
- [411星][9m] [Assembly] mewmew/dissection The dissection of a simple "hello world" ELF binary.
- [337星][9m] [Py] rek7/fireelf Fileless Linux Malware Framework
- [277星][4m] [Shell] cryptolok/aslray Linux ELF x32/x64 ASLR DEP/NX bypass exploit with stack-spraying
- [233星][2m] [C] elfmaster/libelfmaster Secure ELF parsing/loading library for forensics reconstruction of malware, and robust reverse engineering tools
- [181星][4y] [C++] jacob-baines/elfparser Cross Platform ELF analysis
- [163星][7m] [C++] serge1/elfio ELFIO - ELF (Executable and Linkable Format) reader and producer implemented as a header only C++ library
- [155星][5y] [C] arisada/midgetpack midgetpack is a multiplatform secure ELF packer
- [149星][2y] [C] elfmaster/skeksi_virus Devestating and awesome Linux X86_64 ELF Virus
- [144星][2y] [C] ixty/mandibule 向远程进程注入ELF文件
- [140星][1y] [C++] aclements/libelfin C++11 ELF/DWARF parser
- [137星][4m] [Py] tunz/binch A light ELF binary patch tool in python urwid
- [133星][8m] [Rust] aep/elfkit rust elf parsing, manipulation and (re)linking toolkit
- [123星][5y] [Py] ucsb-seclab/leakless Function redirection via ELF tricks.
- [111星][2y] [Go] lloydlabs/elf-strings read an ELF binary's string sections within a given binary. This is meant to be much like the strings UNIX utility, however is purpose built for ELF binaries.
- [107星][5y] [C] ioactive/melkor_elf_fuzzer Melkor is a very intuitive and easy-to-use ELF file format fuzzer to find functional and security bugs in ELF parsers.
- [73星][1y] [Ruby] fbkcs/msf-elf-in-memory-execution msf-elf-in-memory-execution: Metasploit模块, 用于在内存中执行ELF文件
- [64星][5y] [Py] sqall01/zwoelf An ELF parsing and manipulation library for Python
- [61星][3y] [Assembly] cranklin/cranky-data-virus Educational virus written in Assembly that infects 32-bit ELF executables on Linux using the data segment infection method
- [61星][2y] [Perl] xlogicx/m2elf Converts Machine Code to x86 (32-bit) Linux executable (auto-wrapping with ELF headers)
- [57星][7m] [Assembly] guitmz/memrun Small tool to run ELF binaries from memory with a given process name
- [56星][11m] [Py] genymobile/copydeps Analyze and copy library dependencies of ELF binaries
- [55星][5y] [C] anestisb/melkor-android An Android port of the melkor ELF fuzzer
- [52星][1m] [C] termux/termux-elf-cleaner Utility to remove unused ELF sections causing warnings.
- [50星][4y] [Py] wapiflapi/wsym Adds symbols to a ELF file.
- [47星][11m] [C] imbushuo/boot-shim Bootstraps ARM32/ARM64 ELF payloads on Qualcomm Windows platforms
- [46星][8m] [Py] capeleidokos/elf_diff A tool to compare ELF binaries
- [45星][4m] [Py] aencode/elf_analysis Perform Static and dynamic analysis on 32 bit ELF binary, and automate the process of stack based overflow exploitation.
- [45星][6m] [C] wangyinuo/fixelfsection
- [44星][2y] [Py] wizh/rop-chainer static program analysis tool that generates return-oriented exploits for ELF binaries
- [41星][3y] [Py] devttys0/botox SIGSTOPing ELF binaries since 0x7E1
- [41星][3y] [C] jmpews/evilelf Malicious use of ELF such as .so inject, func hook and so on.
- [38星][2y] [C] en14c/pivirus sample linux x86_64 ELF virus
- [37星][3d] [C] uclinux-dev/elf2flt ELF to bFLT (binary flat) converter for no-mmu Linux targets
- [36星][3y] [C++] tartanllama/libelfin C++11 ELF/DWARF parser
- [33星][3m] [Java] fornwall/jelf ELF parsing library in java.
- [29星][2m] [C] martinribelotta/elfloader ARMv7M ELF loader
- [27星][2y] [Go] namhyung/elftree ELF library dependency viewer
- [26星][2m] [Ruby] david942j/rbelftools ELF parser library implemented in pure Ruby!
- [23星][1m] [Haskell] galoisinc/elf-edit The elf-edit library provides a datatype suitable for reading and writing Elf files.
- [22星][6y] [C] t00sh/elf-poison Proof Of Concept for inserting code in ELF binaries.
- [21星][3m] [Go] tunz/binch-go A lightweight command-line ELF binary patch tool written in Go
- [21星][3y] [C] elemeta/elfloader load so file into current memory space and run function
- [20星][4m] [C] en14c/erebus Poc for ELF64 runtime infection via GOT poisoning technique by elfmaster
- [18星][6y] [C] depierre/pts Packer for PE and ELF, 32 and 64bits.
- [13星][2y] [Go] guitmz/gocave Finding code caves in ELF files with GoLang
- [12星][8m] [Go] guitmz/ezuri A Simple Linux ELF Runtime Crypter
- [9星][2y] [Nim] guitmz/nim-cephei Probably the first ELF binary infector ever created in Nim.
- [9星][4y] [C] sugawaray/efiboot A tool to execute an elf binary in the UEFI shell environment.
- [7星][2y] [C] mfaerevaag/elfinjector Code injector for ELF binaries (incl. PIE)
- [7星][29d] [C] colortear/elf-packer Encrypts 64-bit elf files that decrypt at runtime.
- [5星][8m] [PHP] ircmaxell/php-elf-symbolresolver A linux object file (ELF) parser
- [4星][2m] [C] adwait1-g/parsemyelf A bunch of tools which help in understanding ELF binaries better
- [4星][2y] [C] efidroid/modules_elf2efi convert statically linked ELF binaries to PE images for UEFI
- [2星][9m] [Py] capeleidokos/leidokos-changereport Generates change reports with elf_diff for the Kaleidoscope firmware
- [2星][2y] [C] youben11/parself Yet another elf parser
- [2星][1y] [C] tyoma/symreader C++ ELF parser
- [1星][5y] [c] renorobert/core2elf
- 2019.10 [aliyun] 64 位 elf 的 one_gadget 通杀思路
- 2019.10 [HackersOnBoard] AFL's Blindspot and How to Resist AFL Fuzzing for Arbitrary ELF Binaries
- 2019.10 [HackersOnBoard] Black Hat USA 2016 Intra-Process Memory Protection for App on ARM & X86 Leveraging the ELF ABI
- 2019.09 [freebuf] CVE-2018-6924:解析FreeBSD ELF 头导致内核内存泄露
- 2019.07 [quarkslab] CVE-2018-6924: FreeBSD ELF Header Parsing Kernel Memory Disclosure
- 2019.07 [trendmicro] A Quick and Efficient Method For Locating the main() function of Linux ELF Malware Variants
- 2019.05 [0x00sec] Doubt infect ELF
- 2019.04 [guitmz] Linux ELF Runtime Crypter
- 2019.03 [guitmz] Running ELF executables from memory
- 2019.02 [icyphox] Python for Reverse Engineering #1: ELF Binaries
- 2019.01 [aliyun] 圣诞老人的ELFs:在没有execve的情况下运行Linux可执行文件
- 2019.01 [freebuf] Pwntools之DynELF原理探究
- 2019.01 [rapid7] Santa's ELFs: Running Linux Executables Without execve
- 2018.12 [360] Linux系统内存执行ELF的多种方式
- 2018.12 [ZeroNights] Yaroslav Moskvin - ELF execution in Linux RAM
- 2018.11 [k3170makan] Introduction to the ELF Format (Part VII): Dynamic Linking / Loading and the .dynamic section
- 2018.10 [k3170makan] Introduction to the ELF Format (Part VI) : More Relocation tricks - r_addend execution (Part 3)
- 2018.10 [k3170makan] Introduction to The ELF Format (Part VI): The Symbol Table and Relocations (Part 2)
- 2018.10 [k3170makan] Introduction to the ELF Format (Part VI) : The Symbol Table and Relocations (Part 1)
- 2018.10 [k3170makan] Introduction to the ELF Format (Part V) : Understanding C start up .init_array and .fini_array sections
- 2018.10 [k3170makan] Introduction to The ELF Format (Part IV): Exploring Section Types and Special Sections
- 2018.09 [k3170makan] Introduction to the ELF File Format (Part III) : The Section Headers
- 2018.09 [k3170makan] Introduction to the ELF Format Part II : Understanding Program Headers
- 2018.09 [k3170makan] Introduction to the ELF Format : The ELF Header (Part I)
- 2018.08 [intezer] Intezer Analyze™ ELF Support Release: Hakai Variant Case Study
- 2018.08 [0x00sec] Issues with elf file injection tutorial by pico
- 2018.08 [knapsy] FileVault CTF Challenge - ELF X64 Buffer Overflow
- 2018.06 [0x00sec] 剖析并利用 ELF 文件
- 2018.05 [advancedpersistentjest] Writeups – ELF Crumble (DEFCON Quals)
- 2018.04 [aliyun] ELF病毒分析
- 2018.03 [360] 如何Fuzz ELF文件中的任意函数
- 2018.01 [rekall] ELF hacking with Rekall
- 2018.01 [blahcat] Fuzzing arbitrary functions in ELF binaries
- 2018.01 [pediy] [翻译]GNU Hash ELF Sections
- 2017.12 [blackhillsinfosec] A Holiday Tale of Two Teams: The Blue Team Barbie & Red Team Elf on the Shelf saga
- 2017.10 [pediy] [翻译]自己动手编写一个Linux调试器系列之4 ELF文件格式与DWARF调试格式 by lantie@15PB
- 2017.09 [guitmz] More fun with ELF files and GoLang - Code Caves
- 2017.07 [0x00sec] [PatchMe] Playing With ELF Structures
- 2017.05 [freebuf] 分析静态编译加剥离的ELF文件的一些方法
- 2017.04 [veritas501] 【搬运】ELF如何摧毁圣诞
- 2016.12 [advancedpersistentjest] Technique – Dumping ELF from Format String
- 2016.12 [8090] 借助DynELF实现无libc的漏洞利用小结
- 2016.12 [360] 借助DynELF实现无libc的漏洞利用小结
- 2016.12 [360] 一个 ELF 蠕虫分析
- 2016.10 [talosintelligence] Hopper Disassembler ELF Section Header Size Code Execution Vulnerability
- 2016.10 [talosintelligence] Vulnerability Spotlight: Hopper Disassembler ELF Section Header Size Code Execution
- 2016.09 [freebuf] 安卓ELF恶意软件深度分析
- 2016.07 [pediy] [原创]ELF文件加密简单小工具源码
- 2016.06 [backtrace] Exploiting ELF Expansion Variables
- 2016.06 [virusbulletin] VB2015 paper: DDoS Trojan: A Malicious Concept that Conquered the ELF Format
- 2016.05 [0x00sec] ELFun File Injector
- 2016.04 [freebuf] MMD-0053-2016:ELF/STD IRC Bot恶意软件分析
- 2016.04 [backtrace] ELF shared library injection forensics
- 2016.04 [deepsec] Return of the Penguin Challenge – ELF (?) Binary (?)
- 2016.02 [360] MMD-0051-2016 – 小型ELF远程后门程序揭秘
- 2016.01 [n0where] Cross Platform ELF Analysis: ELF Parser
- 2015.12 [toolswatch] [New Tool] ELF Parser v1.4.0
- 2015.11 [freebuf] ELF反调试初探
- 2015.09 [linux] The 101 of ELF Binaries on Linux: Understanding and Analysis
- 2015.08 [pediy] [原创]Android安全防御-ELF篇(简单总结)
- 2015.07 [pnfsoftware] Android Dalvik, inside OAT, inside ELF
- 2015.07 [] Execution of ELF
- 2015.06 [freebuf] 浅谈被加壳ELF文件的DUMP修复
- 2015.06 [v0ids3curity] Rebuilding ELF from Coredump
- 2015.05 [freebuf] 浅谈被加壳ELF的调试
- 2015.05 [guitmz] Having fun with ELF files and GoLang
- 2015.05 [evilsocket] Android Native API Hooking With Library Injection and ELF Introspection.
- 2015.02 [w00tsec] Firmware Forensics: Diffs, Timelines, ELFs and Backdoors
- 2014.12 [v0ids3curity] Return to VDSO using ELF Auxiliary Vectors
- 2014.11 [ioactive] ELF Parsing Bugs by Example with Melkor Fuzzer
- 2014.10 [pediy] [原创]基于Android的ELF PLT/GOT符号重定向过程及ELF Hook实现
- 2014.10 [allsoftwaresucks] abusing Mesa by hooking ELFs and ioctl
- 2014.10 [pediy] [原创]ELF DIY For Anddroid
- 2014.09 [pediy] [原创]ELF section修复的一些思考
- 2014.09 [cerbero] Stripping symbols from an ELF
- 2014.07 [evilsocket] Back From the Grave: ELF32 Universal Command Injector
- 2014.04 [pediy] [原创]最近学习ELF结构,顺便写了个解析工具
- 2013.12 [jvns] Day 42: How to run a simple ELF executable, from scratch (I don't know)
- 2013.12 [aassfxxx] Hiding code in ELF binary
- 2013.11 [] Autopsie d'un fichier ELF
- 2013.11 [cerbero] ELF Support
- 2013.10 [] ajout de code à un binaire elf?
- 2013.10 [] En tête ELF
- 2013.09 [pediy] [原创]LINUX ELF HOOK DEMO源码
- 2013.08 [pediy] [原创]LINUX ELF文件动态加载调试
- 2013.08 [cerbero] Dissecting an ELF with C++ Types
- 2013.05 [aassfxxx] Making ELF packer for fun and chocapicz (part 2)
- 2013.05 [volatility] MoVP II - 1.2 - VirtualBox ELF64 Core Dumps
- 2013.05 [aassfxxx] Making ELF packer for fun and chocapicz
- 2013.01 [dustri] Screwing elf header for fun and profit
- 2012.10 [pediy] [原创]一个ELF格式的脱壳破解记录
- 2012.09 [pediy] [翻译]42字节可执行文件;ELF介绍;求Kx(四)
- 2011.11 [thireus] execve("/bin//sh", ["/bin//sh"], NULL) - Linux elf32-i386
- 2011.07 [pediy] 关于ida调试android elf可执行文件
- 2010.03 [publicintelligence] ELF/VLF Wave-injection and Magnetospheric Probing with HAARP
- 2010.03 [publicintelligence] Ionospheric modification and ELF/VLF wave generation by HAARP
- 2009.08 [evilcodecave] SSH Malware Analysis – udp.pl, Juno and Stealth ELFs Reversing
- 2008.11 [pediy] [原创]手工打造ELF文件
- 2007.06 [mckeay] This is clearly a Shadow Run Elf, not a Vulcan!
- 2007.03 [pediy] [原创]无聊,发个 elf 压缩壳。
- 2005.11 [sans] XML RPC worm - New Variant - ELF_LUPPER.B
- 2005.01 [pediy] 关于ELF文件格式的实验
- [1544星][2y] [C] ezlippi/webbench Webbench是Radim Kolar在1997年写的一个在linux下使用的非常简单的网站压测工具。它使用fork()模拟多个客户端同时访问我们设定的URL,测试网站在压力下工作的性能,最多可以模拟3万个并发连接去测试网站的负载能力。官网地址:
- [1450星][2m] [C] feralinteractive/gamemode Optimise Linux system performance on demand
- [1413星][21d] [C++] google/nsjail A light-weight process isolation tool, making use of Linux namespaces and seccomp-bpf syscall filters (with help of the kafel bpf language)
- [895星][29d] [C] buserror/simavr simavr is a lean, mean and hackable AVR simulator for linux & OSX
- [759星][1m] [Py] korcankaraokcu/pince A reverse engineering tool that'll supply the place of Cheat Engine for linux
- [741星][2m] [C] yrp604/rappel A linux-based assembly REPL for x86, amd64, armv7, and armv8
- [731星][17d] [C] strace/strace strace is a diagnostic, debugging and instructional userspace utility for Linux
- [585星][3y] [C] ktap/ktap a new scripting dynamic tracing tool for Linux
- [570星][12m] [C] asamy/ksm 快速、hackable且简单的x64 VT-x虚拟机管理程序,支持Windows和Linux
- 重复区段: Windows->工具->VT |
- [565星][12d] [C++] intel/linux-sgx Intel SGX for Linux*
- [560星][2m] [Py] autotest/autotest Fully automated tests on Linux
- [536星][5m] [C++] nytrorst/shellcodecompiler 将C/C ++样式代码编译成一个小的、与位置无关且无NULL的Shellcode,用于Windows(x86和x64)和Linux(x86和x64)
- [509星][8m] [C] iovisor/ply Dynamic Tracing in Linux
- [506星][3y] [C] gaffe23/linux-inject Tool for injecting a shared object into a Linux process
- [468星][9d] [C] libreswan/libreswan an Internet Key Exchange (IKE) implementation for Linux.
- [462星][2y] [C++] aimtuxofficial/aimtux A large Linux csgo cheat/hack
- [441星][12d] [C] facebook/openbmc OpenBMC is an open software framework to build a complete Linux image for a Board Management Controller (BMC).
- [405星][10m] [Shell] microsoft/linux-vm-tools Hyper-V Linux Guest VM Enhancements
- [393星][2m] [Shell] yadominjinta/atilo Linux installer for termux
- [355星][3y] [C] adtac/fssb A filesystem sandbox for Linux using syscall intercepts.
- [354星][2m] [C] seccomp/libseccomp an easy to use, platform independent, interface to the Linux Kernel's syscall filtering mechanism
- [331星][5m] [Go] capsule8/capsule8 对云本地,容器和传统的基于 Linux 的服务器执行高级的行为监控
- [318星][3y] [C] chobits/tapip user-mode TCP/IP stack based on linux tap device
- [282星][2m] [Py] facebook/fbkutils A variety of utilities built and maintained by Facebook's Linux Kernel Team that we wish to share with the community.
- [233星][2y] [C] hardenedlinux/grsecurity-101-tutorials 增强 Linux 内核安全的内核补丁集
- [228星][8m] [C] wkz/ply Light-weight Dynamic Tracer for Linux
- [203星][3y] [C] google/kasan KernelAddressSanitizer, a fast memory error detector for the Linux kernel
- [199星][4y] [C] dismantl/linux-injector Utility for injecting executable code into a running process on x86/x64 Linux
- [192星][7m] [C] andikleen/simple-pt Simple Intel CPU processor tracing on Linux
- [173星][1m] [C] netoptimizer/network-testing Network Testing Tools for testing the Linux network stack
- [147星][22d] [Shell] hardenedlinux/debian-gnu-linux-profiles Debian GNU/Linux based Services Profiles
- [144星][15d] [Shell] sclorg/s2i-python-container Python container images based on Red Hat Software Collections and intended for OpenShift and general usage, that provide a platform for building and running Python applications. Users can choose between Red Hat Enterprise Linux, Fedora, and CentOS based images.
- [140星][7y] [C] johnath/beep beep is a command line tool for linux that beeps the PC speaker
- [139星][7m] [C] dzzie/scdbg note: current build is VS_LIBEMU project. This cross platform gcc build is for Linux users but is no longer updated. modification of the libemu sctest project to add basic debugger capabilities and more output useful for manual RE. The newer version will run under WINE
- [133星][1m] [C] arsv/minibase small static userspace tools for Linux
- [127星][10y] [C] spotify/linux Spotify's Linux kernel for Debian-based systems
- [122星][5m] [C] dschanoeh/socketcand A deprecated fork of socketcand. Please got to linux-can for the latest version.
- [119星][2m] [Py] containers/udica This repository contains a tool for generating SELinux security profiles for containers
- [116星][1y] [Shell] fox-it/linux-luks-tpm-boot A guide for setting up LUKS boot with a key from TPM in Linux
- [109星][2m] [Py] vstinner/python-ptrace a debugger using ptrace (Linux, BSD and Darwin system call to trace processes) written in Python
- [99星][2y] [Shell] aoncyberlabs/cexigua Linux based inter-process code injection without ptrace(2)
- [97星][7m] [Shell] gavinlyonsrepo/cylon Updates, maintenance, backups and system checks in a TUI menu driven bash shell script for an Arch based Linux distro
- [93星][6m] [Shell] vincentbernat/eudyptula-boot Boot a Linux kernel in a VM without a dedicated root filesystem.
- [83星][2y] [C] xobs/novena-linux Linux kernel with Novena patches -- expect frequent rebases!
- [77星][6m] [Py] cybereason/linux_plumber A python implementation of a grep friendly ftrace wrapper
- [74星][3y] [Shell] inquisb/unix-privesc-check Shell script that runs on UNIX systems (tested on Solaris 9, HPUX 11, various Linux distributions, FreeBSD 6.2). It detects misconfigurations that could allow local unprivileged user to escalate to other users (e.g. root) or to access local apps (e.g. databases). This is a collaborative rework of version 1.0
- [72星][7m] [C] hc0d3r/alfheim a linux process hacker tool
- [70星][14d] [Shell] sclorg/s2i-php-container PHP container images based on Red Hat Software Collections and intended for OpenShift and general usage, that provide a platform for building and running PHP applications. Users can choose between Red Hat Enterprise Linux, Fedora, and CentOS based images.
- [68星][16d] drduh/pc-engines-apu-router-guide Guide to building a Linux or BSD router on the PC Engines APU platform
- [68星][10d] [TS] flathub/linux-store-frontend A web application to browse and install applications present in Flatpak repositories. Powers
- [65星][3m] [Py] archlinux/arch-security-tracker Arch Linux Security Tracker
- [65星][8d] [Shell] mdrights/liveslak 中文化的隐私加强 GNU/Linux 系统 - Forked from Alien Bob's powerful building script for Slackware Live.
- [60星][2y] [C] skeeto/ptrace-examples Examples for Linux ptrace(2)
- [58星][2y] [Go] evilsocket/ftrace Go library to trace Linux syscalls using the FTRACE kernel framework.
- [58星][3m] [Java] exalab/anlinux-adfree AnLinux, Ad free version.
- [58星][3y] [CSS] wizardforcel/sploitfun-linux-x86-exp-tut-zh
- [54星][1y] [Py] k4yt3x/defense-matrix Express security essentials deployment for Linux Servers
- [53星][10m] [C] marcan/lsirec LSI SAS2008/SAS2108 low-level recovery tool for Linux
- [52星][1y] [C] pymumu/jail-shell Jail-shell is a linux security tool mainly using chroot, namespaces technologies, limiting users to perform specific commands, and access sepcific directories.
- [49星][3m] [C] thibault-69/rat-hodin-v2.9 Remote Administration Tool for Linux
- [49星][2y] [C] cnlohr/wifirxpower Linux-based WiFi RX Power Grapher
- [49星][3y] [Assembly] t00sh/assembly Collection of Linux shellcodes
- [45星][2y] [Go] c-bata/systracer Linux/x86 系统调用追踪, Go语言实现
- [45星][6y] [JS] cyberpython/wifiscanandmap A Linux Python application to create maps of 802.11 networks
- [45星][4y] [C] shadowsocks/iptables iptables is the userspace command line program used to configure the Linux 2.4.x and later packet filtering ruleset. It is targeted towards system administrators.
- [44星][7m] [C] junxzm1990/pomp 在 Linux 系统上开发 POMP 系统,分析崩溃后的 artifacts
- [43星][6m] [Ruby] b1ack0wl/linux_mint_poc
- [43星][2y] [C] gcwnow/linux Linux kernel for GCW Zero (Ingenic JZ4770)
- [41星][3y] [Py] fnzv/trsh trsh:使用电报 API 与 Linux 服务器通信,Python编写。
- [40星][11d] [Dockerfile] ironpeakservices/iron-alpine Hardened alpine linux baseimage for Docker.
- [39星][2m] [C] stephenrkell/trap-syscalls Monitor, rewrite and/or otherwise trap system calls... on Linux/x86-64 only, for now.
- [38星][3m] [PHP] cesnet/pakiti-server Pakiti provides a monitoring mechanism to check the patching status of Linux systems.
- [35星][8y] [C] sduverger/ld-shatner ld-linux code injector
- [34星][4m] [C] peterbjornx/meloader Linux i386 tool to load and execute ME modules.
- [34星][3y] screetsec/dracos Dracos Linux (
- [33星][2y] [C++] cnrig/cnrig Static CryptoNight CPU miner for Linux + automatic updates
- [33星][3y] [Go] egebalci/the-eye Simple security surveillance script for linux distributions.
- [33星][12m] [C] p3n3troot0r/socketv2v Mainline Linux Kernel integration of IEEE 802.11p, IEEE 1609.{3,4}, and developmental userspace utility for using J2735 over WAVE
- [32星][6m] [C] jcsaezal/pmctrack an OS-oriented performance monitoring tool for Linux (
- [32星][7y] [C] nbareil/net2pcap 类似于tcpdump的数据包捕获工具,只依赖libc
- [32星][1y] [C] perceptionpoint/suprotect Linux内核模块, 修改任意进程的内存保护属性
- [32星][4y] [C] a0rtega/bdldr bdldr is an unofficial engine loader for Bitdefender ® for Linux
- [30星][2y] [PHP] opt-oss/ng-netms NG-NetMS is a new end-to-end network management platform for your Linux servers, Cisco, Juniper, HP and Extreme routers, switches and firewalls.
- [27星][1m] [Shell] adnanhodzic/anon-hotspot On demand Debian Linux (Tor) Hotspot setup tool
- [27星][2y] [Py] morphuslabs/distinct Find potential Indicators of Compromise among similar Linux servers
- [27星][2m] [C] oracle/libdtrace-ctf libdtrace-ctf is the Compact Type Format library used by DTrace on Linux
- [27星][1y] [Py] thesecondsun/pasm Linux assembler/disassembler based on Rasm2
- [27星][5y] [Py] bendemott/captiveportal A captive portal that can be used on most linux distributions.
- [26星][12m] [C] plutonium-dbg/plutonium-dbg Kernel-based debugger for Linux applications
- [26星][2m] [C] oracle/dtrace-utils DTrace-utils contains the Userspace portion of the DTrace port to Linux
- [25星][8y] aheadley/logitech-solar-k750-linux Userspace "driver" for the Logitech k750 Solar Keyboard. A fork of the repo from
- [24星][1y] [Py] m4rktn/jogan Pentest Tools & Packages Installer [Linux/Termux]
- [23星][5y] [C++] behzad-a/dytan Dytan Taint Analysis Framework on Linux 64-bit
- [23星][3y] [Py] remnux/distro This repository contains supplementary files for building and using the REMnux Linux distribution. See
- [23星][5y] [Assembly] zerosum0x0/slae64 x64 Linux Shellcode
- [22星][3y] [Shell] johntroony/luks-ops A bash script to automate the most basic usage of LUKS volumes in Linux VPS
- [22星][5y] munmap/linux-kernel-bugs-db
- [21星][1y] [Py] syno3/babymux pentesting tool for noob hackers.Runs on linux and termux
- [20星][3y] [C] leixiangwu/cse509-rootkit After attackers manage to gain access to a remote (or local) machine and elevate their privileges to "root", they typically want to maintain their access, while hiding their presence from the normal users and administrators of the system. This basic rootkit works on the Linux operating system and is a loadable kernel module which when loaded int…
内容为系统自动导出, 有任何问题请提issue