Skip to content

Latest commit

 

History

History
1248 lines (1201 loc) · 58.6 KB

README.md

File metadata and controls

1248 lines (1201 loc) · 58.6 KB

My Awesome List

My personal awesome list of interesting repos, libraries and tools.

See also the following lists dedicated to specifics sub-topics:

  • Cybersecurity: links to blog posts, writeups and papers dedicated to cybersecurity
  • Exploitation: resources dedicated to the world of binary exploitation
  • Linux Kernel: collection of resources dedicated to Linux kernel (internals)
  • Wireless: resources dedicated to wireless technologies and security

Content

Awesome Lists

  • Analysis Tools (dynamic): curated list of dynamic analysis tools for all programming languages.
  • Analysis Tools (static): curated list of static analysis (SAST) tools.
  • Bash: curated list of delightful Bash scripts and resources
  • Bash OneLiners: collection of handy Bash One-Liners.
  • Bash Handbook: for those who wanna learn Bash.
  • BSK: the book of secret knowledge.
  • C: A curated list of C good stuff.
  • C Preprocessor: C preprocessor stuff
  • ChatGPT prompts: ChatGPT prompt curation to use ChatGPT better.
  • eBPF: curated list of awesome projects related to eBPF.
  • Docker: curated list of Docker resources and projects.
  • ELF: awesome ELF resources by tmp.out.
  • Embedded: curated list of awesome embedded programming.
  • Embedded and IoT: curated list of awesome embedded and IoT security resources.
  • Embedded fuzzing: A list of resources (papers, books, talks, frameworks, tools) for understanding fuzzing for IoT/embedded devices.
  • Embedded Rust: list of resources for Embedded and Low-level development in the Rust programming language.
  • Executable Packing: curated list of awesome resources related to executable packing.
  • Firmware Security: curated list of platform firmware resources
  • FlipperZero: awesome resources for the Flipper Zero device.
  • Fuzzing: curated list of fuzzing resources.
  • Fuzzing paper collection: papers related to fuzzing, binary analysis, and exploit dev.
  • Golang: curated list of awesome Go frameworks, libraries and software.
  • Hacking: collection of awesome lists for hackers, pentesters & security researchers.
  • ICS Security: tools, tips, tricks, and more for exploring ICS Security.
  • IoT Security 101: curated list of IoT Security Resources.
  • IoT: list of great resources about IoT Framework, Library, OS, Platforms.
  • Linux-Bash-Commands: list of Linux bash commands, cheatsheets and resources.
  • Malware Analysis: malware analysis tools and resources.
  • Modern Unix: collection of modern/faster/saner alternatives to common unix commands.
  • NeoVim: collections of awesome neovim plugins.
  • Network stuff: resources about network security.
  • Prompt Engineering: hand-curated resources for Prompt Engineering.
  • Prompt Engineering Guides: guides, papers, lecture, notebooks and resources for prompt engineering.
  • Pure Bash: collection of pure bash alternatives to external processes.
  • Raspberry Pi: Raspberry Pi tools, projects, images and resources.
  • RAT: RAT And C&C Resources.
  • Reverse Engineering: reversing resources.
  • Reverse Engineering (alphaSeclab): Reverse Engineering Resources About All Platforms.
  • Reverse Engineering (onethawt): Reverse Engineering articles, books, and papers
  • Reverse Engineering (wtsxDev): reverse engineering resources
  • Rust: curated list of Rust code and resources.
  • rust security: list of awesome projects and resources related to Rust and computer security.
  • Search engines: list of search engines useful during Penetration testing, Vulnerability assessments, Red Team operations, Bug Bounty and more.
  • Secure a Linux server: evolving how-to guide for securing a Linux server.
  • Shell: command-line frameworks, toolkits, guides and gizmos.
  • System Design: learn how to design systems at scale.
  • Tech Interview: curated coding interview preparation materials.
  • The Art of Command Line: Master the command line.
  • tmux: awesome resources for tmux
  • Tunneling: ngrok alternatives and other ngrok-like tunneling software and services.
  • Vim: all things vim.
  • WAF: everything about web-application firewalls (WAF).
  • You-Dont-Need-GUI: list some common tasks that you might be tempted to do in GUI.

Blogs and Tutorials

Compilers and Toolchains

  • clang: C language family frontend for LLVM.
  • Cross-compilation toolchains (Bootlin): large number of ready-to-use cross-compilation toolchains, targetting the Linux operating system on a large number of architectures.
  • Dockcross: cross compiling toolchains in Docker images.
  • gcc: GNU Compiler Collection.

Databases

Debuggers

  • drgn: Programmable debugger
  • GDB: GNU Project Debugger.
    • gdb-dashboard: modular visual interface for GDB in Python.
    • gdb-frontend: easy, flexible and extensible gui debugger.
    • gdbgui: browser-based frontend to gdb.
    • GEF: plugin with set of commands to assis exploit developers and reverse-engineers.
    • pwndbg: Exploit Development and Reverse Engineering with GDB Made Easy.
  • lldb: next generation, high-performance debugger.
  • llef: plugin for LLDB to make it more useful for RE and VR.
  • rr: Record and Replay Framework.
    • rd: reimplementation in rust.
  • Scout: instruction based research debugger.
  • voltron: hacky debugger UI for hackers.

eBPF

  • BumbleBee: simplifies building eBPF tools and allows you to package, distribute, and run them anywhere.
  • Cilium ebpf: Pure-Go library to read, modify and load eBPF programs.
  • epbf.io: official website.
  • pulsar: runtime security framework for the IoT, powered by eBPF.
  • tetragon: eBPF-based Security Observability and Runtime Enforcement.

Embedded and IoT

  • Binwalk: firmware Analysis Tool.
  • Buildroot: simple, efficient and easy-to-use tool to generate embedded Linux systems through cross-compilation.
  • EMBA: firmware security analyzer.
    • Embark: firmware security scanning environment.
  • FACT: Firmware Analysis and Comparison Tool.
  • Firmwalker: Script for searching the extracted firmware file system for goodies.
  • Firmware mod kit: collection of scripts and utilities to extract and rebuild linux based firmware images.
  • Flashrom: utility for detecting, reading, writing, verifying and erasing flash chips.
  • Frankenstein: Broadcom and Cypress firmware emulation for fuzzing and further full-stack debugging.
  • FuzzWare: automated, self-configuring fuzzing of firmware images.
  • HardwareAllTheThings: list of useful payloads and bypasses for Hardware and IOT Security.
  • KataOS: embedded OS written most enrtirely in rust.
  • InternalBlue: bluetooth experimentation framework for Broadcom and Cypress chips.
  • LLP University: Low Level Programming University.
  • Low level: misc documentation about low level development.
  • NexMon: C-based Firmware Patching Framework for Broadcom/Cypress WiFi Chips.
  • nvram-faker: simple library to intercept calls to libnvram when running embedded linux applications in emulated environments.
  • OFRAK: unpack, modify, and repack binaries.
  • OpenOCD: Open On-Chip Debugger.
  • OpenWRT: Linux operating system targeting embedded devices.
  • OS Kernel Lab: OS kernel labs based on Rust/C Lang & RISC-V 64/X86-32.
  • OWASP-FSTM: OWASP Firmware Security Testing Methodology.
  • unblob: curate, fast, and easy-to-use extraction suite.

Emulators and Dynamic Analysis

  • Avatar2: target orchestration framework with focus on dynamic analysis of embedded devices' firmware!
  • EMUX: Firmware Emulation Framework.
  • Firmadyne: platform for emulation and dynamic analysis of Linux-based firmware.
  • QEMU: open source machine emulator and virtualizer.
    • quickemu: create and run optimised Windows, macOS and Linux desktop.
  • Panda: platform for Architecture-Neutral Dynamic Analysis.
  • Qiling: Qiling Advanced Binary Emulation Framework.
  • Renode: virtual development framework for complex embedded systems.
  • Triton: dynamic binary analysis library.
  • Unicorn: CPU emulator framework.

Exploit Development

  • Exploit mitigations: knowledge base of exploit mitigations available across numerous operating systems.
  • how2heap: repository for learning various heap exploitation techniques.
  • kernel-exploit-factory: Linux kernel CVE exploit analysis report and relative debug environment.
  • libc-database: database of libc offsets to simplify exploitation.
  • Linux Kernel Exploit: links related to Linux kernel exploitation.
  • Linux Kernel Exploitation: collection of links related to Linux kernel security and exploitation.
  • one_gadget: tool for finding one gadget RCE in libc.so.6.
  • pwndocker: docker environment for pwn in ctf.
  • pwninit: automate starting binary exploit challenges.
  • pwntools: framework and exploit development library.
  • ronin-exploits: A Ruby micro-framework for writing and running exploits and payloads.
  • ROPGadget: search your gadgets on your binaries to facilitate your ROP exploitation.
  • ropr: fast multithreaded ROP Gadget finder.
  • Ropper: find gadgets to build rop chains for different architectures.
  • ZDI PoCs: the Zero Day Initiative Proofs-of-concept.

Fuzzing and Vulnerability Research

  • AFLplusplus: improved version of AFL.
  • afl-training: Exercises to learn how to fuzz with American Fuzzy Lop.
  • appsec (Testing Handbook): configuring, optimizing, and automating many of the static and dynamic analysis tools.
  • Arbitrary: Generating structured data from arbitrary, unstructured input.
  • BinAbsInspector: Vulnerability Scanner for Binaries.
  • boofuzz: fork and successor of the Sulley Fuzzing Framework.
  • cargo-fuzz: Command line helpers for fuzzing.
  • CodeQL: semantic code analysis engine.
  • cwe_ckecker: finds vulnerable patterns in binary executables.
  • difuze: fuzzer for Linux Kernel Drivers.
  • ferofuzz: structure-aware HTTP fuzzing library.
  • fuzz-introspector: introspect, extend and optimise fuzzers.
  • fuzzable: Framework for Automating Fuzzable Target Discovery with Static Analysis.
  • fuzzing: Tutorials, examples, discussions, research proposals, and other resources related to fuzzing.
  • fuzzTest: testing framework for writing and executing fuzz tests (replaces libfuzzer).
  • fuzzing101: step by step fuzzing tutorial.
  • Fuzzing Book: tools and techniques for generating software tests.
  • FuzzingPaper: Recent Fuzzing Papers
  • halfempty: fast, parallel test case minimization tool.
  • Healer: kernel fuzzer inspired by Syzkaller.
  • Honggfuzz: evolutionary, feedback-driven fuzzing based on code coverage.
  • iCicle: grey-box firmware fuzzing
  • joern: Open-source code analysis platform.
  • krf: kernelspace syscall interceptor and randomized faulter.
  • lain: fuzzer framework built in Rust.
  • LibAFL: fuzzing library.
  • libfuzzer: in-process, coverage-guided, evolutionary fuzzing engine
  • libfuzzer (rust): Rust bindings and utilities for LLVM’s libFuzzer.
  • Nautilus: A grammar based feedback Fuzzer.
  • netzob: Protocol Reverse Engineering, Modeling and Fuzzing.
  • MATE: suite of tools for interactive program analysis with a focus on hunting for bugs in C and C++.
  • onefuzz: self-hosted Fuzzing-As-A-Service platform.
  • oss-fuzz: continuous fuzzing for open source software.
  • papers collection: Academic papers related to fuzzing.
  • propfuzz: Rust toolkit to combine property-based testing and fuzzing.
  • Radamsa: general purpose fuzzer.
  • Rusty-Radamsa: Radamsa fuzzer ported to rust lang.
  • Safirefuzz: same-Architecture Firmware Rehosting and Fuzzing.
  • SemGrep: lightweight static analysis for many languages.
  • silifuzz: finds CPU defects by fuzzing software proxies.
  • Syzkaller: unsupervised coverage-guided kernel fuzzer.
    • Syzbot: continuously fuzzes main Linux kernel branches and automatically reports found bugs
    • SyzScope: automatically uncover high-risk impacts given a bug with only low-risk impacts.
  • weggli: fast and robust semantic search tool for C and C++ codebases.

Misc

  • Arti: implementation of Tor, in Rust.
  • bat: A cat(1) clone with wings.
  • broot: A new way to see and navigate directory trees
  • Caddy: fast, multi-platform web server with automatic HTTPS.
  • CoreUtils: Cross-platform Rust rewrite of the GNU coreutils.
  • delta: syntax-highlighting pager for git, diff, and grep output.
  • difftastic: structural diff that understands syntax.
  • e9patch: static binary rewriting tool.
  • esphome.io: control your ESP8266/ESP32.
  • f4pga: fully open source toolchain for the development of FPGAs of multiple vendors.
  • fccid: information resource for all wireless device applications filed with the FCC.
  • fd: A simple, fast and user-friendly alternative to 'find'
  • FlipperZero: portable multi-tool for pentesters and geeks in a toy-like body.
  • fx: Terminal JSON viewer & processor
  • fzf: command-line fuzzy finder.
  • Googl Home: smart home ecosystem.
  • httpie (cli): modern, user-friendly command-line HTTP client for the API era.
  • jless: command-line JSON viewer designed for reading, exploring, and searching through JSON data.
  • klgrth: pastebin alternative.
  • jnv: interactive JSON filter using jq
  • jq: Command-line JSON processor
  • lazygit: simple terminal UI for git commands.
  • lsd: next gen ls command.
  • makefiletutorial: makefile tutorial
  • miller: like awk, sed, cut, join, and sort for name-indexed data such as CSV, TSV, and tabular JSON.
  • miniserve: serve some files over HTTP right now.
  • OpenSK: open-source implementation for security keys written in Rust.
  • partialzip: download single files from inside online zip archives.
  • Pastebin: store any text online for easy sharing.
  • patents: patents db from Google.
  • Polypyus: locate functions in raw binaries by extracting known functions from similar binaries.
  • procs: modern replacement for ps written in Rust.
  • pspy: monitor linux processes without root permissions.
  • ranger: VIM-inspired filemanager for the console
  • ripgrep: line-oriented search tool.
  • sd: Intuitive find & replace CLI.
  • sniffglue: Secure multithreaded packet sniffer (in rust).
  • sniffle: sniffer for Bluetooth 5 and 4.x LE.
  • temp.sh: alternative to transfer.sh.
  • transfer.sh: easy file sharing from the command line.
  • uhr: Universal Radio Hacker.
  • wabt: WebAssembly Binary Toolkit.
  • yazi: terminal file manager written in Rus
  • ZeroBin: open source online pastebin where the server has zero knowledge of pasted data.

Networking

  • Illustrated Connections:
  • Misc:
    • innernet: private network system that uses WireGuard under the hood.
    • nebula: scalable overlay networking tool.
    • netbird: connect your devices into a single secure private WireGuard®-based mesh network.
    • netmaker: makes networks with WireGuard.
    • tailscale: zero config VPN.
    • scapy: Python-based interactive packet manipulation program & library.
    • zeek: network analysis framework.
    • zerotier: secure networks between devices.
  • Network Scanners:
    • masscan: TCP port scanner, spews SYN packets asynchronously.
    • nmap: utility for network scanning and discovery and security auditing
    • RustScan: quick port scanner implemented in rust.
    • skanuvaty: fast DNS/network/port scanner.
    • ZGrab2: fast, modular application-layer network scanner.
    • ZMap: fast single packet network scanner.

Programming Languages

Reverse Engineering

  • Angr: user-friendly binary analysis platform.
  • BAP: binary analysis platform.
  • binary-parsing: list of generic tools for parsing binary data.
  • bincat: Binary code static analyser.
  • BinDiff: compare executables by identifying identical and similar functions.
  • BinExport: export disassemblies into Protocol Buffers.
  • CAPA: tool to identify capabilities in executable files.
    • lancelot-flirt: library for parsing, compiling, and matching Fast Library Identification and Recognition Technology (FLIRT) signatures.
  • Capstone Engine: disassembly/disassembler framework.
  • cpu_rec: recognize cpu instructions in an arbitrary binary file.
  • CyberChef: web app for encryption, encoding, compression and data analysis.
  • decomp2dbg: plugin to introduce interactive symbols into your debugger from your decompiler.
  • Diffing (quarkslab): resources on binary diffing which is handy for reverse-engineering.
  • Diffware: configurable tool providing a summary of the changes between two files or directories
  • DogBolt: decompiler explorer.
  • ELFKickers: collection of programs that access and manipulate ELF files.
  • ESP32-reversing: curated list of ESP32 related reversing resources
  • esp32knife: Tools for ESP32 firmware dissection.
  • flare-emu: easy to use and flexible interface for scripting emulation tasks.
  • FLOSS: FLARE Obfuscated String Solver.
  • fq: jq for binary formats.
  • Ghidra: software reverse engineering (SRE) framework.
    • AngryGhidra: use angr in Ghidra.
    • APIs
    • BinDiffHelper: Ghidra Extension to integrate BinDiff for function matching.
    • BTIGhidra: Binary Type Inference Ghidra Plugin.
    • Cartographer: Code Coverage Exploration Plugin for Ghidra.
    • docker-ghidra: Ghidra Client/Server Docker Image.
    • ghidra-findcrypt: Ghidra analysis plugin to locate cryptographic constants.
    • ghidra-firmware-utils: Ghidra utilities for firmware reverse engineering.
    • ghidra_kernelcache: framework for iOS kernelcache reverse engineering.
    • ghidra2dwarf: Export ghidra decompiled code to dwarf sections inside ELF binary.
    • Ghidralligator: multi-architecture pcode emulator based on the Ghidra libsla.
    • Ghidrathon: Python 3 scripting to Ghidra.
    • GhidraEmu: Native Pcode emulator
    • GhidraScripts: Scripts to run within Ghidra, maintained by the Trellix ARC team.
    • GhidraSnippets: Python snippets for Ghidra's Program and Decompiler APIs.
    • ghidrecomp: Python Command-Line Ghidra Decompiler.
    • ghidriff: Python Command-Line Ghidra Binary Diffing Engine.
    • IDAObjcTypes: collection of types & functions definitions useful for Objective-C binaries analysis.
    • pyhidra: Ghidra API within a native CPython interpreter using jpype.
    • pypcode: Python bindings to Ghidra's SLEIGH library for disassembly and lifting to P-Code IR
    • refinery: transformations of binary data
    • Sekiryu: comprehensive toolkit for Ghidra headless.
    • SVD-Loader-Ghidra: SVD loader for Ghidra.
      • cmsis-svd: Aggegration of ARM Cortex-M (and other) CMSIS SVDs and related tools
      • keil (devices): Keil devices SVDs
  • hexyl: command-line hex viewer
  • ImHex: Hex Editor for Reverse Engineers.
  • kaiju: binary analysis framework extension for Ghidra.
  • Kaitai Struct: declarative language to generate binary data parsers.
  • Keystone Engine: assembler framework.
  • Linux syscalls: Linux kernel syscall tables
  • mgika: detect file content types with deep learning.
  • McSema: Framework for lifting program binaries to LLVM bitcode.
  • Metasm: a free assembler / disassembler / compiler.
  • Miasm: reverse engineering framework in Python.
  • Objection: runtime mobile exploration.
  • Radare2: UNIX-like reverse engineering framework and command-line toolset.
  • REMnux: Linux toolkit for reverse-engineering.
  • RetDec: retargetable machine-code decompiler based on LLVM.
  • ret-sync: synchronize a debugging session with disassemblers.
  • Yara: pattern matching swiss knife for malware researchers.
  • z3: high-performance theorem prover being developed at Microsoft

RTOS

  • FreeRTOS: open source, real-time operating system for microcontrollers.
  • MangooseOS: IoT operating system and networking library.
  • MyNewt: OS to build, deploy and securely manage billions of device
  • NuttX: mature, real-time embedded operating system (RTOS)
  • RIOT: Operating System for the Internet of Things
  • ThreadX: advanced real-time operating system (RTOS) designed specifically for deeply embedded applications.
  • Tock: secure embedded operating system for microcontrollers.
  • Zephyr: mall, scalable, real-time operating system (RTOS).
    • Docs: zephyt project documentation.

Sandboxing

  • Code Sandboxing: code execution isolation and containment with sandbox solutions.
  • gvisor: application Kernel for Containers.
  • Firecracker: secure and fast microVMs for serverless computing.
  • KAta containers: standard implementation of lightweight Virtual Machines (VMs) that feel and perform like containers, but provide the workload isolation and security advantages of VMs.
  • nano: kernel designed to run one and only one application in a virtualized environment.
  • ops: build and run nanos unikernels.
  • RustyHermit: rust-based, lightweight unikernel.
  • sandboxed-api: generates sandboxes for C/C++ libraries automatically.
  • Unikraft: automated system for building specialized OSes known as unikernels.

Tools

  • curl: command line tool and library for transferring data with URL syntax.
  • patchelf: small utility to modify the dynamic linker and RPATH of ELF executables.
  • tcpdump: command-line packet analyzer.
  • wireshark: network protocol analyzer.
    • tshark: CLI tool for analyzing network traffic.
    • tshark.dev: guide to working with packet captures on the command-line.

Tracing, Hooking and Instrumentation

  • bcc: rools for BPF-based Linux IO analysis, networking, monitoring, and more.
  • bpftrace: high-level tracing language for Linux eBPF.
  • cannoli: high-performance QEMU memory and instruction tracing.
  • DynamoRIO: runtime code manipulation system.
  • Falco: cloud native runtime security tool.
  • Frida: instrumentation toolkit for developers, reverse-engineers, and security researchers.
    • frida-gum: Cross-platform instrumentation and introspection library written in C.
    • frida-snippets: Hand-crafted Frida examples
    • frida-tools: Frida CLI tools
    • medusa: Binary instrumentation framework based on FRIDA
    • r2frida: plugin for radare2
  • LIEF: library to Instrument Executable Formats.
  • ltrace: intercepts and records both the dynamic library calls and signals.
  • QDBI: a Dynamic Binary Instrumentation framework based on LLVM.
  • Reverie: ergonomic and safe syscall interception framework for Linux (Rust).
  • S2E: platform for multi-path program analysis with selective symbolic execution.
  • strace: diagnostic, debugging and instructional userspace utility for Linux.
  • TinyInst: lightweight dynamic instrumentation library.
  • Tracee: Linux Runtime Security and Forensics using eBPF.

Trusted Execution Environment

  • OP-TEE: Open Portable Trusted Execution Environment.
    • TrustedFirmware: reference implementation of secure software for Armv8-A, Armv9-A and Armv8-M.
    • Docs: official OP-TEE documentation.
  • TEE-reversing: A curated list of public TEE resources for learning how to reverse-engineer and achieve trusted code execution on ARM devices.

Other Lists