Skip to content

defcon201/awesome-list-hacking-resources

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 

Repository files navigation

My Awesome List

My personal awesome list of interesting repos, libraries and tools.

See also the following lists dedicated to specifics sub-topics:

  • Cybersecurity: links to blog posts, writeups and papers dedicated to cybersecurity
  • Exploitation: resources dedicatd to the world of binary exploitation
  • Linux Kernel: collection of resources dedicated to Linux kernel (internals)

Content

Awesome Lists

  • Analysis Tools (dynamic): curated list of dynamic analysis tools for all programming languages.
  • Analysis Tools (static): curated list of static analysis (SAST) tools.
  • Bash: curated list of delightful Bash scripts and resources
  • Bash OneLiners: collection of handy Bash One-Liners.
  • Bash Handbook: for those who wanna learn Bash.
  • BSK: the book of secret knowledge.
  • C: A curated list of C good stuff.
  • ChatGPT prompts: ChatGPT prompt curation to use ChatGPT better.
  • eBPF: curated list of awesome projects related to eBPF.
  • Docker: curated list of Docker resources and projects.
  • ELF: awesome ELF resources by tmp.out.
  • Embedded: curated list of awesome embedded programming.
  • Embedded and IoT: curated list of awesome embedded and IoT security resources.
  • Embedded fuzzing: A list of resources (papers, books, talks, frameworks, tools) for understanding fuzzing for IoT/embedded devices.
  • Embedded Rust: list of resources for Embedded and Low-level development in the Rust programming language.
  • Executable Packing: curated list of awesome resources related to executable packing.
  • Firmware Security: curated list of platform firmware resources
  • FlipperZero: awesome resources for the Flipper Zero device.
  • Fuzzing: curated list of fuzzing resources.
  • Fuzzing paper collection: papers related to fuzzing, binary analysis, and exploit dev.
  • Hacking: collection of awesome lists for hackers, pentesters & security researchers.
  • ICS Security: tools, tips, tricks, and more for exploring ICS Security.
  • IoT Security 101: curated list of IoT Security Resources.
  • IoT: list of great resources about IoT Framework, Library, OS, Platforms.
  • Golang: curated list of awesome Go frameworks, libraries and software.
  • Malware Analysis: malware analysis tools and resources.
  • Modern Unix: collection of modern/faster/saner alternatives to common unix commands.
  • NeoVim: collections of awesome neovim plugins.
  • Network stuff: resources about network security.
  • Prompt Engineering: hand-curated resources for Prompt Engineering.
  • Prompt Engineering Guides: guides, papers, lecture, notebooks and resources for prompt engineering.
  • Pure Bash: collection of pure bash alternatives to external processes.
  • Raspberry Pi: Raspberry Pi tools, projects, images and resources.
  • RAT: RAT And C&C Resources.
  • Reverse Engineering: reversing resources.
  • Rust: curated list of Rust code and resources.
  • rust security: list of awesome projects and resources related to Rust and computer security.
  • Search engines: list of search engines useful during Penetration testing, Vulnerability assessments, Red Team operations, Bug Bounty and more.
  • Secure a Linux server: evolving how-to guide for securing a Linux server.
  • Shell: command-line frameworks, toolkits, guides and gizmos.
  • System Design: learn how to design systems at scale.
  • Tech Interview: curated coding interview preparation materials.
  • The Art of Command Line: Master the command line.
  • Tunneling: ngrok alternatives and other ngrok-like tunneling software and services.
  • Vim: all things vim.
  • WAF: everything about web-application firewalls (WAF).

Blogs and Tutorials

Compilers and Toolchains

  • clang: C language family frontend for LLVM.
  • Cross-compilation toolchains (Bootlin): large number of ready-to-use cross-compilation toolchains, targetting the Linux operating system on a large number of architectures.
  • Dockcross: cross compiling toolchains in Docker images.
  • gcc: GNU Compiler Collection.

Databases

Debuggers

  • drgn: Programmable debugger
  • GDB: GNU Project Debugger.
    • gdb-dashboard: modular visual interface for GDB in Python.
    • gdb-frontend: easy, flexible and extensible gui debugger.
    • gdbgui: browser-based frontend to gdb.
    • GEF: plugin with set of commands to assis exploit developers and reverse-engineers.
    • pwndbg: Exploit Development and Reverse Engineering with GDB Made Easy.
  • lldb: next generation, high-performance debugger.
  • llef: plugin for LLDB to make it more useful for RE and VR.
  • rr: Record and Replay Framework.
    • rd: reimplementation in rust.
  • Scout: instruction based research debugger.
  • voltron: hacky debugger UI for hackers.

eBPF

  • BumbleBee: simplifies building eBPF tools and allows you to package, distribute, and run them anywhere.
  • Cilium ebpf: Pure-Go library to read, modify and load eBPF programs.
  • epbf.io: official website.
  • pulsar: runtime security framework for the IoT, powered by eBPF.
  • tetragon: eBPF-based Security Observability and Runtime Enforcement.

Embedded and IoT

  • Binwalk: firmware Analysis Tool.
  • Buildroot: simple, efficient and easy-to-use tool to generate embedded Linux systems through cross-compilation.
  • EMBA: firmware security analyzer.
    • Embark: firmware security scanning environment.
  • FACT: Firmware Analysis and Comparison Tool.
  • Firmwalker: Script for searching the extracted firmware file system for goodies.
  • Firmware mod kit: collection of scripts and utilities to extract and rebuild linux based firmware images.
  • Flashrom: utility for detecting, reading, writing, verifying and erasing flash chips.
  • Frankenstein: Broadcom and Cypress firmware emulation for fuzzing and further full-stack debugging.
  • FuzzWare: automated, self-configuring fuzzing of firmware images.
  • HardwareAllTheThings: list of useful payloads and bypasses for Hardware and IOT Security.
  • KataOS: embedded OS written most enrtirely in rust.
  • InternalBlue: bluetooth experimentation framework for Broadcom and Cypress chips.
  • LLP University: Low Level Programming University.
  • Low level: misc documentation about low level development.
  • NexMon: C-based Firmware Patching Framework for Broadcom/Cypress WiFi Chips.
  • nvram-faker: simple library to intercept calls to libnvram when running embedded linux applications in emulated environments.
  • OFRAK: unpack, modify, and repack binaries.
  • OpenOCD: Open On-Chip Debugger.
  • OpenWRT: Linux operating system targeting embedded devices.
  • OS Kernel Lab: OS kernel labs based on Rust/C Lang & RISC-V 64/X86-32.
  • OWASP-FSTM: OWASP Firmware Security Testing Methodology.
  • unblob: curate, fast, and easy-to-use extraction suite.

Emulators and Dynamic Analysis

  • Avatar2: target orchestration framework with focus on dynamic analysis of embedded devices' firmware!
  • EMUX: Firmware Emulation Framework.
  • Firmadyne: platform for emulation and dynamic analysis of Linux-based firmware.
  • QEMU: open source machine emulator and virtualizer.
    • quickemu: create and run optimised Windows, macOS and Linux desktop.
  • Panda: platform for Architecture-Neutral Dynamic Analysis.
  • Qiling: Qiling Advanced Binary Emulation Framework.
  • Renode: virtual development framework for complex embedded systems.
  • Triton: dynamic binary analysis library.
  • Unicorn: CPU emulator framework.

Exploit Development

  • Exploit mitigations: knowledge base of exploit mitigations available across numerous operating systems.
  • how2heap: repository for learning various heap exploitation techniques.
  • kernel-exploit-factory: Linux kernel CVE exploit analysis report and relative debug environment.
  • libc-database: database of libc offsets to simplify exploitation.
  • Linux Kernel Exploit: links related to Linux kernel exploitation.
  • Linux Kernel Exploitation: collection of links related to Linux kernel security and exploitation.
  • one_gadget: tool for finding one gadget RCE in libc.so.6.
  • pwndocker: docker environment for pwn in ctf.
  • pwninit: automate starting binary exploit challenges.
  • pwntools: framework and exploit development library.
  • ROPGadget: search your gadgets on your binaries to facilitate your ROP exploitation.
  • ropr: fast multithreaded ROP Gadget finder.
  • Ropper: find gadgets to build rop chains for different architectures.
  • ZDI PoCs: the Zero Day Initiative Proofs-of-concept.

Fuzzing and Vulnerability Research

  • AFLplusplus: improved version of AFL.
  • afl-training: Exercises to learn how to fuzz with American Fuzzy Lop.
  • Arbitrary: Generating structured data from arbitrary, unstructured input.
  • BinAbsInspector: Vulnerability Scanner for Binaries.
  • boofuzz: fork and successor of the Sulley Fuzzing Framework.
  • cargo-fuzz: Command line helpers for fuzzing.
  • CodeQL: semantic code analysis engine.
  • cwe_ckecker: finds vulnerable patterns in binary executables.
  • difuze: fuzzer for Linux Kernel Drivers.
  • ferofuzz: structure-aware HTTP fuzzing library.
  • fuzz-introspector: introspect, extend and optimise fuzzers.
  • fuzzable: Framework for Automating Fuzzable Target Discovery with Static Analysis.
  • fuzzing: Tutorials, examples, discussions, research proposals, and other resources related to fuzzing.
  • fuzzTest: testing framework for writing and executing fuzz tests (replaces libfuzzer).
  • fuzzing101: step by step fuzzing tutorial.
  • Fuzzing Book: tools and techniques for generating software tests.
  • FuzzingPaper: Recent Fuzzing Papers
  • halfempty: fast, parallel test case minimization tool.
  • Healer: kernel fuzzer inspired by Syzkaller.
  • Honggfuzz: evolutionary, feedback-driven fuzzing based on code coverage.
  • iCicle: grey-box firmware fuzzing
  • krf: kernelspace syscall interceptor and randomized faulter.
  • lain: fuzzer framework built in Rust.
  • LibAFL: fuzzing library.
  • libfuzzer: in-process, coverage-guided, evolutionary fuzzing engine
  • libfuzzer (rust): Rust bindings and utilities for LLVM’s libFuzzer.
  • Nautilus: A grammar based feedback Fuzzer.
  • netzob: Protocol Reverse Engineering, Modeling and Fuzzing.
  • MATE: suite of tools for interactive program analysis with a focus on hunting for bugs in C and C++.
  • onefuzz: self-hosted Fuzzing-As-A-Service platform.
  • oss-fuzz: continuous fuzzing for open source software.
  • papers collection: Academic papers related to fuzzing.
  • propfuzz: Rust toolkit to combine property-based testing and fuzzing.
  • Radamsa: general purpose fuzzer.
  • Rusty-Radamsa: Radamsa fuzzer ported to rust lang.
  • Safirefuzz: same-Architecture Firmware Rehosting and Fuzzing.
  • SemGrep: lightweight static analysis for many languages.
  • silifuzz: finds CPU defects by fuzzing software proxies.
  • Syzkaller: unsupervised coverage-guided kernel fuzzer.
    • Syzbot: continuously fuzzes main Linux kernel branches and automatically reports found bugs
    • SyzScope: automatically uncover high-risk impacts given a bug with only low-risk impacts.
  • weggli: fast and robust semantic search tool for C and C++ codebases.

Misc

  • Arti: implementation of Tor, in Rust.
  • Caddy: fast, multi-platform web server with automatic HTTPS.
  • CoreUtils: Cross-platform Rust rewrite of the GNU coreutils.
  • difftastic: structural diff that understands syntax.
  • esphome.io: control your ESP8266/ESP32.
  • f4pga: fully open source toolchain for the development of FPGAs of multiple vendors.
  • fccid: information resource for all wireless device applications filed with the FCC.
  • FlipperZero: portable multi-tool for pentesters and geeks in a toy-like body.
  • Googl Home: smart home ecosystem.
  • klgrth: pastebin alternative.
  • jless: command-line JSON viewer designed for reading, exploring, and searching through JSON data.
  • makefiletutorial: makefile tutorial
  • OpenSK: open-source implementation for security keys written in Rust.
  • Pastebin: store any text online for easy sharing.
  • patents: patents db from Google.
  • Polypyus: locate functions in raw binaries by extracting known functions from similar binaries.
  • pspy: monitor linux processes without root permissions.
  • sniffglue: Secure multithreaded packet sniffer (in rust).
  • sniffle: sniffer for Bluetooth 5 and 4.x LE.
  • temp.sh: alternative to transfer.sh.
  • transfer.sh: easy file sharing from the command line.
  • uhr: Universal Radio Hacker.
  • wabt: WebAssembly Binary Toolkit.
  • ZeroBin: open source online pastebin where the server has zero knowledge of pasted data.

Networking

  • Illustrated Connections:
  • Misc:
    • innernet: private network system that uses WireGuard under the hood.
    • nebula: scalable overlay networking tool.
    • netbird: connect your devices into a single secure private WireGuard®-based mesh network.
    • netmaker: makes networks with WireGuard.
    • tailscale: zero config VPN.
    • scapy: Python-based interactive packet manipulation program & library.
    • zeek: network analysis framework.
    • zerotier: secure networks between devices.
  • Network Scanners:
    • masscan: TCP port scanner, spews SYN packets asynchronously.
    • nmap: utility for network scanning and discovery and security auditing
    • RustScan: quick port scanner implemented in rust.
    • skanuvaty: fast DNS/network/port scanner.
    • ZGrab2: fast, modular application-layer network scanner.
    • ZMap: fast single packet network scanner.

Programming Languages

  • Assembly:
  • C: C reference
    • libc implementations:
      • glibc: GNU C library.
      • musl: C standard library.
      • uclibc: C library for developing embedded Linux systems.
      • uclibc-ng: small C library for developing embedded Linux systems.
    • Libraries:
      • libaco: blazing fast and lightweight C asymmetric coroutine library.
      • libdill: structured concurrency in C.
      • linux-syscall-support: low level C API for making direct Linux syscalls.
      • sc: common libraries and data structures for C.
  • Go: open source programming language supported by Google.
  • Python: official website
    • Docs: official documentation
    • mamba: fast, robust, and cross-platform package manager.
    • poetry: packaging and dependency management.
  • Rust: secure system programming language.
    • aquascope: Interactive visualizations of Rust at compile-time and run-time
    • API guidelines: set of recommendations on how to design and present APIs for the Rust programming.
    • AreWeRustYet: Awesome list of "Are We thing Yet" for Rust
    • Black Hat Rust: applied offensive security with Rust.
    • Book: introductory book about Rust.
    • Book (Brown univ): Rust book experiment.
    • Cargo Book: official cargo book.
    • Cheats: Rust language cheat sheet.
    • Clippy: lints to catch common mistakes and improve your Rust code.
    • crates.io: rust community's crate registry.
    • cryptography.rs: list of actively maintained, high-quality cryptography libraries.
    • Design patterns: catalogue of Rust design patterns, anti-patterns and idioms.
    • docker-rust: Docker official image for rust.
    • Easy Rust: rust explained using easy English.
    • Editions: editions guide.
    • Embedded Rust Book: introductory book about using the Rust Programming Language on "Bare Metal" embedded systems.
    • esp-rs: Rust on ESP.
    • How to learn modern Rust: guide to rust adventurer.
    • Macros: the little book of rust macros.
    • min-sized-rust: how to minimize Rust binary size.
    • Offensive Rust: Rust Weaponization for Red Team Engagements.
    • Official Repository: official Rust repository.
    • Performance: Rust Performance Book.
    • Practice: easily diving into and get skilled with Rust.
    • Raspberrypi OS Tutorials: learn to write an embedded OS in Rust.
    • Redox OS: Unix-like Operating System written in Rust.
    • RFCs: RFCs for changes to Rust.
    • Rust by Example: collection of runnable examples.
    • Rust Embedded: Rust on Embedded Devices Working Group.
    • rust-musl-cross: Docker images for compiling static Rust binaries using musl-cross.
    • Rust cookbook: collection of simple examples in Rust
    • Rust for professionals: short introduction to Rust
    • Rust to Assembly: Understanding the Inner Workings of Rust.
    • RustBooks: List of Rust books
    • Rustonomicon: awful details that you need to understand when writing Unsafe Rust programs.
    • rust-learning: links to blog posts, articles, videos, etc for learning Rust.
    • Rust Reference: primary reference for the Rust programming language.
    • rustup: installer for the systems programming language Rust.
    • std: standard library documentation.
    • Usafe Code Guidelines: "guide" for writing unsafe code
    • Windows RS: Rust for Windows.
    • This Week In Rust: handpicked Rust updates, delivered to your inbox.
    • Libraries:
      • Async Runtimes:
        • async-std: async version of the Rust standard library.
        • smol: small and fast async runtime for Rust.
        • Tokio: runtime for writing reliable asynchronous applications with Rust.
      • avml: Acquire Volatile Memory for Linux.
      • Aya: eBPF library for the Rust programming language.
      • cbindgen: project for generating C bindings from Rust code.
      • cross: “Zero setup” cross compilation and “cross testing” of Rust crates.
      • embassy: framework for embedded applications.
      • Goblin: cross-platform binary parsing crate, written in Rust.
      • libp2p: Rust Implementation of the libp2p networking stack.
      • nix: rust friendly bindings to *nix APIs.
      • py03: Rust bindings for the Python interpreter.
      • redbpf: Rust library for building and running BPF/eBPF modules.
      • redhook: dynamic function call interposition / hooking (LD_PRELOAD) for Rust.
      • Rustix: Safe Rust bindings to POSIX/Unix/Linux/Winsock2 syscalls.
      • rust-bindgen: Automatically generates Rust FFI bindings to C (and some C++) libraries.
      • teloxide: Telegram bots framework for Rust.
      • tui: terminal user interfaces and dashboards using Rust.
  • Shell:

Reverse Engineering

  • Angr: user-friendly binary analysis platform.
  • BAP: binary analysis platform.
  • bincat: Binary code static analyser.
  • BinDiff: compare executables by identifying identical and similar functions.
  • BinExport: export disassemblies into Protocol Buffers.
  • CAPA: tool to identify capabilities in executable files.
    • lancelot-flirt: library for parsing, compiling, and matching Fast Library Identification and Recognition Technology (FLIRT) signatures.
  • Capstone Engine: disassembly/disassembler framework.
  • cpu_rec: recognize cpu instructions in an arbitrary binary file.
  • CyberChef: web app for encryption, encoding, compression and data analysis.
  • decomp2dbg: plugin to introduce interactive symbols into your debugger from your decompiler.
  • Diffing (quarkslab): resources on binary diffing which is handy for reverse-engineering.
  • Diffware: configurable tool providing a summary of the changes between two files or directories
  • DogBolt: decompiler explorer.
  • ELFKickers: collection of programs that access and manipulate ELF files.
  • flare-emu: easy to use and flexible interface for scripting emulation tasks.
  • FLOSS: FLARE Obfuscated String Solver.
  • fq: jq for binary formats.
  • Ghidra: software reverse engineering (SRE) framework.
    • Sekiryu: comprehensive toolkit for Ghidra headless.
  • Ghidralligator: multi-architecture pcode emulator based on the Ghidra libsla.
  • ghidriff: Python Command-Line Ghidra Binary Diffing Engine.
  • Kaitai Struct: declarative language to generate binary data parsers.
  • Keystone Engine: assembler framework.
  • Linux syscalls: Linux kernel syscall tables
  • McSema: Framework for lifting program binaries to LLVM bitcode.
  • Metasm: a free assembler / disassembler / compiler.
  • Miasm: reverse engineering framework in Python.
  • Radare2: UNIX-like reverse engineering framework and command-line toolset.
  • REMnux: Linux toolkit for reverse-engineering.
  • RetDec: retargetable machine-code decompiler based on LLVM.
  • Yara: pattern matching swiss knife for malware researchers.

RTOS

  • FreeRTOS: open source, real-time operating system for microcontrollers.
  • MangooseOS: IoT operating system and networking library.
  • MyNewt: OS to build, deploy and securely manage billions of device
  • NuttX: mature, real-time embedded operating system (RTOS)
  • RIOT: Operating System for the Internet of Things
  • ThreadX: advanced real-time operating system (RTOS) designed specifically for deeply embedded applications.
  • Tock: secure embedded operating system for microcontrollers.
  • Zephyr: mall, scalable, real-time operating system (RTOS).
    • Docs: zephyt project documentation.

Sandboxing

  • Code Sandboxing: code execution isolation and containment with sandbox solutions.
  • gvisor: application Kernel for Containers.
  • Firecracker: secure and fast microVMs for serverless computing.
  • KAta containers: standard implementation of lightweight Virtual Machines (VMs) that feel and perform like containers, but provide the workload isolation and security advantages of VMs.
  • nano: kernel designed to run one and only one application in a virtualized environment.
  • ops: build and run nanos unikernels.
  • RustyHermit: rust-based, lightweight unikernel.
  • sandboxed-api: generates sandboxes for C/C++ libraries automatically.
  • Unikraft: automated system for building specialized OSes known as unikernels.

Tools

  • curl: command line tool and library for transferring data with URL syntax.
  • patchelf: small utility to modify the dynamic linker and RPATH of ELF executables.
  • tcpdump: command-line packet analyzer.
  • wireshark: network protocol analyzer.
    • tshark: CLI tool for analyzing network traffic.
    • tshark.dev: guide to working with packet captures on the command-line.

Tracing, Hooking and Instrumentation

  • bcc: rools for BPF-based Linux IO analysis, networking, monitoring, and more.
  • bpftrace: high-level tracing language for Linux eBPF.
  • cannoli: high-performance QEMU memory and instruction tracing.
  • DynamoRIO: runtime code manipulation system.
  • Falco: cloud native runtime security tool.
  • Frida: instrumentation toolkit for developers, reverse-engineers, and security researchers.
  • LIEF: library to Instrument Executable Formats.
  • ltrace: intercepts and records both the dynamic library calls and signals.
  • QDBI: a Dynamic Binary Instrumentation framework based on LLVM.
  • Reverie: ergonomic and safe syscall interception framework for Linux (Rust).
  • S2E: platform for multi-path program analysis with selective symbolic execution.
  • strace: diagnostic, debugging and instructional userspace utility for Linux.
  • Tracee: Linux Runtime Security and Forensics using eBPF.

Trusted Execution Environment

  • OP-TEE: Open Portable Trusted Execution Environment.
    • TrustedFirmware: reference implementation of secure software for Armv8-A, Armv9-A and Armv8-M.
    • Docs: official OP-TEE documentation.
  • TEE-reversing: A curated list of public TEE resources for learning how to reverse-engineer and achieve trusted code execution on ARM devices.

Other Lists

About

Cybersecurity oriented awesome list

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published