Skip to content

Latest commit

 

History

History
929 lines (883 loc) · 42.1 KB

README.md

File metadata and controls

929 lines (883 loc) · 42.1 KB

My Awesome List

My personal awesome list of interesting repos, libraries and tools.

In-Depth Topics

Content

Awesome Lists

  • Analysis Tools (dynamic): curated list of dynamic analysis tools for all programming languages.
  • Analysis Tools (static): curated list of static analysis (SAST) tools.
  • BSK: the book of secret knowledge.
  • C: A curated list of C good stuff.
  • eBPF: curated list of awesome projects related to eBPF.
  • Docker: curated list of Docker resources and projects.
  • ELF: awesome ELF resources by tmp.out.
  • Embedded: curated list of awesome embedded programming.
  • Embedded and IoT: curated list of awesome embedded and IoT security resources.
  • Embedded fuzzing: A list of resources (papers, books, talks, frameworks, tools) for understanding fuzzing for IoT/embedded devices.
  • Embedded Rust: list of resources for Embedded and Low-level development in the Rust programming language.
  • Executable Packing: curated list of awesome resources related to executable packing.
  • Firmware Security: curated list of platform firmware resources
  • FlipperZero: awesome resources for the Flipper Zero device.
  • Fuzzing: curated list of fuzzing resources.
  • Fuzzing paper collection: papers related to fuzzing, binary analysis, and exploit dev.
  • Hacking: collection of awesome lists for hackers, pentesters & security researchers.
  • ICS Security: tools, tips, tricks, and more for exploring ICS Security.
  • IoT Security 101: curated list of IoT Security Resources.
  • IoT: list of great resources about IoT Framework, Library, OS, Platforms.
  • Golang: curated list of awesome Go frameworks, libraries and software.
  • Malware Analysis: malware analysis tools and resources.
  • Network stuff: resources about network security.
  • Raspberry Pi: Raspberry Pi tools, projects, images and resources.
  • RAT: RAT And C&C Resources.
  • Reverse Engineering: reversing resources.
  • Rust: curated list of Rust code and resources.
  • rust security: list of awesome projects and resources related to Rust and computer security.
  • Search engines: list of search engines useful during Penetration testing, Vulnerability assessments, Red Team operations, Bug Bounty and more.
  • Secure a Linux server: evolving how-to guide for securing a Linux server.
  • Shell: command-line frameworks, toolkits, guides and gizmos.
  • System Design: learn how to design systems at scale.
  • Tech Interview: curated coding interview preparation materials.
  • Tunneling: ngrok alternatives and other ngrok-like tunneling software and services.
  • Vim: all things vim.
  • WAF: everything about web-application firewalls (WAF).

Blogs and Tutorials

Compilers and Toolchains

  • clang: C language family frontend for LLVM.
  • Cross-compilation toolchains (Bootlin): large number of ready-to-use cross-compilation toolchains, targetting the Linux operating system on a large number of architectures.
  • Dockcross: cross compiling toolchains in Docker images.
  • gcc: GNU Compiler Collection.

Databases

Debuggers

  • GDB: GNU Project Debugger.
    • gdb-dashboard: modular visual interface for GDB in Python.
    • gdbgui: browser-based frontend to gdb.
    • GEF: plugin with set of commands to assis exploit developers and reverse-engineers.
  • rr: Record and Replay Framework.
    • rd: reimplementation in rust.
  • Scout: instruction based research debugger.

eBPF

  • BumbleBee: simplifies building eBPF tools and allows you to package, distribute, and run them anywhere.
  • Cilium ebpf: Pure-Go library to read, modify and load eBPF programs.
  • epbf.io: official website.
  • pulsar: runtime security framework for the IoT, powered by eBPF.
  • tetragon: eBPF-based Security Observability and Runtime Enforcement.

Embedded and IoT

  • Binwalk: firmware Analysis Tool.
  • Buildroot: simple, efficient and easy-to-use tool to generate embedded Linux systems through cross-compilation.
  • EMBA: firmware security analyzer.
  • FACT: Firmware Analysis and Comparison Tool.
  • Firmwalker: Script for searching the extracted firmware file system for goodies.
  • Firmware mod kit: collection of scripts and utilities to extract and rebuild linux based firmware images.
  • Flashrom: utility for detecting, reading, writing, verifying and erasing flash chips.
  • Frankenstein: Broadcom and Cypress firmware emulation for fuzzing and further full-stack debugging.
  • FuzzWare: automated, self-configuring fuzzing of firmware images.
  • HardwareAllTheThings: list of useful payloads and bypasses for Hardware and IOT Security.
  • KataOS: embedded OS written most enrtirely in rust.
  • InternalBlue: bluetooth experimentation framework for Broadcom and Cypress chips.
  • LLP University: Low Level Programming University.
  • Low level: misc documentation about low level development.
  • NexMon: C-based Firmware Patching Framework for Broadcom/Cypress WiFi Chips.
  • nvram-faker: simple library to intercept calls to libnvram when running embedded linux applications in emulated environments.
  • OFRAK: unpack, modify, and repack binaries.
  • OpenOCD: Open On-Chip Debugger.
  • OpenWRT: Linux operating system targeting embedded devices.
  • OS Kernel Lab: OS kernel labs based on Rust/C Lang & RISC-V 64/X86-32.
  • OWASP-FSTM: OWASP Firmware Security Testing Methodology.
  • unblob: curate, fast, and easy-to-use extraction suite.

Emulators and Dynamic Analysis

  • Avatar2: target orchestration framework with focus on dynamic analysis of embedded devices' firmware!
  • EMUX: Firmware Emulation Framework.
  • Firmadyne: platform for emulation and dynamic analysis of Linux-based firmware.
  • QEMU: open source machine emulator and virtualizer.
  • Panda: platform for Architecture-Neutral Dynamic Analysis.
  • Qiling: Qiling Advanced Binary Emulation Framework.
  • Renode: virtual development framework for complex embedded systems.
  • Triton: dynamic binary analysis library.
  • Unicorn: CPU emulator framework.

Exploit Development

  • CodeQL: semantic code analysis engine.
  • cwe_ckecker: finds vulnerable patterns in binary executables.
  • Exploit mitigations: knowledge base of exploit mitigations available across numerous operating systems.
  • how2heap: repository for learning various heap exploitation techniques.
  • kernel-exploit-factory: Linux kernel CVE exploit analysis report and relative debug environment.
  • libc-database: database of libc offsets to simplify exploitation.
  • Linux Kernel Exploit: links related to Linux kernel exploitation.
  • Linux Kernel Exploitation: collection of links related to Linux kernel security and exploitation.
  • one_gadget: tool for finding one gadget RCE in libc.so.6.
  • pwndocker: docker environment for pwn in ctf.
  • pwninit: automate starting binary exploit challenges.
  • pwntools: framework and exploit development library.
  • ROPGadget: search your gadgets on your binaries to facilitate your ROP exploitation.
  • ropr: fast multithreaded ROP Gadget finder.
  • Ropper: find gadgets to build rop chains for different architectures.
  • weggli: fast and robust semantic search tool for C and C++ codebases.
  • ZDI PoCs: the Zero Day Initiative Proofs-of-concept.

Fuzzing

  • AFLplusplus: improved version of AFL.
  • boofuzz: fork and successor of the Sulley Fuzzing Framework.
  • difuze: fuzzer for Linux Kernel Drivers.
  • ferofuzz: structure-aware HTTP fuzzing library.
  • Fuzzing Book: tools and techniques for generating software tests.
  • halfempty: fast, parallel test case minimization tool.
  • Healer: kernel fuzzer inspired by Syzkaller.
  • Honggfuzz: evolutionary, feedback-driven fuzzing based on code coverage.
  • krf: kernelspace syscall interceptor and randomized faulter.
  • lain: fuzzer framework built in Rust.
  • LibAFL: fuzzing library.
  • netzob: Protocol Reverse Engineering, Modeling and Fuzzing.
  • MATE: suite of tools for interactive program analysis with a focus on hunting for bugs in C and C++.
  • onefuzz: self-hosted Fuzzing-As-A-Service platform.
  • propfuzz: Rust toolkit to combine property-based testing and fuzzing.
  • Radamsa: general purpose fuzzer.
  • SemGrep: lightweight static analysis for many languages.
    • Rules: Semgrep rules to facilitate vulnerability research.
  • silifuzz: finds CPU defects by fuzzing software proxies.
  • Syzkaller: unsupervised coverage-guided kernel fuzzer.
    • Syzbot: continuously fuzzes main Linux kernel branches and automatically reports found bugs
    • SyzScope: automatically uncover high-risk impacts given a bug with only low-risk impacts.

Linux Kernel

Misc

  • Arti: implementation of Tor, in Rust.
  • Caddy: fast, multi-platform web server with automatic HTTPS.
  • CoreUtils: Cross-platform Rust rewrite of the GNU coreutils.
  • difftastic: structural diff that understands syntax.
  • esphome.io: control your ESP8266/ESP32.
  • f4pga: fully open source toolchain for the development of FPGAs of multiple vendors.
  • fccid: information resource for all wireless device applications filed with the FCC.
  • FlipperZero: portable multi-tool for pentesters and geeks in a toy-like body.
  • Googl Home: smart home ecosystem.
  • klgrth: pastebin alternative.
  • jless: command-line JSON viewer designed for reading, exploring, and searching through JSON data.
  • OpenSK: open-source implementation for security keys written in Rust.
  • Pastebin: store any text online for easy sharing.
  • patents: patents db from Google.
  • Polypyus: locate functions in raw binaries by extracting known functions from similar binaries.
  • pspy: monitor linux processes without root permissions.
  • sniffglue: Secure multithreaded packet sniffer (in rust).
  • sniffle: sniffer for Bluetooth 5 and 4.x LE.
  • temp.sh: alternative to transfer.sh.
  • transfer.sh: easy file sharing from the command line.
  • uhr: Universal Radio Hacker.
  • wabt: WebAssembly Binary Toolkit.
  • ZeroBin: open source online pastebin where the server has zero knowledge of pasted data.

Networking

  • Misc:
    • innernet: private network system that uses WireGuard under the hood.
    • nebula: scalable overlay networking tool.
    • netbird: connect your devices into a single secure private WireGuard®-based mesh network.
    • netmaker: makes networks with WireGuard.
    • tailscale: zero config VPN.
    • zeek: network analysis framework.
    • zerotier: secure networks between devices.
  • Network Scanners:
    • masscan: TCP port scanner, spews SYN packets asynchronously.
    • nmap: utility for network scanning and discovery and security auditing
    • RustScan: quick port scanner implemented in rust.
    • skanuvaty: fast DNS/network/port scanner.
    • ZGrab2: fast, modular application-layer network scanner.
    • ZMap: fast single packet network scanner.

Programming Languages

  • Assembly:
  • C: C reference
    • libc implementations:
      • glibc: GNU C library.
      • musl: C standard library.
      • uclibc: C library for developing embedded Linux systems.
      • uclibc-ng: small C library for developing embedded Linux systems.
    • Libraries:
      • libaco: blazing fast and lightweight C asymmetric coroutine library.
      • libdill: structured concurrency in C.
      • linux-syscall-support: low level C API for making direct Linux syscalls.
      • sc: common libraries and data structures for C.
  • Go: open source programming language supported by Google.
  • Rust: secure system programming language.
    • aquascope: Interactive visualizations of Rust at compile-time and run-time
    • API guidelines: set of recommendations on how to design and present APIs for the Rust programming.
    • AreWeRustYet: Awesome list of "Are We thing Yet" for Rust
    • Black Hat Rust: applied offensive security with Rust.
    • Book: introductory book about Rust.
    • Cargo Book: official cargo book.
    • Cheats: Rust language cheat sheet.
    • Clippy: lints to catch common mistakes and improve your Rust code.
    • crates.io: rust community's crate registry.
    • cryptography.rs: list of actively maintained, high-quality cryptography libraries.
    • Design patterns: catalogue of Rust design patterns, anti-patterns and idioms.
    • Easy Rust: rust explained using easy English.
    • Editions: editions guide.
    • Embedded Rust Book: introductory book about using the Rust Programming Language on "Bare Metal" embedded systems.
    • esp-rs: Rust on ESP.
    • Macros: the little book of rust macros.
    • min-sized-rust: how to minimize Rust binary size.
    • Offensive Rust: Rust Weaponization for Red Team Engagements.
    • Official Repository: official Rust repository.
    • Performance: Rust Performance Book.
    • Practice: easily diving into and get skilled with Rust.
    • Raspberrypi OS Tutorials: learn to write an embedded OS in Rust.
    • Redox OS: Unix-like Operating System written in Rust.
    • RFCs: RFCs for changes to Rust.
    • Rustonomicon: awful details that you need to understand when writing Unsafe Rust programs.
    • Rust Reference: primary reference for the Rust programming language.
    • rustup: installer for the systems programming language Rust.
    • std: standard library documentation.
    • Windows RS: Rust for Windows.
    • This Week In Rust: handpicked Rust updates, delivered to your inbox.
    • Libraries:
      • Async Runtimes:
        • async-std: async version of the Rust standard library.
        • smol: small and fast async runtime for Rust.
        • Tokio: runtime for writing reliable asynchronous applications with Rust.
      • avml: Acquire Volatile Memory for Linux.
      • Aya: eBPF library for the Rust programming language.
      • embassy: framework for embedded applications.
      • Goblin: cross-platform binary parsing crate, written in Rust.
      • libp2p: Rust Implementation of the libp2p networking stack.
      • nix: rust friendly bindings to *nix APIs.
      • redbpf: Rust library for building and running BPF/eBPF modules.
      • redhook: dynamic function call interposition / hooking (LD_PRELOAD) for Rust.
      • Rustix: Safe Rust bindings to POSIX/Unix/Linux/Winsock2 syscalls.

Reverse Engineering

  • Angr: user-friendly binary analysis platform.
  • BAP: binary analysis platform.
  • BinDiff: compare executables by identifying identical and similar functions.
  • BinExport: export disassemblies into Protocol Buffers.
  • CAPA: tool to identify capabilities in executable files.
    • lancelot-flirt: library for parsing, compiling, and matching Fast Library Identification and Recognition Technology (FLIRT) signatures.
  • Capstone Engine: disassembly/disassembler framework.
  • cpu_rec: recognize cpu instructions in an arbitrary binary file.
  • CyberChef: web app for encryption, encoding, compression and data analysis.
  • decomp2dbg: plugin to introduce interactive symbols into your debugger from your decompiler.
  • Diffware: configurable tool providing a summary of the changes between two files or directories
  • DogBolt: decompiler explorer.
  • ELFKickers: collection of programs that access and manipulate ELF files.
  • flare-emu: easy to use and flexible interface for scripting emulation tasks.
  • FLOSS: FLARE Obfuscated String Solver.
  • fq: jq for binary formats.
  • Ghidra: software reverse engineering (SRE) framework.
  • Kaitai Struct: declarative language to generate binary data parsers.
  • Keystone Engine: assembler framework.
  • Linux syscalls: Linux kernel syscall tables
  • McSema: Framework for lifting program binaries to LLVM bitcode.
  • Metasm: a free assembler / disassembler / compiler.
  • Miasm: reverse engineering framework in Python.
  • Radare2: UNIX-like reverse engineering framework and command-line toolset.
  • REMnux: Linux toolkit for reverse-engineering.
  • RetDec: retargetable machine-code decompiler based on LLVM.
  • Yara: pattern matching swiss knife for malware researchers.

RTOS

  • FreeRTOS: open source, real-time operating system for microcontrollers.
  • MangooseOS: IoT operating system and networking library.
  • ThreadX: advanced real-time operating system (RTOS) designed specifically for deeply embedded applications.
  • Tock: secure embedded operating system for microcontrollers.
  • Zephyr: mall, scalable, real-time operating system (RTOS).
    • Docs: zephyt project documentation.

Sandboxing

  • Code Sandboxing: code execution isolation and containment with sandbox solutions.
  • gvisor: application Kernel for Containers.
  • Firecracker: secure and fast microVMs for serverless computing.
  • KAta containers: standard implementation of lightweight Virtual Machines (VMs) that feel and perform like containers, but provide the workload isolation and security advantages of VMs.
  • nano: kernel designed to run one and only one application in a virtualized environment.
  • ops: build and run nanos unikernels.
  • RustyHermit: rust-based, lightweight unikernel.
  • sandboxed-api: generates sandboxes for C/C++ libraries automatically.
  • Unikraft: automated system for building specialized OSes known as unikernels.

Tools

  • curl: command line tool and library for transferring data with URL syntax.
  • patchelf: small utility to modify the dynamic linker and RPATH of ELF executables.
  • tcpdump: command-line packet analyzer.
  • wireshark: network protocol analyzer.
    • tshark: CLI tool for analyzing network traffic.
    • tshark.dev: guide to working with packet captures on the command-line.

Tracing, Hooking and Instrumentation

  • bcc: rools for BPF-based Linux IO analysis, networking, monitoring, and more.
  • bpftrace: high-level tracing language for Linux eBPF.
  • cannoli: high-performance QEMU memory and instruction tracing.
  • DynamoRIO: runtime code manipulation system.
  • Falco: cloud native runtime security tool.
  • Frida: instrumentation toolkit for developers, reverse-engineers, and security researchers.
  • LIEF: library to Instrument Executable Formats.
  • ltrace: intercepts and records both the dynamic library calls and signals.
  • QDBI: a Dynamic Binary Instrumentation framework based on LLVM.
  • Reverie: ergonomic and safe syscall interception framework for Linux (Rust).
  • S2E: platform for multi-path program analysis with selective symbolic execution.
  • strace: diagnostic, debugging and instructional userspace utility for Linux.
  • Tracee: Linux Runtime Security and Forensics using eBPF.

Trusted Execution Environment

  • OP-TEE: Open Portable Trusted Execution Environment.
    • TrustedFirmware: reference implementation of secure software for Armv8-A, Armv9-A and Armv8-M.
    • Docs: official OP-TEE documentation.
  • TEE-reversing: A curated list of public TEE resources for learning how to reverse-engineer and achieve trusted code execution on ARM devices.