Writing fuzzers to find assertion errors and null ptr derefs. Trying to do a Kamehameha since I was 4.
frida-fuzzer. This experimetal fuzzer is meant to be used for API in-memory fuzzing.
577qasan. QASan is a custom QEMU 3.1.1 that detects memory errors in the guest using AddressSanitizer.
352IDAngr. Use angr in the IDA Pro debugger generating a state from the current debug session
284angrgdb. Use angr inside GDB. Create an angr state from the current debugger state.
205cve_searchsploit. Search an exploit in the local exploitdb database by its CVE
176frida-js-afl-instr. An example on how to do performant in-memory fuzzing with AFL++ and Frida
139weizz-fuzzer. C
99angrdbg. Abstract library to generate angr states from a debugger state
62motherfucking-ctf. What do we say to JavaScript? Not today! motherfuckingwebsite.com inspired CTF platform.
51pwntrace. Use ltrace with pwnlib.tubes.process instances, useful for heap exploitation. Pwntools rocks!
50libafl_quickjs_fuzzing. An example fuzzer about how to fuzz a JS engine combinign Nautilus with Token-level fuzzing
47FuzzSplore. FuzzSplore: Visualizing Feedback-Driven Fuzzing Techniques
37r2angrdbg. Use angr inside the radare2 debugger. Create an angr state from the current debugger state.
34useful-pwn-writeups. a repo of links to useful writeups of pwn challenges
33asan-giovese. My AddressSanitizer implementation in C
29afl-qemu-cov. Measure Basic Blocks coverage of all testcases in the AFL queue using a patched QEMU
23taint-with-frida. just an experiment
22idb2gdb. Load function names from an IDA Pro database inside GDB
21angr-win64-wheels. prebuild angr wheels for Windows on x86_64
15ConstrainedMemorySanitizer. C++
15store-interval-tree. A balanced unbounded interval-tree in Rust with associated values in the nodes
13deferred_driller. My version of driller using Intel PIN and angrgdb. In "theory" can work with AFL in deferred and persistent mode.
13QEMU-SanCov. SanitizerCoverage hooks and coverage reports for user-mode QEMU
12IdaVSHelp. IDAPython plugin to integrate Visual Studio Help Viewer in IDA Pro >= 6.8
12CristoShot. MS Paint powered graphics game in C# 2008 in which an ass throws things to Jesus as antistress
11afl. AFL with QEMU 3.1.0 + optimizations (thread safe this time) from https://github.com/abiondo/afl
10IdaGrabStrings. IDAPython plugin to search strings in a specified range of addresses and map it to a C struct
9IdaRetAddr. Highlight the return address of a function in the Ida Pro debugger
8leakyleak. a POC for the libc address leak using __libc_csu_init from the paper https://i.blackhat.com/briefings/asia/2018/asia-18-Marco-return-to-csu-a-new-method-to-bypass-the-64-bit-Linux-ASLR-wp.pdf
8ascii-ctf. A tiny and minimal web platform for jeopardy ctf hosting. Who needs javascript? Real hackers use ascii.
8libradamsa. Precompiled radamsa library
8sanitizer_stacktrace_rs. A Rust crate to generate backtraces using the LLVM codebase
7bsc-thesis. Symbolic Execution and Debugging Synchronization - Bsc Thesis
6mc2. Mirror of the MC2 fuzzer https://dl.acm.org/doi/10.1145/3548606.3560648
6FFF. C++
6AFL-exp. C
6IDAngr-PinTool. PinTool skeleton for state synchronization with IDAngr
6aosv-cheatshit. shitty partial notes of the Advanced Operating Systems and Virtualization course in shitty text files
6ToolsForCyberChallenge. A set of tools that i developed to help me during the CyberChallenge.IT 2017
6meminterval. A simple interval-tree in Rust made to store memory mappings
6Superion. A backup of the Superion fuzzer cause the original repo (https://github.com/zhunki/Superion) was deleted
5qasan-examples. Collection of QASan examples
5angrkd. angrdbg + pykd to be used in WinDBG
5Reverse80. Open a reverse shell in a web page using HTTP
4andreafioraldi.
3IdaMSDNHelp. IdaPython plugin to open MSDN Help Search page
3