We have collection of more than 1 Million open source products ranging from Enterprise product to small libraries in all platforms. We aggregate information from all open source repositories. Search and find the best for your needs. Check out projects section.
pwntools - CTF framework and exploit development library
Pwntools is a CTF framework and exploit development library. Written in Python, it is designed for rapid prototyping and development, and intended to make exploit writing as simple as possible. You can now do a live demo of Pwntools, right in your browser.
ctf exploit pwntools ctf-framework shellcode rop pwnable defcon capture-the-flag wargametools - security and hacking tools, exploits, proof of concepts, shellcodes, scripts
This section offers a selection of our fully featured security and hacking tools. We also provide some exploits, proof of concept code, shellcodes and snippets. That means some tools are not tested and may not have the feature set. If you find some bugs or if you have any questions, ideas or criticism regarding to this section, feel free to message us.
hacking shellcode exploitsshellen - :cherry_blossom: Interactive shellcoding environment to easily craft shellcodes
Shellen is an interactive shellcoding environment. If you want a handy tool to write shellcodes, then shellen may be your friend. Shellen can also be used as an assembly or disassembly tool. keystone and capstone engines are used for all of shellen's operations.
keystone capstone shellcode interactive assembler dissassembler pwn shellcoding disassembly syscalls architecture dsm asm shell syscall-table common-shellcodes exploitation ctf exploitcemu - Cheap EMUlator: lightweight multi-architecture assembly playground
Writing assembly is fun. Assembly is the lowest language (humanly understandable) available to communicate with computers, and is crucial to understand the internal mechanisms of any machine. Unfortunately, setting up an environment to write, compile and run assembly for various architectures (x86, ARM, MIPS, SPARC) has always been painful. CEmu is an attempt to fix this by providing a bundled GUI application that empowers users to write assembly and test it by compiling it to bytecode and executing it in an QEMU-based emulator. CEmu combines all the advantages of a basic assembly IDE, compilation and execution environment, by relying on the great libraries Keystone, Unicorn and Capstone engines in a Qt powered GUI.
keystone unicorn capstone shellcode sparc arm aarch64 x86-64 x86-32 powerpc mipsvenom - venom (metasploit) shellcode generator/compiler/listener
venom (metasploit) shellcode generator/compiler/listener
metasploit msfvenom shellcode compiler handler post-exploitationAmber - Reflective PE packer.
amber is a reflective PE packer for bypassing security products and mitigations. It can pack regularly compiled PE files into reflective payloads that can load and execute itself like a shellcode. It enables stealthy in-memory payload deployment that can be used to bypass anti-virus, firewall, IDS, IPS products and application white-listing mitigations. If you want to learn more about the packing methodology used inside amber check out below. For more detail about usage, installation and how to decrease detection rate check out WIKI. Developed By Ege Balcı from INVICTUS/PRODAFT.
packer pe crypter stub shellcode shellcode-loader payload malware-research paperWinREPL - x86 and x64 assembly "read-eval-print loop" shell for Windows
WinREPL is a "read-eval-print loop" shell on Windows that is useful for testing/learning x86 and x64 assembly. zerosum0x0/WinREPL is similar to yrp604/rappel (Linux) and Tyilo/asm_repl (Mac), but with a slightly different methodology that should allow for tricks such as self-modifying shellcode crypting/encoding. There is also enferex/asrepl for a Unicorn (emulated) version, but WinREPL is completely native inside a Windows process context.
x86 x64 repl shell debugger assembler shellcode asmjit keystone-enginev0lt - Security CTF Toolkit (Not maintained anymore)
v0lt is an attempt to regroup every tool I used/use/will use in security CTF, Python style. A lot of exercises were solved using bash scripts but Python may be more flexible, that's why. Nothing to do with Gallopsled. It's a toy toolkit, with small but specific utils only.
security security-ctf python3 shellcodefido - Teaching old shellcode new tricks
Give fido.py a x86 (32 bit or 64 bit) windows shellcode and it will strip off Stephen Fewer's hash API stub and replace it with something that bypasses EMET Caller and EAF+ checks but keeps the actual API calls in use. Can take input from cmdline (via -s).
shellcode emet metasploit msfvenom iat-parsingShellware - Persistent bind shell via pythonic shellcode execution, and registry tampering.
Upon execution Shellware will prompt for administrative privileges, once granted it wil copy itself to the C:\Users directory and add a registry entry for persistence. It will open port 8899 on the target machine and listen for a connection. Once a connection is established the program spawns an interactive OS shell. To make the program a little less suspiscious it might prudent to bind Shellware.exe to an innocent binary for deployment. Furthermore, the program attempts to tamper with certain registry entries to protect itself somewhat(and be generally annoying). The registry tampering attempts to disable error reporting, system restore and tries to disable LUA. I've had mixed results on different Windows platforms, however a registry entry for persistence has been consistently succesful throughout testing on various platforms.
shellcode persistence exploit pentest pentesting-windowsgo-shellcode - Load shellcode into a new process
This is a program to run shellcode as its own process, all from memory. This was written to defeat anti-virus detection. Keep in mind that only 64bit shellcode will run in a 64bit process. This can't autodetect your shellcode architecture.
shellcode redteam post-exploitationSelfDefence - Several sef defence methods for rootkist
Several sef defence methods for rootkist
protect-process rootkit defence stealth shellcodeARM-episodes - Arm Episodes
I have decided to combine the three works in a single pdf, for a better reading. I have only fixed some typing errors.
arm reverse-engineering exploitation shellcodebst - Binary String Toolkit (BST)
The Binary String Toolkit or BST for short is a rather simple utility to convert binary strings to various formats suitable for inclusions in source codes, such as those used to develop exploits and Proof of Concepts in the security field. This software is licensed under the terms of the GNU General Public License.
pentesting hexadecimal exploit-development shellcode binary-stringsruse - a secure and highly-portable reverse proxy (redirector) for your Red Team infrastructure.
Ruse is secure, multi-platform, selective Reverse Proxy (or Redirector) that is fast and easy to deploy. It can help you concealing C2 communications, and reverse shells traffic using the HTTP protocol. Ruse combines the core features of Python's SimpleHTTPServer, Apache's mod_rewrite, and SSL ProxyPass, all in a single, self-contained and highly-portable executable.
redteam proxy-server redirector http-listener shellcodeCVE-2017-11882 - CVE-2017-11882 Exploit accepts over 17k bytes long command/code in maximum.
CVE-2017-11882 Exploit accepts over 17k bytes long command/code in maximum. For remote command execution,this exploit will call WinExec with SW_HIDE and call ExitProcess after WinExec returns.
exploit cve-2017-11882 rtf shellcodeSelfDefense - Several self-defense shellcodes
Several self-defense shellcodes
protect-process stealth shellcode defenseIAT_API - Assembly block for finding and calling the windows API functions inside import address table(IAT) of the running PE file
Assembly block for finding and calling the windows API functions inside import address table(IAT) of the running PE file. Design of the block is inspired by Stephen Fewer's block_api and Josh Pitts's 2017 DEFCON talk. iat_api finds the addresses of API functions by parsing the _IMAGE_IMPORT_DESCRIPTOR structure entries inside the import table of the PE file. It first calculates the ROR(13) hash of the (module name + function name) and compares with the hash passed to block. If the hash matches it calls the function with the parameters passed to block.
shellcode exploit bypass malware antivirusosed-scripts - bespoke tooling for offensive security's Windows Usermode Exploit Dev course (OSED)
Finds and categorizes useful gadgets. Only prints to terminal the cleanest gadgets available (minimal amount of garbage between what's searched for and the final ret instruction). All gadgets are written to a text file for further searching. today (3 june 2021) i found that ropper (and also ROPGadget) fail to find a gadget that rp++ finds (this led me to have a hard time with challenge #2, as there was an add gadget that ropper simply didn't see).
shellcode windbg-scripts egghunter osed wumed exp-301SassyKitdi - Kernel Mode TCP Sockets + LSASS Dump (Rust Shellcode)
Most of the code of interest is in the src/common/ntmem (LSASS dump) and src/common/nttdi (TCP sockets) libraries. All structs, types, function signatures, etc are in src/common/ntdef. The shellcode project is in src/payloads/sassykitdi. Tested on Windows 10.0.18362.1016. Might require some tweaking for other versions but all APIs used are available since Win2k.
kernel shellcode
We have large collection of open source products. Follow the tags from
Tag Cloud >>
Open source products are scattered around the web. Please provide information
about the open source projects you own / you use.
Add Projects.
