{"id":13514713,"url":"https://github.com/FuzzySecurity/Resource-List","last_synced_at":"2025-03-31T03:31:11.869Z","repository":{"id":109047382,"uuid":"55326398","full_name":"FuzzySecurity/Resource-List","owner":"FuzzySecurity","description":"GitHub Project Resource List","archived":false,"fork":false,"pushed_at":"2016-09-02T22:55:36.000Z","size":15,"stargazers_count":317,"open_issues_count":0,"forks_count":84,"subscribers_count":33,"default_branch":"master","last_synced_at":"2024-05-02T02:51:01.722Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/FuzzySecurity.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2016-04-03T02:44:44.000Z","updated_at":"2024-04-11T02:48:04.000Z","dependencies_parsed_at":"2023-05-04T02:32:35.780Z","dependency_job_id":null,"html_url":"https://github.com/FuzzySecurity/Resource-List","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/FuzzySecurity%2FResource-List","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/FuzzySecurity%2FResource-List/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/FuzzySecurity%2FResource-List/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/FuzzySecurity%2FResource-List/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/FuzzySecurity","download_url":"https://codeload.github.com/FuzzySecurity/Resource-List/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246413377,"owners_count":20773053,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-01T05:01:00.776Z","updated_at":"2025-03-31T03:31:11.158Z","avatar_url":"https://github.com/FuzzySecurity.png","language":null,"readme":"Resource-List\n=============\n\nA collection of useful GitHub projects loosely categorised. I may end up adding non-GitHub projects + KB-style links for topics.\n\npwnd\n----\n* ODAT Oracle Database Attack Tool:\n  * https://github.com/quentinhardy/odat\n\n* clusterd framework, attacking JBoss, CF, WebLogic, Tomcat, Railo, Axis2, Glassfish:\n  * https://github.com/hatRiot/clusterd\n\n* JexBoss - Jboss verify and EXploitation Tool:\n  * https://github.com/joaomatosf/jexboss\n\n* The Backdoor Factory Proxy (BDFProxy):\n  * https://github.com/secretsquirrel/BDFProxy\n\n* impacket:\n  * https://github.com/CoreSecurity/impacket\n\n* CrackMapExec Windows/Active Directory swiss army knife:\n  * https://github.com/byt3bl33d3r/CrackMapExec\n\n* commix:\n  * https://github.com/stasinopoulos/commix\n\n* beef-drive, beef framework with WebRTC:\n  * https://github.com/tsu-iscd/beef-drive\n\n* VirtuaPlant Industrial Control Systems simulator:\n  * https://github.com/jseidl/virtuaplant\n\n* Responder, LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication:\n  * https://github.com/SpiderLabs/Responder\n\n* WSUSpect Proxy - a tool for MITM'ing insecure WSUS connections:\n  * https://github.com/ctxis/wsuspect-proxy\n\n* Potato, NTLM relay PrivEsc:\n  * https://github.com/foxglovesec/Potato\n\n* jdwp-shellifier (Java Debug Wire Protocol):\n  * https://github.com/stufus/jdwp-shellifier\n\n* foxglovesec JavaUnserializeExploits:\n  * https://github.com/foxglovesec/JavaUnserializeExploits\n\n* KeeFarce, extraction of KeePass 2.x password database information from memory:\n  * https://github.com/denandz/KeeFarce\n\n* Wolves Among the Sheep, MD5 hash collision:\n  * https://github.com/silentsignal/sheep-wolf/\n\n* TDL (Turla Driver Loader). Driver loader for bypassing Windows x64 Driver Signature Enforcement:\n  * https://github.com/hfiref0x/TDL\n  \n* Ebowla, framework for Making Environmental Keyed Payloads:\n  * https://github.com/Genetic-Malware/Ebowla\n\n* CVE-2016-1287 POC: IKEv1/v2 buffer overflow\n  * https://github.com/exodusintel/disclosures/blob/master/CVE_2016_1287_PoC\n  \n* SubTee, AllTheThings -\u003e Includes 5 Known Application Whitelisting Bypass Techniques in One File:\n  * https://github.com/subTee/AllTheThings\n\n* IAT_POC, IAT based payload, that bypasses DEP/ASLR protections in EMET:\n  * https://github.com/ShellcodeSmuggler/IAT_POC\n\n* XRulez, Windows executable that can add malicious rules to Outlook:\n  * https://github.com/mwrlabs/XRulez\n  \nPowerShell\n----------\n* BloodHound, Six Degrees of Domain Admin:\n  * https://github.com/adaptivethreat/Bloodhound\n\n* PowerSploit - A PowerShell Post-Exploitation Framework:\n  * https://github.com/PowerShellMafia/PowerSploit\n\n* PowerShellArsenal, PowerShell Module Dedicated to Reverse Engineering:\n  * https://github.com/mattifestation/PowerShellArsenal\n  \n* Empire, post-exploitation framework:\n  * https://github.com/powershellempire/empire\n  \n* PowerShell Empire Web Interface using the REST API interface:\n  * https://github.com/interference-security/empire-web\n\n* PowerShell live disk forensics platform:\n  * https://github.com/Invoke-IR/PowerForensics\n\n* PowerMemory:\n  * https://github.com/giMini/PowerMemory\n  \n* KeeThief, methods for attacking KeePass 2.X databases, including extracting of encryption key material from memory:\n  * https://github.com/adaptivethreat/KeeThief\n  \n* mimikittenz, a post-exploitation powershell tool for extracting juicy info from memory:\n  * https://github.com/putterpanda/mimikittenz\n\n* Inveigh, LLMNR/NBNS spoofer/man-in-the-middle tool:\n  * https://github.com/Kevin-Robertson/Inveigh\n  \n* PowerUpSQL: A PowerShell Toolkit for Attacking SQL Server:\n  * https://github.com/NetSPI/PowerUpSQL\n  \n* PoshPrivilege, add/remove privileges to an account/group on a local machine as well as enabling or disabling existing privileges which are applied to a current user's process token:\n  * https://github.com/proxb/PoshPrivilege\n\n* Tater, PowerShell implementation of Hot Potato PrivEsc:\n  * https://github.com/Kevin-Robertson/Tater\n\n* Powershell to CodeExecution and ProcessInjection:\n  * https://github.com/3gstudent/Code-Execution-and-Process-Injection\n  \n* PoshRat, PowerShell Reverse HTTP(s) Shell:\n  * https://github.com/subTee/PoshRat\n\n* p0wnedShell, PowerShell Runspace Post Exploitation Toolkit:\n  * https://github.com/Cn33liz/p0wnedShell\n  \n* PSAttack, a portable console aimed at making pentesting with PowerShell a little easier:\n  * https://github.com/jaredhaight/PSAttack\n\n* OutlookPersistence:\n  * https://github.com/enigma0x3/OutlookPersistence\n\n* Babadook: Connection-less Powershell Persistent and Resilient Backdoor\n  * https://github.com/jseidl/Babadook\n  * https://wroot.org/posts/babadook-connection-less-powershell-persistent-and-resilient-backdoor/\n  \n* ps1-toolkit, obfuscated penetration testing PowerShell scripts:\n  * https://github.com/vysec/ps1-toolkit\n\n* Windows 10 hardening:\n  * https://gist.github.com/alirobe/7f3b34ad89a159e6daa1\n  \nCTF\n---\n* CTF-Workshop:\n  * https://github.com/kablaa/CTF-Workshop\n\n* ctf-tools:\n  * https://github.com/zardus/ctf-tools\n\n* Mechanical Phish framework for the DARPA Cyber Grand Challenge (@shellphish):\n  * https://github.com/mechaphish\n\n* pwntools, CTF framework used by Gallopsled:\n  * https://github.com/Gallopsled/pwntools\n\n* Awesome CTF, tool list:\n  * https://github.com/apsdehal/awesome-ctf\n\n* binjitsu:\n  * https://github.com/binjitsu/binjitsu\n\n* 32/64 bit Intel shellcode for CTF style exploitation:\n  * https://github.com/isislab/Shellcode\n\n* preeny, payloads for binary patching:\n  * https://github.com/zardus/preeny\n\n* Eh'Trace (pronounced ATrace) is a binary tracing tool for Windows:\n  * https://github.com/K2/EhTrace\n\n* flare-ida, IDA Pro scripts and plugins by the FireEye FLARE team:\n  * https://github.com/fireeye/flare-ida\n\n* HexRaysCodeXplorer, IDA plugin for better code navigation:\n  * https://github.com/REhints/HexRaysCodeXplorer\n\n* Qira, timeless debugger:\n  * https://github.com/BinaryAnalysisPlatform/qira\n\n* Binary Ninja Python:\n  * https://github.com/Vector35/binaryninja-python\n\n* radare2:\n  * https://github.com/radare/radare2\n\n* Triton dynamic binary analysis framework:\n  * https://github.com/JonathanSalwan/Triton\n\n* angr binary analysis framework:\n  * https://github.com/angr/angr\n\n* Capstone disassembly/disassembler framework:\n  * https://github.com/aquynh/capstone\n\n* Snowman Decompiler:\n  * https://github.com/yegord/snowman\n\n* Pin unpacking and anti-evasion:\n  * https://github.com/Seba0691/pin_unpacking_antievasion\n\n* tesseract-ocr:\n  * https://github.com/tesseract-ocr/tesseract\n  \n* xortool, analyze multi-byte xor cipher:\n  * https://github.com/hellman/xortool\n\n* flare-floss, FireEye Obfuscated String Solver:\n  * https://github.com/fireeye/flare-floss\n\n* FernFlower Java decompiler:\n  * https://github.com/fesh0r/fernflower\n\n* dbSypy, .NET assembly editor, decompiler, and debugger:\n  * https://github.com/0xd4d/dnSpy\n\n* JPEXS Free Flash Decompiler:\n  * https://github.com/jindrapetrik/jpexs-decompiler\n\n* Robust ABC (ActionScript Bytecode) [Dis-]Assembler (RABCDAsm):\n  * https://github.com/CyberShadow/RABCDAsm\n  \n* WinAFL, a fork of AFL for fuzzing Windows binaries:\n  * https://github.com/ivanfratric/winafl\n  \n* Gray Hat C#:\n  * https://github.com/brandonprry/gray_hat_csharp_code\n\n* CTF write-ups by PPP:\n  * https://github.com/pwning/public-writeup\n\n* CTFs -\u003e CTF write-up's:\n  * https://github.com/ctfs\n\n* Modern Binary Exploitation RPISEC:\n  * https://github.com/RPISEC/MBE\n\n* HeXA CTF Platform:\n  * https://github.com/L34p/HeXA-CTF-2015\n\n* CTFd:\n  * https://github.com/isislab/CTFd\n\n* Christmas-CTF:\n  * https://github.com/brian020305/Christmas-CTF\n\n* CTF scoreboard:\n  * https://github.com/ShySec/scrimmage-scoreboard\n\n* DefCon CTF VM:\n  * http://fuzyll.com/2016/the-defcon-ctf-vm/\n  * https://github.com/fuzyll/defcon-vm\n  \nMalware\n-------\n* GRR Rapid Response:\n  * https://github.com/google/grr\n\n* Viper, Binary analysis framework:\n  * https://github.com/viper-framework/viper\n  \n* pafish, detect sandboxes and analysis environments in the same way as malware families do:\n  * https://github.com/a0rtega/pafish\n\n* yara:\n  * https://github.com/plusvic/yara/\n\n* Course materials for Malware Analysis by RPISEC (2015):\n  * https://github.com/RPISEC/Malware\n\n* APTnotes, various public documents, whitepapers and articles about APT campaigns:\n  * https://github.com/kbandla/APTnotes\n\n* QuasarRAT (c#):\n  * https://github.com/quasar/QuasarRAT\n  \n* browsersploit, advanced browser exploit pack for doing internal and external pentesting:\n  * https://github.com/julienbedard/browsersploit\n\n* HellKitty-In-VC Ring3 Rootkit:\n  * https://github.com/aaaddress1/HellKitty-In-VC\n\n* PowerWorm, PowerShell-based malware:\n  * https://github.com/mattifestation/PowerWorm\n\n* Anti Sandbox and Anti Virtual Machine Tool:\n  * https://github.com/AlicanAkyol/sems\n\n* JSDetox, JavaScript deobfuscation:\n  * https://github.com/svent/jsdetox\n\n* CapTipper, analyze, explore and revive HTTP malicious traffic:\n  * https://github.com/omriher/CapTipper","funding_links":[],"categories":["Other useful repositories","Table of Contents","Other Useful Repositories","🛠️ Helpful Repositories","Uncategorized"],"sub_categories":["Other useful repositories","Uncategorized"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FFuzzySecurity%2FResource-List","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FFuzzySecurity%2FResource-List","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FFuzzySecurity%2FResource-List/lists"}