🎯 Command Injection Payload List

For basic researches, top 25 vulnerability parameters that can be used in automation tools or manual recon. 🛡️⚔️🧙

Attack surface mapping

🦄 A curated list of the awesome resources about the Vulnerability Research

afl-unicorn lets you fuzz any piece of binary that can be emulated by Unicorn Engine.

A collection of my Semgrep rules to facilitate vulnerability research.

Subaru StarLink persistent root code execution.

Python Command-Line Ghidra Binary Diffing Engine

Apache Shiro 反序列化漏洞检测与利用工具

LLEF is a plugin for LLDB to make it more useful for RE and VR

Canadian Furious Beaver is a ProcMon-style tool designed only for capturing IRPs sent to any Windows driver.

Quarkslab conference talks

A collection of my Ghidra scripts to facilitate reverse engineering and vulnerability research.

PolarDNS is a specialized authoritative DNS server suitable for penetration testing and vulnerability research.

Quarkslab Bindiffer but not only !

Static Binary Instrumentation tool for Windows x64 executables

An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.

Automatically detect potential vulnerabilities and analyze repository metrics to prioritize open source security research targets

VerSprite Security Research

Obfu[DE]scate is a de-obfuscation tool for Android APKs that uses fuzzy comparison logic to identify similarities between functions, even if they have been renamed as part of obfuscation. It compares two versions of an APK and generates a mapping text file and an interactive HTML file as outputs!