Bw3ll's repositories

sharem

SHAREM is a shellcode analysis framework, capable of emulating more than 20,000 WinAPIs and virutally all Windows syscalls. It also contains its own custom disassembler, with many innovative features, such as being able to show the deobfuscated disassembly of an encoded shellcode, or integrating emulation data to enhance the disassembly.

Language:PythonLicense:GPL-3.0Stargazers:322Issues:12Issues:7

ShellWasp

ShellWasp is a tool to help build shellcode that utilizes Windows syscalls, while overcoming the portability problem associated with Windows syscalls. ShellWasp is built for 32-bit, WoW64. ShellWasp 2.0 includes novel ways to invoke the syscall in WoW64.

Language:PythonLicense:MITStargazers:151Issues:4Issues:3

JOP_ROCKET

This framework enables user to discover JOP gagdets and can automate building a complete JOP chain to bypass DEP. JOP ROCKET is the ultimate solution for Windows jump-oriented programming. JOP ROCKET also finds the novel two-gadget dispatcher, which greatly expands what is possible with JOP.

Language:PythonStargazers:93Issues:3Issues:0

ROP_ROCKET

ROP ROCKET is an advanced code-reuse attack framework, with extensive ROP chain generation capabilities, including for novel Windows Syscalls attack, a novel Heaven's Gate, and "shellcodeless" ROP. The framework utilizes emulation and obfuscation to help expand the attack surface.

Language:PythonLicense:GPL-3.0Stargazers:88Issues:4Issues:0

ssdeep-windows-32_64

ssdeep for python on windows

Language:PythonLicense:GPL-3.0Stargazers:0Issues:0Issues:0