Skip to content

quarkslab/tools

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
README.md
README.md
 
 

Repository files navigation

Quarkslab Open Source Tools

Most of our open source tools are published under https://github.com/quarkslab but not all, so here is a more exhaustive list.

  • pixiefail: PoC for PixieFail vulnerabilities
  • dxfx: DxFx is a proof-of-concept DJI Pilot unpacker
  • diffing_obfuscation_dataset: The dataset was used as a support to attack obfuscations. It is the largest obfuscated dataset, with realistic and various binaries and functions. It is made to support other experiments on obfuscation for research purposes
  • sstic-tame-the-qemu: QEMU support for a custom board based on a Microchip ATSAMD21G18A microcontroller (MCU)
  • samsung-bootchain-poc: PoC associated to the talk "Attacking Samsung Galaxy A* Boot Chain" (https://www.blackhat.com/us-24/briefings/schedule/#attacking-samsung-galaxy-a-boot-chain-and-beyond-38526)
  • ble-gatt-fuzzing: Tool developed to fuzz the GATT layer of the Bluetooth Low Energy protocol based on defined attack scenarios.
  • nvidia-ngx-wrapper
  • can-workshop: Files for the Grehack 2021 workshop: Revers3 me if you CAN
  • qbindiff: Quarkslab Bindiffer but not only !
  • ziphyr: On-the-fly zip of streamed file with optional zipcrypto.
  • BVWhiteBox: This PoC illustrates our work on asymmetric white-box cryptography, it can be used to generate a set of lookup tables used for lattice-based white-box scheme
  • Diffing Portal: various resources on binary diffing
  • Crypto-condor: a test suite for cryptographic primitives, including Qb version of TestU01-2009
  • Prism: a light BEAM disassembler for Erlang
  • Numbat: Library to manipulate and create Sourcetrail databases
  • NumbatUI: a fork of Sourcetrail
  • LIEF: a cross-platform library for parsing, modifying and abstracting ELF, PE and MachO executable formats
  • QBDI: a modular, cross-platform, cross-architecture binary dynamic instrumentation framework
  • Triton: a symbolic execution library
  • Qsynthesis: an API in Python3 for performing I/O-based bit vector expression program synthesis
  • QBDL: QuarkslaB Dynamic Linker is a library for dynamically loading and linking binaries in a modular and portable way
  • AERoot: a tool that allows to grant on the fly root rights to any process running in the Android emulator with Android Virtual Devices labeled Google Play
  • Mattermost e2ee: a plugin for the Mattermost chat application to implement end-to-end encrypted communications
  • Rewind: a snapshot-based coverage-guided fuzzer targeting Windows kernel components
  • whvp: a PoC for a snapshot-based coverage-guided fuzzer targeting Windows kernel components (now replaced by Rewind)
  • kdigger: a context discovery tool for Kubernetes penetration testing
  • minik8s-ctf: a beginner-friendly CTF about Kubernetes security
  • Bgraph: a tool to generate dependency graphs from Android.bp soong files
  • windbg-vtl: a JavaScript debugger extension for WinDbg that allows to dump the partitions running on Hyper-V
  • Windefender Network Inspection tools: WindTalker is a tool for interacting with the Windefender network inspection's driver
  • BVWhitebox: proposal for an asymmetric lattice-based white-box scheme presented in https://eprint.iacr.org/2020/893
  • titanm: various reverse engineering and vulnerability research tools developed for our research on the Titan-M chip
  • Arybo: a software for manipulating such expressions using bit vectors and gives a bit-per-bit symbolic representation
  • Binbloom: a raw binary firmware analysis software
  • AOSP Dataset: a large commit precise vulnerability dataset based on AOSP CVE
  • Quokka: a fast and accurate binary explorer
  • Qsig: a patch signature generation-detection tool
  • TPMee: TPMee stands for TPMEavesEmu. It help to exploit weak implementations of library or program that used TPM
  • Peetch: a collection of tools aimed at experimenting with different aspects of eBPF to bypass TLS protocol protections
  • idascript: a collection of utilities scripts and Python module to facilitate executing idapython scripts in IDA
  • PASTIS: a collaborative fuzzing framework
  • Pyrrha: a tool to do firmware cartography
  • python-bindiff: a friendly interface to launch and manipulate bindiff between two binary files
  • python-binexport: a Python interface for Binexport, the Bindiff export format
  • TritonDSE: a Triton-based DSE library with loading and exploration capabilities
  • android-fuzzing: a tool to perform Android greybox fuzzing with AFL++ Frida mode. It contains the material associated with the blogpost Android greybox fuzzing with AFL++ Frida mode
  • hooking-golang-playground: a tool to conduct various experiments with golang internals. Companion code used for the blog post “Let's Go into the rabbit hole (part 1) — the challenges of dynamically hooking Golang programs”
  • starlink-tools: a collection of tools for security research on Starlink's User Terminal
  • wirego: a Wireshark plugin wrapper for golang
  • PQC_tables: the project summarizes the current ANSSI views regarding post-quantum cryptography scheme usages for (French) certifications
  • LLDBagility: a tool for macOS kernel debugging that allows to connect LLDB to any macOS virtual machine running on a patched version of the VirtualBox hypervisor
  • IRMA: an asynchronous and customizable analysis system for suspicious files
  • Binmap: a system scanner, looking for programs and libraries and collecting various information such as dependencies, symbols etc
  • SSPAM: a software for simplifying mixed expressions (expressions using both arithmetic and boolean operators) with pattern matching
  • quarkspwdump: Dump various types of Windows credentials without injecting in any process.
  • dreamboot: UEFI bootkit
  • qb-sync: qb-sync is an open source tool to add some helpful glue between IDA Pro and Windbg. Its core feature is to dynamically synchronize IDA's graph windows with Windbg's position.
  • libleeloo: Library to manage big sets of integers (and IPv4 ranges)
  • iMITMProtect: Prevent Apple to mess with keys
  • linksys-wag200G: Some binaries and tools for the Linksys WAG200N router
  • irma-brain: IRMA brain
  • irma-frontend: IRMA frontend
  • irma-probe: IRMA probe
  • irma-common: IRMA common
  • land_of_cxx
  • ip_conv_sse
  • nodescan: Asynchronous scanning library
  • irma-ansible-old: IRMA ansible
  • irma: IRMA is an asynchronous & customizable analysis system for suspicious files.
  • irma-probe-tutorial
  • irma-formatter-tutorial
  • llvm-dev-meeting-tutorial-2015: Material for an LLVM Tutorial presented at LLVM Dev Meeting 2015
  • irmacl: irma api command line client
  • NFLlib: NTT-based Fast Lattice library
  • irma-web-ui: IRMA Web User Interface
  • dataset-call-graph-blogpost-material
  • sboot-binwalk
  • irma-ansible
  • irmacl-async: Asynchronous client library for IRMA API
  • android-restriction-bypass: PoC to bypass Android restrictions
  • training_ecu: Hardware and software for the ECU we use during trainings
  • samsung-trustzone-research: Reverse-engineering tools and exploits for Samsung's implementation of TrustZone
  • legu_unpacker_2019: Scripts to unpack APK protected by Legu
  • qb.backup: The server-side script of the qb.backup orchestration solution.
  • ansible-role-qb.backup: The Ansible role setting up Debian servers that need to be backuped by qb.backup.
  • ansible-role-qb.backup_server: The Ansible role setting up a FreeBSD Jail running the script qb.backup.
  • ansible-playbook-qb.backup: An example Ansible playbook deploying the roles qb.backup and qb.backup_server.
  • CVE-2020-0069_poc

About

List of our opensource tools

Resources

Readme
Activity
Custom properties

Stars

2 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published