The following scripts were used to automate Windows x86 (32-bit) / x86_64 (64-bit) Exploitation Development.
Feel free to submit issues/pull requests if you find anything wrong or want to improve!
- attach.ps1 : Respawn services/processes, wait for sockets, and attach to WinDBG
- getinstalls.sh : Get installations to be used during install.ps1
- install.ps1 : Install Python, Mona, etc. to the target
- gadgetizer.py : Used to find ROP gadgets via RP++, and filter bad characters.
- shellcoder.py : Used to generate bad character/null-byte free position-independent shellcode.
WinDBG Scripts (Python 2/3)
- findbad.py : Identify a bad character array
- findcave.py : Identify a codecave (an executable memory region of a binary)
- findiat.py : Identify a function IAT
- findppr.py : Identify a Pop-Pop-Ret instruction
- findrop.py : Find ROP gadgets
- search.py : Intuitive search for ascii or specific bytes
Various templates that can be use during exploitation.
- template_exploit.py : Exploit
- template_fuzzer.py : Fuzzing
- template_fuzzerboo.py : Fuzzing with boofuzz