Driver Buddy Reloaded is an IDA Pro Python plugin that helps automate some tedious Windows Kernel Drivers reverse engineering tasks.

Related tags

Security related resourcesreverse-engineeringwindows-kernelidaida-pluginidapythonwindows-driverdriver-exploitation
Overview

Driver Buddy Reloaded Quickstart

Table of Contents

  1. Installation
  2. Usage
  3. About Driver Buddy Reloaded
    1. Finding DispatchDeviceControl
    2. Labelling WDM & WDF Structures
    3. Finding & Decoding IOCTL Codes
    4. Flagging Functions
    5. Finding DeviceName
    6. Dumping Pooltags
  4. Known Caveats & Limitations
  5. Credits & Acknowledgements

Installation

Copy DriverBuddyReloaded folder and DriverBuddyReloaded.py file into the IDA plugins folder ( e.g. C:\Program Files (x86)\IDA 7\plugins\) or wherever you have installed IDA.

Usage

To use the auto-analysis feature:

  1. Start IDA and load a Windows kernel driver.
  2. Go to Edit -> Plugins -> Driver Buddy Reloaded or press CTRL+ALT+A to start the auto-analysis.
  3. Check the "Output" window for the analysis results.

To decode an IOCTLs:

  1. Place the mouse cursor on the line containing a suspected IOCTL code.
  2. Right-click and select Driver Buddy Reloaded -> Decode IOCTL; alternatively press CTRL+ALT+D.

About Driver Buddy Reloaded

Driver Buddy Reloaded is an IDA Pro Python plugin that helps automate some tedious Windows Kernel Drivers reverse engineering tasks. It has a number of handy features, such as:

  • Identifying the type of the driver
  • Locating DispatchDeviceControl / DispatchInternalDeviceControl functions
  • Populating common structures for WDF and WDM drivers
    • Attempts to identify and label structures like the IRP and IO_STACK_LOCATION
    • Label calls to WDF functions that would normally be unlabeled
  • Finding and decoding IOCTL codes
  • Flagging functions prone to misuse
  • Finding potential DeviceName
  • Dumping Pooltags

Finding DispatchDeviceControl

The tool can automatically locate and identify the DispatchDeviceControl routine. This function is used to route all incoming DeviceIoControl codes to the specific driver function associated with that code. Automatically identifying this function makes finding the valid DeviceIoControl codes for each driver much quicker. Additionally, when investigating possible vulnerabilities in a driver due to a crash, knowing the location of this function helps narrow the focus to the specific function call associated with the crashing DeviceIoControl code.

When the analysis is successful some subs will be renamed as follow:

  • DriverEntry: the original first driver-supplied routine that is called after a driver is loaded. It is responsible for initializing the driver.
  • Real_Driver_Entry: usually the function where the execution from DriverEntry has been transferred to. It is usually where the DeviceName is initialized.
  • DispatchDeviceControl/DispatchInternalDeviceControl: if the tool was able to recover the functions at some specific offsets, the functions will then be renamed with the appropriate name.
  • Possible_DispatchDeviceControl_#: if the tool was not able to recover DispatchDeviceControl or DispatchInternalDeviceControl, it employs an experimental searching, following the execution flow, and checking for cases where the function is loading known IO_STACK_LOCATION & IRP addresses; indicating that the function could be the DispatchDeviceControl. As it is based on heuristic, it could return more than one result, and it is prone to false positives.

Labelling WDM and WDF Structures

Several driver structures are shared among all WDM/WDF drivers. The tool is able to automatically identify these structures, such as the IO_STACK_LOCATION, IRP, and DeviceObject structures and can help save time during the reverse engineering process and provide context to areas of the driver where these functions are in use.

Finding and Decoding IOCTL Codes

While reversing drivers, it is common to come across IOCTL codes as part of the analysis. These codes, when decoded, reveal useful information and may draw focus to specific parts of the driver where vulnerabilities are more likely to exist.

By right-clicking on a potential IOCTL code, a context menu option is presented (alternatively using the Ctrl+Alt+D shortcut when the cursor is on the line containing a suspected IOCTL code) and can be used to decode the value. This will print out a table with all decoded IOCTL codes. By right-clicking on a decoded IOCTL code, in the disassembly view, it's possible to mark it as invalid; this will leave any non-IOCTL comment intact.

If you right-click on the first instruction of the function you believe to be the IOCTL dispatcher ( DispatchDeviceControl/DispatchInternalDeviceControl/Possible_DispatchDeviceControl_#) under the Driver Buddy Reloaded menu, a โ€œDecode Allโ€ option appears, this attempt to decode all the IOCTL codes it can find in the function. This is a bit hacky but most of the time it can speed things up.

Flagging Functions

Driver Buddy Reloaded has a list of C/C++ functions and opcodes as well as Windows API that are commonly vulnerable or that can facilitate buffer overflow conditions. All found instances are reported back during the auto-analysis and can help while looking for possible user-controlled code paths reaching sensitive functions.

Finding DeviceName

The tool automatically attempts to find the drivers registered device paths (DeviceName), if no paths can be found by looking at Unicode strings inside the binary, then the analyst can manually try to use Madiantโ€™s FLOSS in an attempt to find obfuscated paths.

Dumping Pooltags

During the auto-analysis, the tool also dumps the Pooltags used by the binary in a format that works with pooltags.txt. The output can then be copy-pasted at the end of the file and later picked up by WinDbg.

Known Caveats and Limitations

  • Experimental DispatchDeviceControl searching works only for x64 drivers
  • Shortcuts are incompatible with F-Secure's win_driver_plugin

Credits and Acknowledgements

  • Created in 2021 by Paolo Stagno aka @Void_Sec:
    • Made it compatible with Python 3.x
    • Made it compatible with IDA 7.x
    • Updated C/C++ function and Windows APIs list
    • Various bug fixing
    • Various improvements
    • Integrated part of the functionalities presents in F-Secure's win_driver_plugin
  • DriverBuddy was originally written by Braden Hollembaek and Adam Pond of NCC Group.
  • Using Satoshi Tanda's IOCTL decoder.
  • The WDF functions struct is based on Red Plait's work and was ported to IDA Python by Nicolas Guigo, later updated by Braden Hollembaek and Adam Pond.
  • Using Sam Brown's F-Secure win_driver_plugin to retrieve device name and pool tags, specifically Alexander Pick fork.
  • The original code for adding items to the right-click menu (and possibly some other random snippets) came from 'herrcore'.
Comments
  • [BUG] IOCTLs with less than 10 decimal digits aren't found

    [BUG] IOCTLs with less than 10 decimal digits aren't found

    Describe the bug Any IOCTL with a code that has less than 10 decimal digits (e.g. 0x222003) won't be found by the current code.

    Expected behavior All IOCTLs should be found

    Desktop (please complete the following information):

    • OS and version: Windows 10 21H2 (19044.1586)
    • IDA version: IDA 7.7 SP1
    • DriverBuddyReloaded Version: latest (1.3)
    • Python Version: 3.9.5
    bug help wanted 
    opened by eranzim 7
  • [BUG] module 'idaapi' has no attribute 'compiled_binpat_vec_t'

    [BUG] module 'idaapi' has no attribute 'compiled_binpat_vec_t' 

    Traceback (most recent call last):
  File "C:/Program Files/IDA 7.0/plugins/DriverBuddyReloaded.py", line 465, in run
    driver_type = utils.get_driver_id(driver_entry_addr, log_file)
  File "C:/Program Files/IDA 7.0/plugins\DriverBuddyReloaded\utils.py", line 209, in get_driver_id
    populate_wdf()
  File "C:/Program Files/IDA 7.0/plugins\DriverBuddyReloaded\wdf.py", line 102, in populate_wdf
    binpat = idaapi.compiled_binpat_vec_t()
AttributeError: module 'idaapi' has no attribute 'compiled_binpat_vec_t'

    Version 7.5.201028 Windows x64 (64-bit address size)

    7.6 minimum required?

    bug 
    opened by neobenedict 6
  • [BUG] WDF Structures

    [BUG] WDF Structures

    In commit https://github.com/VoidSec/DriverBuddyReloaded/commit/43eba17ae4eaa9fca8fbaab42a8e3c273676bdf0 I've finished updating IDA's APIs and fixing breaking code changes.

    Unfortunately, despite the script is not breaking anymore, it seems that it still fails this condition at: https://github.com/VoidSec/DriverBuddyReloaded/blob/43eba17ae4eaa9fca8fbaab42a8e3c273676bdf0/DriverBuddyReloaded/wdf.py#L770

    for a reason that, at the moment, is unknown. The logic behind https://github.com/VoidSec/DriverBuddyReloaded/blob/main/DriverBuddyReloaded/wdf.py is pretty "hacky" and somewhat "obscure". In addition to that, I'm not sure that the logic detecting the WDF version at https://github.com/VoidSec/DriverBuddyReloaded/blob/43eba17ae4eaa9fca8fbaab42a8e3c273676bdf0/DriverBuddyReloaded/wdf.py#L759 makes complete sense.

    We should also update the WDF structures in order to include updated ones and keep them updated as I'm pretty sure the latest WDF version is >= 1.13.

    bug help wanted 
    opened by VoidSec 4
  • [BUG] `parse_binpat_str` expected at least 4 arguments

    [BUG] `parse_binpat_str` expected at least 4 arguments

    Describe the bug When I try to decode cdrom.sys, it will occur python warning.

    To Reproduce Steps to reproduce the behavior:

    1. use ida to reverse cdrom.sys
    2. Ctrl+Alt+A
    Traceback (most recent call last):
  File "C:/Users/raven/Desktop/ida77sp1/x64_idapronw_hexarm64w_hexarmw_hexmipsw_hexppc64w_hexppcw_hexx64w_hexx86w_220118/plugins/DriverBuddyReloaded.py", line 466, in run
    driver_type = utils.get_driver_id(driver_entry_addr, log_file)
  File "C:/Users/raven/Desktop/ida77sp1/x64_idapronw_hexarm64w_hexarmw_hexmipsw_hexppc64w_hexppcw_hexx64w_hexx86w_220118/plugins\DriverBuddyReloaded\utils.py", line 205, in get_driver_id
    populate_wdf()
  File "C:/Users/raven/Desktop/ida77sp1/x64_idapronw_hexarm64w_hexarmw_hexmipsw_hexppc64w_hexppcw_hexx64w_hexx86w_220118/plugins\DriverBuddyReloaded\wdf.py", line 753, in populate_wdf
    idx = ida_bytes.bin_search(ea, idaapi.BADADDR, ida_bytes.parse_binpat_str("KmdfLibrary"),
  File "C:\Users\raven\Desktop\ida77sp1\x64_idapronw_hexarm64w_hexarmw_hexmipsw_hexppc64w_hexppcw_hexx64w_hexx86w_220118\python\3\ida_bytes.py", line 3903, in parse_binpat_str
    return _ida_bytes.parse_binpat_str(*args)
TypeError: parse_binpat_str expected at least 4 arguments, got 1

    Expected behavior

    Screenshots If applicable, add screenshots to help explain your problem.

    Desktop (please complete the following information):

    • OS and version: Windows 11
    • IDA version IDA 7.7
    • DriverBuddyReloaded Version: HEad
    • Python Version 3.9

    Additional context Add any other context about the problem here.

    bug 
    opened by loveraven42 3
  • DriverBuddy entry does not shown in plugins menu

    DriverBuddy entry does not shown in plugins menu

    I use IDA Pro 7.6 and Python 3.10, after copying the folder and py script, it should be appeared in Edit->Plugins, but I cannot see the plugin listed?, exact for which IDA and Python versions, will this work?

    bug 
    opened by prksastry 2
  • [BUG] find opcode

    [BUG] find opcode

    find opcode sometimes print out opcodes not related with the searching

    [>] Searching for interesting opcodes...
	- Found mov     al, [rdi+rcx] in sub_231C4 at 0x0002327d
    bug 
    opened by VoidSec 1
  • feat: add addresses where finding IOCTLs

    feat: add addresses where finding IOCTLs

    It will become more convinient to have addresses where we find IOCTLs.

    Get

    [>] Searching for IOCTLs found by IDA...
0x14000b6e8        : 0x2D1400   | FILE_DEVICE_MASS_STORAGE        0x2D       | 0x500      | METHOD_BUFFERED   0    | FILE_ANY_ACCESS (0)

    instead of

    [>] Searching for IOCTLs found by IDA...
0x2D1400   | FILE_DEVICE_MASS_STORAGE        0x2D       | 0x500      | METHOD_BUFFERED   0    | FILE_ANY_ACCESS (0)
    opened by zeze-zeze 0
  • [BUG] TypeError: %d format: a number is required, not struc_t

    [BUG] TypeError: %d format: a number is required, not struc_t 

    Failed while executing plugin_t.run():
Traceback (most recent call last):
  File "D:/IDA/plugins/DriverBuddyReloaded.py", line 466, in run
    driver_type = utils.get_driver_id(driver_entry_addr, log_file)
  File "D:\IDA/plugins\DriverBuddyReloaded\utils.py", line 209, in get_driver_id
    populate_wdf()
  File "D:\IDA/plugins\DriverBuddyReloaded\wdf.py", line 759, in populate_wdf
    id = add_struct(version)
  File "D:\IDA/plugins\DriverBuddyReloaded\wdf.py", line 50, in add_struct
    idc.add_struc_member(struc, "pfnWdfChildListCreate", idc.BADADDR, idc.FF_DATA | FF_PTR, None, ptr_size)
  File "D:\IDA\python\3\idc.py", line 3919, in add_struc_member
    return eval_idc('add_struc_member(%d, "%s", %d, %d, %d, %d);' % (sid, ida_kernwin.str2user(name or ""), offset, flag, typeid, nbytes))
TypeError: %d format: a number is required, not struc_t
    bug help wanted 
    opened by VoidSec 0
  • [BUG] TypeError: in method 'get_struc', argument 1 of type 'ea_t'

    [BUG] TypeError: in method 'get_struc', argument 1 of type 'ea_t'

    Testing cdrom.sys

    Failed while executing plugin_t.run():
Traceback (most recent call last):
  File "D:/IDA/plugins/DriverBuddyReloaded.py", line 466, in run
    driver_type = utils.get_driver_id(driver_entry_addr, log_file)
  File "D:\IDA/plugins\DriverBuddyReloaded\utils.py", line 208, in get_driver_id
    populate_wdf()
  File "D:\IDA/plugins\DriverBuddyReloaded\wdf.py", line 759, in populate_wdf
    id = add_struct(version)
  File "D:\IDA/plugins\DriverBuddyReloaded\wdf.py", line 45, in add_struct
    idc.del_struc(idaapi.get_struc(id))
  File "D:\IDA\python\3\idc.py", line 3855, in del_struc
    s = ida_struct.get_struc(sid)
  File "D:\IDA\python\3\ida_struct.py", line 532, in get_struc
    return _ida_struct.get_struc(*args)
TypeError: in method 'get_struc', argument 1 of type 'ea_t'
    bug 
    opened by VoidSec 0
  • Fix use of non working function

    Fix use of non working function

    Fixed using ida_bytes.bin_search with parse_binpat_str.

    I tried to find out how to use the ida_bytes.bin_search function and parse_binpat_str and the only thing I could find was this, as soon as I found out how use it I sent this pr

    opened by harelon 0
  • Adding deprecated functions

    Adding deprecated functions

    Added deprecated/banned/dangerous functions to the list, based on existing entries and on: https://github.com/x509cert/banned/blob/master/banned.h https://github.com/tpn/winsdk-10/blob/master/Include/10.0.16299.0/shared/dontuse.h

    enhancement 
    opened by eranzim 0
  • [FEATURE] enumeration of MajorCodes

    [FEATURE] enumeration of MajorCodes

    It will be useful add the enumeration of MajorCodes

    enum Major_Codes { IRP_MJ_CREATE = 0x0, IRP_MJ_CREATE_NAMED_PIPE = 0x1, IRP_MJ_CLOSE = 0x2, IRP_MJ_READ = 0x3, IRP_MJ_WRITE = 0x4, IRP_MJ_QUERY_INFORMATION = 0x5, IRP_MJ_SET_INFORMATION = 0x6, IRP_MJ_QUERY_EA = 0x7, IRP_MJ_SET_EA = 0x8, IRP_MJ_FLUSH_BUFFERS = 0x9, IRP_MJ_QUERY_VOLUME_INFORMATION = 0xA, IRP_MJ_SET_VOLUME_INFORMATION = 0xB, IRP_MJ_DIRECTORY_CONTROL = 0xC, IRP_MJ_FILE_SYSTEM_CONTROL = 0xD, IRP_MJ_DEVICE_CONTROL = 0xE, IRP_MJ_INTERNAL_DEVICE_CONTROL = 0xF, IRP_MJ_SHUTDOWN = 0x10, IRP_MJ_LOCK_CONTROL = 0x11, IRP_MJ_CLEANUP = 0x12, IRP_MJ_CREATE_MAILSLOT = 0x13, IRP_MJ_QUERY_SECURITY = 0x14, IRP_MJ_SET_SECURITY = 0x15, IRP_MJ_QUERY_POWER = 0x16, IRP_MJ_SET_POWER = 0x17, IRP_MJ_DEVICE_CHANGE = 0x18, IRP_MJ_QUERY_QUOTA = 0x19, IRP_MJ_SET_QUOTA = 0x1A, IRP_MJ_PNP_POWER = 0x1B, IRP_MJ_MAXIMUM_FUNCTION = 0x1C, };

    If this enumeration exists in localtypes and is syncronized, you can press M in the code numbers and add the MJ function name.

    This can be converted to

    NTSTATUS __stdcall DriverEntry(_DRIVER_OBJECT *DriverObject, PUNICODE_STRING RegistryPath) { int v3; // ebx _QWORD *v4; // rcx __int64 v5; // rax struct _UNICODE_STRING DestinationString; // [rsp+40h] [rbp-28h] BYREF struct _UNICODE_STRING SymbolicLinkName; // [rsp+50h] [rbp-18h] BYREF PDEVICE_OBJECT DeviceObject; // [rsp+70h] [rbp+8h] BYREF

    DriverObject->MajorFunction[0] = (PDRIVER_DISPATCH)&Possible_DispatchDeviceControl_0; DriverObject->MajorFunction[2] = (PDRIVER_DISPATCH)&Possible_DispatchDeviceControl_0; DriverObject->MajorFunction[14] = (PDRIVER_DISPATCH)&Possible_DispatchDeviceControl_0; DriverObject->DriverStartIo = 0i64; DriverObject->DriverUnload = (PDRIVER_UNLOAD)sub_11520;

    to

    NTSTATUS __stdcall DriverEntry(_DRIVER_OBJECT *DriverObject, PUNICODE_STRING RegistryPath) { int v3; // ebx _QWORD *v4; // rcx __int64 v5; // rax struct _UNICODE_STRING DestinationString; // [rsp+40h] [rbp-28h] BYREF struct _UNICODE_STRING SymbolicLinkName; // [rsp+50h] [rbp-18h] BYREF PDEVICE_OBJECT DeviceObject; // [rsp+70h] [rbp+8h] BYREF

    DriverObject->MajorFunction[IRP_MJ_CREATE] = (PDRIVER_DISPATCH)&Possible_DispatchDeviceControl_0; DriverObject->MajorFunction[IRP_MJ_CLOSE] = (PDRIVER_DISPATCH)&Possible_DispatchDeviceControl_0; DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = (PDRIVER_DISPATCH)&Possible_DispatchDeviceControl_0; DriverObject->DriverStartIo = 0i64;

    Thanks for a good tool

    enhancement help wanted 
    opened by ricnar456 1
  • [FEATURE] Print the address where IOCTLs have been found

    [FEATURE] Print the address where IOCTLs have been found

    At the moment the table being printed does not contain the function/address where the specific "dumb" IOCTL values have been found. Adding it to the output will improve the navigability and augment the information value

    enhancement help wanted 
    opened by VoidSec 0
  • [FEATURE] Some pooltags aren't recognized

    [FEATURE] Some pooltags aren't recognized

    Describe the bug Pooltags which aren't immediate values in the correct place, but possibly propagated via a register, aren't found. Example code snippet:

    ...
mov     ebp, 'ABCD'
mov     rdx, rax        ; NumberOfBytes
mov     r8d, ebp        ; Tag
call    cs:ExAllocatePoolWithTag

    Expected behavior All Pooltags should be found

    Desktop (please complete the following information):

    • OS and version: Windows 10 21H2 (19044.1586)
    • IDA version: IDA 7.7 SP1
    • DriverBuddyReloaded Version: latest (1.3)
    • Python Version: 3.9.5
    enhancement help wanted 
    opened by eranzim 3
Releases(1.6)
Owner
Paolo 'VoidSec' Stagno
Offensive Security Researcher & Exploit Developer
Paolo 'VoidSec' Stagno
GitHub Repository https://voidsec.com/driver-buddy-reloaded
This tool was created in order to automate some basic OSINT tasks for penetration testing assingments.

This tool was created in order to automate some basic OSINT tasks for penetration testing assingments. The main feature that I haven't seen much anywhere is the downloadd google dork function where t

Tobias 5 May 31, 2022
BoobSnail allows generating Excel 4.0 XLM macro. Its purpose is to support the RedTeam and BlueTeam in XLM macro generation.

Follow us on Twitter! BoobSnail BoobSnail allows generating XLM (Excel 4.0) macro. Its purpose is to support the RedTeam and BlueTeam in XLM macro gen

STM Cyber 232 Nov 21, 2022
Meterpreter Reverse shell over TOR network using hidden services

Poiana Reverse shell over TOR network using hidden services Features - Create a hidden service - Generate non-staged payload (python/meterpreter_rev

calfcrusher 80 Dec 21, 2022
Sonoff NSPanel protocol and hacking information. Tasmota Berry driver for NSPanel

NSPanel Hacking Sonoff NSPanel protocol and hacking information and Tasmota Berry driver. NSPanel protocol manual Tasmota driver nspanel.be Installati

blakadder 98 Dec 26, 2022
Android Malware Behavior Deleter

Android Malware Behavior Deleter UDcide UDcide is a tool that provides alternative way to deal with Android malware. We help you to detect and remove

27 Sep 23, 2022
Password-Manager GUI

PASSWORD-MANAGER This repo contains all the project files. Project Description A Tkinter GUI that allows you to store website info like website name,

David .K. Danso 1 Dec 08, 2021
RedlineSpam - Python tool to spam Redline Infostealer panels with legit looking data

RedlineSpam Python tool to spam Redline Infostealer panels with legit looking da

4 Jan 27, 2022
A Tool for subdomain scan with other tools

ReconTracer A Tool for subdomain scan with other tools ReconTracer Find subdomains by using another amazing sources!. Obs: In a close future recontrac

15 Dec 18, 2021
A OSINT tool coded in python

Argus Welcome to Argus, a OSINT tool coded in python. Disclaimer I Am not responsible what you do with the information that is given to you by my tool

Aidan 2 Mar 20, 2022
OpenPort scanner GUI tool (CNMAP)

CNMAP-GUI- OpenPort scanner GUI tool (CNMAP) as you know it is the advanced tool to find open port, firewalls and we also added here heartbleed scanni

9 Mar 05, 2022
Phoenix Framework is an environment for writing, testing and using exploit code.

Phoenix Framework is an environment for writing, testing and using exploit code. ๐Ÿ–ผ Screenshots ๐ŸŽช Community PwnWiki Forums ๐Ÿ”‘ Licen

42 Aug 09, 2022
CVE-2022-22965 - CVE-2010-1622 redux

CVE-2022-22965 - vulnerable app and PoC Trial & error $ docker rm -f rce; docker build -t rce:latest . && docker run -d -p 8080:8080 --name rce rce:la

Duarte Duarte 20 Aug 25, 2022
A TCP Backdoor made in python

Tracey-Backdoor A Reverse Shell Backdoor made in python OOP. It supposed to work in Windows and Linux OS Functions: Reverse Connection Send Reverse TC

13 Oct 15, 2022
Scanning for CVE-2021-44228

Filesystem log4j_scanner for windows and Unix. Scanning for CVE-2021-44228, CVE-2021-45046, CVE-2019-17571 Requires a minimum of Python 2.7. Can be ex

Brett England 4 Jan 09, 2022
This Repository is an up-to-date version of Harvard nlp's Legacy code and a Refactoring of the jupyter notebook version as a shell script version.

This Repository is an up-to-date version of Harvard nlp's Legacy code and a Refactoring of the jupyter notebook version as a shell script version.

์‹ ์žฌ์šฑ 17 Sep 25, 2022
A local Socks5 server written in python, used for integrating Multi-hop

proxy-Zata proxy-Zata v1.0 This is a local Socks5 server written in python, used for integrating Multi-hop (Socks4/Socks5/HTTP) forward proxy then pro

4 Feb 24, 2022
A hack for writing switch statements with type annotations in Python.

py_annotation_switch A hack for writing switch statements in type annotations for Python. Why should I use this? You most definitely should not use th

6 Oct 17, 2021
This little tool is to calculate a MurmurHash value of a favicon to hunt phishing websites on the Shodan platform.

MurMurHash This little tool is to calculate a MurmurHash value of a favicon to hunt phishing websites on the Shodan platform. What is MurMurHash? Murm

Viral Maniar 87 Dec 31, 2022
A Feature Rich Modular Malware Configuration Extraction Utility for MalDuck

Malware Configuration Extractor A Malware Configuration Extraction Tool and Modules for MalDuck This project is FREE as in FREE ๐Ÿบ , use it commercial

c3rb3ru5 103 Dec 18, 2022
Spring-0day/CVE-2022-22965

CVE-2022-22965 Spring Framework/CVE-2022-22965 Vulnerability ID: CVE-2022-22965/CNVD-2022-23942/QVD-2022-1691 Reproduce the vulnerability docker pull

iak 4 Apr 05, 2022