├── Burp.md
├── Chrome.md
├── Firefox.md
├── IDA.md
├── Immunity.md
├── LICENSE
├── OSINT.md
├── OllyDbg.md
├── README.md
├── ThreatIntel.md
└── Volatility-Framework.md


/Burp.md:
--------------------------------------------------------------------------------
  1 | ## Burp Plugins
  2 | 
  3 | ### [ActiveScan++](https://github.com/albinowax/ActiveScanPlusPlus)
  4 | ActiveScan++ extends Burp Suite's active and passive scanning capabilities.
  5 | 
  6 | ### [AMFDSer-ngng](https://github.com/nccgroup/AMFDSer-ngng)
  7 | A Burp Extender plugin, that will take deserialized AMF objects and encode them in XML using the Xtream library
  8 | 
  9 | ### [Airachnid-Burp-Extension](https://github.com/SpiderLabs/Airachnid-Burp-Extension)
 10 | A Burp Extension to test applications for vulnerability to the Web Cache Deception attack
 11 | 
 12 | ### [AWS-Extender](https://github.com/VirtueSecurity/aws-extender)
 13 | BurpSuite extension to identify and test S3 buckets as well as Google Storage buckets and Azure Storage containers for common misconfiguration issues using the boto/boto3 SDK library
 14 | 
 15 | ### [BountyHelper](https://github.com/redr2e/bountyHelper)
 16 | Burp plugin to help bug hunters identify possible parameters vulnerable to XSS reflected attacks
 17 | 
 18 | ### [BurpAuthzPlugin](https://github.com/wuntee/BurpAuthzPlugin)
 19 | Burp plugin to test for authorization flaws
 20 | 
 21 | ### [BurpHMAC](https://github.com/malcomvetter/BurpHmac)
 22 | An HMAC authentication header plugin for Burp Proxy, written in Python.
 23 | 
 24 | ### [Burp-Hunter](https://github.com/mystech7/Burp-Hunter)
 25 | XSS Hunter Burp Plugin
 26 | 
 27 | ### [BurpJDSer-ng-edited](https://github.com/federicodotta/BurpJDSer-ng-edited)
 28 | Burp Suite plugin that allow to deserialize Java objects and convert them in an XML format. Unpack also gzip responses. Based on BurpJDSer-ng of omercnet.
 29 | 
 30 | ### [BurpNotesExtension](https://github.com/SpiderLabs/BurpNotesExtension)
 31 | Burp Notes Extension is a plugin for Burp Suite that adds a Notes tab. The tool aims to better organize external files that are created during penetration testing.
 32 | 
 33 | ### [Burp-OAUTH](https://github.com/dnet/burp-oauth)
 34 | OAuth plugin for Burp Suite Extender
 35 | 
 36 | ### [BurpPlugins](https://github.com/singleghost/BurpPlugins)
 37 | This repository contains
 38 | - Base32Decode
 39 | - assassin
 40 | - dictionary_generator
 41 | - unicode_decode
 42 | - bing_search
 43 | 
 44 | ### [Burp-ysoserial](https://github.com/summitt/burp-ysoserial)
 45 | YSOSERIAL Integration with burp suite
 46 | 
 47 | ### [CSRF-PoC-plugin](https://github.com/HanLee/Burp-Suite-CSRF-PoC-plugin)
 48 | Creates a CSRF PoC with in a jiffy
 49 | 
 50 | ### [convertJavaToPython](https://github.com/artran/burp-plugins)
 51 | Tool to convert the Java Interface definitions into Python definitions to make PyCharm (etc) a little quieter.
 52 | 
 53 | ### [CSP-Bypass](https://github.com/moloch--/CSP-Bypass)
 54 | A Burp Plugin for Detecting Weaknesses in Content Security Policies
 55 | 
 56 | ### [Deflate-Burp-Plugin](https://github.com/GDSSecurity/Deflate-Burp-Plugin)
 57 | The Deflate Burp Plugin is a plug-in for Burp Proxy (it implements the IBurpExtender interface) that decompresses HTTP response content in the ZLIB (RFC1950) and DEFLATE (RFC1951) compression formats.
 58 | 
 59 | ### [DSXS-SQLMap-Plugin](https://github.com/arirubinstein/Burp-DSXS-Sqlmap-Plugin)
 60 | Integration Plugin for stamparam's DSXS scanner
 61 | 
 62 | ### [EasyCSRF](https://github.com/0ang3el/EasyCSRF)
 63 | Helps to find weak CSRF-protection in WebApp which can be easily bypassed
 64 | 
 65 | ### [G2Plugins](https://github.com/gheld/burp-g2plugins)
 66 | Plugin Collection for BURP related to black-box pentesting
 67 | 
 68 | ### [GWT-Scan](https://github.com/augustd/burp-suite-gwt-scan)
 69 | Burp Suite plugin identifies insertion points for GWT (Google Web Toolkit) requests
 70 | 
 71 | ### [Handy Collaborator](https://github.com/federicodotta/HandyCollaborator)
 72 | Burp Suite plugin created for using Collaborator tool during manual testing
 73 | 
 74 | ### [HeaderScan](https://github.com/drk1wi/HeaderScan)
 75 | HeaderScan is a Burp Pro plugin that extends a scope of an automated web scan with some very promising entry points.
 76 | 
 77 | ### [Headless-Burp](https://github.com/NetsOSS/headless-burp)
 78 | Provides a suite of Burp extensions and a maven plugin to automate security tests using BurpSuite.
 79 | 
 80 | ### [Hiccupy](https://github.com/iSECPartners/hiccupy)
 81 | Jython binding for Burp to facilitate realtime traffic analysis and modification using simple plugins.
 82 | 
 83 | ### [HTTP-Script-Generator](https://github.com/h3xstream/http-script-generator)
 84 | ZAP/Burp plugin that generate script to reproduce a specific HTTP request (Intended for fuzzing or scripted attacks).
 85 | 
 86 | ### [IBM-WebSphere-Portlet-Decoder](https://github.com/AccuvantLabs-Appsec/burp-IBM-WebSphere-Portlet-Decoder)
 87 | BurpSuite plugin for decoding IBM WebSphere Portlet States.
 88 | 
 89 | ### [ImageLocationScanner](https://github.com/veggiespam/ImageLocationScanner)
 90 | Scan for GPS location exposure in images with this Burp & ZAP plugin.
 91 | 
 92 | ### [Image-Size](https://github.com/silentsignal/burp-image-size)
 93 | Image size issues plugin for Burp Suite.
 94 | 
 95 | ### [Image-Metadata](https://github.com/h3xstream/burp-image-metadata)
 96 | Burp and ZAP plugin that display image metadata (JPEG Exif or PNG text chunk).
 97 | 
 98 | ### [J2EEScan](https://github.com/ilmila/J2EEScan)
 99 | J2EEScan is a plugin for Burp Suite Proxy. The goal of this plugin is to improve the test coverage during web application penetration tests on J2EE applications.
100 | 
101 | ### [Java-Deserialization-Scanner](https://github.com/federicodotta/Java-Deserialization-Scanner)
102 | All-in-one plugin for Burp Suite for the detection and the exploitation of Java deserialization vulnerabilities.
103 | 
104 | ### [JDSer-ngng](https://github.com/nccgroup/JDSer-ngng)
105 | A Burp Extender plugin, that will deserialized java objects and encode them in XML using the Xtream library.
106 | 
107 | ### [JSON_Beautifier](https://github.com/4ARMED/burp_plugins/)
108 | This plugin provides a JSON tab with beautified representation of the request/response.
109 | 
110 | ### [JSON-Array](https://github.com/silentsignal/burp-json-array)
111 | JSON Array issues plugin for Burp Suite.
112 | 
113 | ### [Luhn-Payload-Processor](https://github.com/EnableSecurity/burp-luhn-payload-processor)
114 | A plugin for Burp Suite Pro to work with attacker payloads and automatically generate check digits for credit card numbers and similar numbers that end with a check digit generated using the Luhn algorithm or formula (also known as the "modulus 10" or "mod 10" algorithm).
115 | 
116 | ### [MailPhisher](https://github.com/shpendk/mailphisher)
117 | A burp plugin written in python to check for email content injection vulnerabilities.
118 | 
119 | ### [Minesweeper](https://github.com/codingo/Minesweeper)
120 | A burp plugin to aid in the detection of scripts being loaded from over 3200 malicious cryptocurrency mining domains (cryptojacking).
121 | 
122 | ### [MultiDEC](https://github.com/aglane/BurpMultiDEC)
123 | A multi-tabbed encoder/decoder plugin.
124 | 
125 | ### [PassiveXssScan](https://github.com/jkadijk/burp-plugins)
126 | Searches for parameters that are reflected back to make searching for reflected XSS just a bit easier/faster.
127 | 
128 | ### [PwnBack](https://github.com/k4ch0w/PwnBack/)
129 | Burp Extender plugin that generates a sitemap of a website using Wayback Machine
130 | 
131 | ### [PyBurp](https://github.com/icewall/PyBurp)
132 | Jython Plugins and Plugins Manager for Burp.
133 | 
134 | ### [Requests](https://github.com/silentsignal/burp-requests)
135 | Copy as requests plugin for Burp Suite. Copies selected request(s) as Python requests invocation.
136 | 
137 | ### [RequestUtils](https://github.com/frohoff/burp-plugin-requestutils)
138 | Plugin for manipulating requests in PortSwigger Burp Suite Pro v1.5+.
139 | 
140 | ### [RhinAuditor](https://github.com/h3xstream/rhinauditor)
141 | Static analyzer for JavaScript aiming for security bugs. (ZAP/Burp plugin)
142 | 
143 | ### [SAML](https://github.com/chrismsnz/burp_saml)
144 | Plugin for Burp to allow viewing and editing of intercepted SAML messages.
145 | 
146 | ### [Sentinel](https://github.com/dobin/BurpSentinel)
147 | GUI Burp Plugin to ease discovering of security holes in web applications.
148 | 
149 | ### [SessionAuthTool](https://github.com/thomaspatzke/Burp-SessionAuthTool)
150 | Burp plugin which supports in finding privilege escalation vulnerabilities.
151 | 
152 | ### [SQLdude](https://github.com/faffi/sqldude)
153 | Burp plugin to turn requests into sqlmap commands.
154 | 
155 | ### [SQLiPy](https://github.com/codewatchorg/sqlipy)
156 | SQLiPy is a Python plugin for Burp Suite that integrates SQLMap using the SQLMap API.
157 | 
158 | ### [WebSphere-Portlet-State-Decoder](https://github.com/faffi/WebSphere-Portlet-State-Decoder)
159 | WebSphere Portlet State Decoder plugin for Burp.
160 | 
161 | ### [WCFDSer-ngng](https://github.com/nccgroup/WCFDSer-ngng)
162 | A Burp Extender plugin, that will make binary soap objects readable and modifiable.
163 | 
164 | ### [WSDLWizard](https://github.com/SmeegeSec/WSDLWizard)
165 | WSDL Wizard is a Burp Suite plugin written in Python to detect current and discover new WSDL (Web Service Definition Language) files.
166 | 
167 | ### [xssValidator](https://github.com/nVisium/xssValidator)
168 | Burp intruder extender that is designed for automation and validation of XSS vulnerabilities.
169 | 
170 | ## Misc
171 | 
172 | ### [carbonator](https://github.com/integrissecurity/carbonator)
173 | Integris Security Carbonator - The Burp Suite Pro extension that automates scope, spider & scan from the command line. Carbonator helps automate the vulnerability scanning of web applications. Either 1 or 100 web applications can be scanned by issuing a single command. Carbonator is now available from within Burp Suite Pro through the BApp Store.
174 | 
175 | ### [Dradis-Burp](https://github.com/dradis/dradis-burp)
176 | Burp Suite plugin for the Dradis Framework http://dradisframework.org
177 | 
178 | ### [Hiccup](https://github.com/zynga/hiccup)
179 | Hiccup is a framework that allows the Burp Suite (a web application security testing tool, http://portswigger.net/burp/) to be extended and customized, through the interface provided by Burp Extender (http://portswigger.net/burp/extender/). Its aim is to allow for the development and integration of custom testing functionality into the Burp tool using Python request/response handler plugins.
180 | 


--------------------------------------------------------------------------------
/Chrome.md:
--------------------------------------------------------------------------------
 1 | ## Chrome Plugins
 2 | 
 3 | ### SecApps
 4 | 
 5 | Secapps Suite is a penetration testing toolkit that is also available as add-on for Firefox. SecApps Suite can detect most common vulnerabilities in web applications. This tool can easily detect XSS, SQL injection and other web application vulnerability. Unlike other listed tools, it is a complete penetration testing tool in itself available as a browser add-on. It gives most of the features available in standalone tool.
 6 | 
 7 | **Chrome**: https://chrome.google.com/webstore/detail/secapps/cimdepkgkehkfalgddeedonnjaciffga
 8 | 
 9 | ### Cookie Editor
10 | 
11 | Edit and manage cookies in-broweser with one click. This tool helps quickly find out information about your cookies and change it.
12 | 
13 | **Chrome**: https://chrome.google.com/webstore/detail/cookie-editor/hlkenndednhfkekhgcdicdfddnkalmdm?hl=en
14 | 


--------------------------------------------------------------------------------
/Firefox.md:
--------------------------------------------------------------------------------
  1 | ## Firefox Plugins
  2 | 
  3 | ### Access Me
  4 | 
  5 | Access Me is an add-on for security testing professionals. This add-on is developed by the company that works on XSS Me and SQL Inject Me. Access Me is the can Exploit-Me tool used for testing access vulnerabilities in web applications. This tool works by sending several versions of page requests. A request using the HTTP HEAD verb and a request using a made up SECCOM verb will be sent. A combination of session and HEAD/SECCOM will also be sent.
  6 | 
  7 | **Firefox:** https://addons.mozilla.org/en-US/firefox/addon/access-me/
  8 | 
  9 | ### Add N Edit Cookies
 10 | 
 11 | “Add N Edit Cookies” is a cookie editing add-on that allows you to add and edit cookies data in your browser. With this tool, you can easily add session data manually in cookies. This tool is performed in session hijacking attack when you have the active cookies of the user. Edit your cookies to add the data and hijack the account.
 12 | 
 13 | **Firefox:** https://addons.mozilla.org/en-US/firefox/addon/add-n-edit-cookies-13793/
 14 | 
 15 | ### Cookie Manager +
 16 | 
 17 | Cookies manager to view, edit and create new cookies. It also shows extra information about cookies, allows edit multiple cookies at once and backup/restore them.
 18 | 
 19 | **Firefox:** https://addons.mozilla.org/en-US/firefox/addon/cookies-manager-plus/
 20 | 
 21 | ### CryptoFox
 22 | CryptoFox is an encryption or decryption tool for Mozilla Firefox. It supports most of the available encryption algorithm. So, you can easily encrypt or decrypt data with supported encryption algorithm. This add-on comes with dictionary attack support, to crack MD5 cracking passwords. Although, it hasn’t have good reviews, it works satisfactorily.
 23 | 
 24 | **Firefox:** https://addons.mozilla.org/en-US/firefox/addon/cryptofox/
 25 | 
 26 | ### Firebug
 27 | 
 28 | Firebug is a nice add-on that integrates a web development tool inside the browser. With this tool, you can edit and debug HTML, CSS and JavaScript live in any webpage to see the effect of changes. It helps in analyzing JS files to find XSS vulnerabilities. It’s an really helpful add-on in finding DOM based XSS for security testing professionals.
 29 | 
 30 | **Firefox:** https://addons.mozilla.org/en-US/firefox/addon/firebug/
 31 | 
 32 | ### FoxyProxy
 33 | 
 34 | FoxyProxy is an advanced proxy management tool that completely replaces Firefox's limited proxying capabilities. It is a set of proxy and VPN management tools for OS/X, Windows, iOS, Android, Chrome, Firefox, and Linux. They also offer premium reliable, high-bandwidth VPN and proxy servers in 60 different countries.  For a simpler tool and less advanced configuration options, please use FoxyProxy Basic.
 35 | 
 36 | **Firefox:** https://addons.mozilla.org/en-us/firefox/addon/foxyproxy-standard/
 37 | 
 38 | **Website:** http://getfoxyproxy.org/
 39 | 
 40 | ### FlagFox
 41 | 
 42 | FlagFox is another interesting add-on. Once installed in the browser, it displays the country’s flag to tell the location of the web server. It also comes with other tools like whois, WOT scorecard and ping.
 43 | 
 44 | **Firefox:** https://addons.mozilla.org/en-us/firefox/addon/flagfox/
 45 | 
 46 | ### Grease Monkey
 47 | 
 48 | Allows you to customize the way a web page displays or behaves, by using small bits of JavaScript.
 49 | You can write your own scripts, too. Check out http://wiki.greasespot.net/ to get started.
 50 | 
 51 | **Firefox:** https://addons.mozilla.org/en-US/firefox/addon/greasemonkey/
 52 | 
 53 | ### HackBar
 54 | 
 55 | This toolbar will help you in testing sql injections, XSS holes and site security. It is NOT a tool for executing standard exploits and it will NOT teach you how to hack a site. Its main purpose is to help a developer do security audits on his code. If you know what your doing, this toolbar will help you do it faster.
 56 | 
 57 | **Firefox:** https://addons.mozilla.org/en-US/firefox/addon/hackbar/
 58 | 
 59 | ### Live HTTP Headers
 60 | 
 61 | View HTTP headers of a page and while browsing.
 62 | 
 63 | **Firefox:** https://addons.mozilla.org/en-us/firefox/addon/live-http-headers/
 64 | 
 65 | ### No Script
 66 | 
 67 | The NoScript Firefox extension provides extra protection for Firefox, Seamonkey and other mozilla-based browsers: this free, open source add-on allows JavaScript, Java, Flash and other plugins to be executed only by trusted web sites of your choice (e.g. your online bank).
 68 | 
 69 | NoScript also provides the most powerful anti-XSS and anti-Clickjacking protection ever available in a browser.
 70 | 
 71 | **Website:** http://noscript.net/
 72 | 
 73 | ### Offsec Exploit-db Search
 74 | 
 75 | This is another plugin similar to the last two above. It also lets users search for vulnerabilities and exploits listed in exploit-db.com. This website is always up-to-date with latest exploits and vulnerability details.
 76 | 
 77 | **Firefox:** https://addons.mozilla.org/en-us/firefox/addon/offsec-exploit-db-search/
 78 | 
 79 | ### Packet Storm search plugin
 80 | 
 81 | This is another search plugin that lets users search for tools and exploits from packetstormsecurity.org. The website offers free up-to-date security tools, exploits and advisories.
 82 | 
 83 | **Firefox:** https://addons.mozilla.org/en-us/firefox/addon/packet-storm-search-plugin/
 84 | 
 85 | ### SecApps
 86 | 
 87 | Secapps Suite is a penetration testing toolkit that is also available as add-on for Firefox. SecApps Suite can detect most common vulnerabilities in web applications. This tool can easily detect XSS, SQL injection and other web application vulnerability. Unlike other listed tools, it is a complete penetration testing tool in itself available as a browser add-on. It gives most of the features available in standalone tool.
 88 | 
 89 | **Firefox:** https://addons.mozilla.org/en-us/firefox/addon/secapps/
 90 | 
 91 | ### SecurityFocus Vulnerabilities search plugin
 92 | 
 93 | SecurityFocus Vulnerabilities search plugin, is not a security tool but a search plugin that lets users search for vulnerabilities from the Security Focus database.
 94 | 
 95 | **Firefox:** https://addons.mozilla.org/en-us/firefox/addon/securityfocus-vulnerabilities-/
 96 | 
 97 | ### Snort IDS Rule Search
 98 | 
 99 | Snort IDS Rule Search is another search add-on for Firefox. It lets users search for Snort IDS rules on the snort.org website. Snort is the most widely deployed IDS/IPS technology worldwide. It’s an open source network Intrusion prevention and detection system with more than 400,000 users.
100 | 
101 | **Firefox:** https://addons.mozilla.org/en-US/firefox/addon/snort-ids-rule-search/
102 | 
103 | ### SQL Inject Me
104 | 
105 | SQL Inject Me is the Exploit-Me tool used to test for SQL Injection vulnerabilities.  The tool works by submitting your HTML forms and substituting the form value with strings that are representative of an SQL Injection attack.
106 | The tool works by sending database escape strings through the form fields. It then looks for database error messages that are output into the rendered HTML of the page.
107 | 
108 | **Firefox:** https://addons.mozilla.org/en-US/firefox/addon/sql-inject-me/
109 | 
110 | ### Tamper Data
111 | 
112 | Tamper Data is similar to the Live HTTP Header add-on but, has header editing capabilities. With the tamper data add-on, you can view and modify HTTP/HTTPS headers and post parameters. Thus it helps in security testing web application by modifying POST parameters. It can be used in performing XSS and SQL Injection attacks by modifying header data.
113 | 
114 | **Firefox:** https://addons.mozilla.org/en-US/firefox/addon/tamper-data/
115 | 
116 | ### User Agent Switcher
117 | 
118 | The User Agent Switcher extension adds a menu and a toolbar button to switch the user agent of a browser.
119 | 
120 | **Firefox:** https://addons.mozilla.org/en-US/firefox/addon/user-agent-switcher/
121 | 
122 | ### Web Developer Toolbar
123 | 
124 | The Web Developer extension adds various web developer tools to the browser.
125 | 
126 | **Firefox:** https://addons.mozilla.org/en-US/firefox/addon/web-developer/
127 | 
128 | ### XSS Me
129 | 
130 | XSS-Me is the Exploit-Me tool used to test for reflected Cross-Site Scripting (XSS). It does NOT currently test for stored XSS. The tool works by submitting your HTML forms and substituting the form value with strings that are representative of an XSS attack.
131 | 
132 | **Firefox:** https://addons.mozilla.org/en-US/firefox/addon/xss-me/
133 | 


--------------------------------------------------------------------------------
/IDA.md:
--------------------------------------------------------------------------------
 1 | ## IDA
 2 | 
 3 | ### [BinDiffFilter](https://github.com/icewall/BinDiffFilter)
 4 | IDA Pro plugin making easier work on BinDiff results.
 5 | 
 6 | ### [Codemap](https://github.com/c0demap/codemap)
 7 | Codemap is a binary analysis tool for "run-trace visualization" provided as IDA plugin.
 8 | 
 9 | ### [EFIUtils](https://github.com/snare/ida-efiutils)
10 | Some scripts for IDA Pro to assist with reverse engineering EFI binaries
11 | 
12 | ### [EsetPlugins](https://github.com/deroko/esetplugins)
13 | IDA processor/loader for EsetCrackme 2015.
14 | 
15 | ### [IDA](https://github.com/Rupan/ida)
16 | Miscellaneous IDA scripts and projects.
17 | 
18 | ### [IDAemu](https://github.com/36hours/idaemu)
19 | idaemu is an IDA Pro Plugin - use for emulating code in IDA Pro.
20 | 
21 | ### [IDAmetrics](https://github.com/MShudrak/IDAmetrics)
22 | IDA plugin for software complexity metrics assessment.
23 | 
24 | ### [IDAref](https://github.com/nologic/idaref)
25 | IDA Pro Full Instruction Reference Plugin - It's like auto-comments but useful.
26 | 
27 | ### [IDASkins](https://github.com/zyantific/IDASkins)
28 | Advanced skinning plugin for IDA Pro
29 | 
30 | ### [IDA Swift Demangle](https://github.com/gsingh93/ida-swift-demangle)
31 | An IDA plugin to demangle Swift function names.
32 | 
33 | ### [joseph](https://github.com/hustlelabs/joseph)
34 | IDA Viewer Plugins
35 | 
36 | ### [labeless](https://github.com/a1ext/labeless)
37 | Labeless is a plugin system for dynamic, seamless and realtime synchronization between IDA Database and Olly. It consists of two parts: IDA plugin and OllyDbg plugin.
38 | 
39 | ### [NRS](https://github.com/isra17/nrs)
40 | NRS is a set of Python librairies used to unpack and analysis NSIS installer's data. It also feature an IDA plugin used to disassembly the NSIS Script of an installer.
41 | 
42 | ### [Reversing](https://github.com/mandiant/Reversing)
43 | This repository contains a collection of IDA Pro scripts and plugins.
44 | 
45 | ### [sk3wldbg](https://github.com/cseagle/sk3wldbg)
46 | Debugger plugin for IDA Pro backed by the Unicorn Engine.
47 | 
48 | ### [WWCD](https://github.com/sektioneins/WWCD)
49 | What Would Capstone Decode - IDA plugin that implements a Capstone powered IDA view.


--------------------------------------------------------------------------------
/Immunity.md:
--------------------------------------------------------------------------------
 1 | ## Immunity Debugger
 2 | 
 3 | ### [autobreak-api](https://github.com/MalWerewolf/autobreak-api)
 4 | Immunity Debugger PyCommand to parse a PE and set breakpoints on all imported functions
 5 | 
 6 | ### [heaper](https://github.com/stevenseeley/heaper)
 7 | An advanced heap analysis plugin for Immunity Debugger
 8 | 
 9 | ### [immDBG.pyscript](https://github.com/leakerlee/immDBG.pyscript)
10 | Immunity Debugger python script for TLS parsing
11 | 
12 | ### [imm-taint-trace](https://github.com/isislab/imm-taint-trace)
13 | A taint tracer written via Immunity's plugin system. Taint is tracked on registers and memory locations. Currently, ~40 commonly used instructions are implemented.
14 | 
15 | ### [ImmunityDbgPyCommands](https://github.com/Whistle/ImmunityDbgPyCommands)
16 | Script that tracks libs. It waits till the lib is loaded and then automatically sets breakpoints on every exported function
17 | 
18 | ### [ImmunityDebugger](https://github.com/kbandla/ImmunityDebugger)
19 | A repository of Immunity Debugger releases
20 | 
21 | ### [ImmunityDebuggerScripts](https://github.com/kbandla/ImmunityDebuggerScripts)
22 | PyCommands and other scripts for Immunity Debugger related to binary analysis
23 | 
24 | ### [immunity_dbg_plugins](https://github.com/sumit-1/immunity_dbg_plugins)
25 | Bad Character Hunter
26 | 
27 | ### [Immunity-py](https://github.com/JohnTroony/Immunity-py)
28 | A collection of some Immunity Debugger Python Scripts
29 | 
30 | ### [immunity_pycommands](https://github.com/hasherezade/immunity_pycommands)
31 | Immunity Debugger PyCommands
32 | 
33 | ### [immdbg-pycommands](https://github.com/adrianherrera/immdbg-pycommands)
34 | Collection of PyCommands for Immunity Debugger
35 | 
36 | ### [immunity_scripts](https://github.com/theevilbit/immunity_scripts)
37 | Short script to patch the various functions, locations to avoid Debugger detection.
38 | 
39 | ### [Plugme-Immunity](https://github.com/JohnTroony/Plugme-Immunity)
40 | Immunity Debugger Plugins
41 | 
42 | ### [pycommands](https://github.com/fireeye/pycommands)
43 | PyCommand Scripts for Immunity Debugger
44 | 
45 | ## Others
46 | 
47 | ### [ollydbg-immunitydbg-exporter](https://github.com/zynamics/ollydbg-immunitydbg-exporter)
48 | Exporters for OllyDbg and ImmunityDbg for use with zynamics BinNavi <= 3.0
49 | 
50 | ### [bindiff-ruby](https://github.com/aking1012/bindiff-ruby)
51 | A binary diff utility for patch analysis that uses Immunity Debugger


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
  1 | CC0 1.0 Universal
  2 | 
  3 | Statement of Purpose
  4 | 
  5 | The laws of most jurisdictions throughout the world automatically confer
  6 | exclusive Copyright and Related Rights (defined below) upon the creator and
  7 | subsequent owner(s) (each and all, an "owner") of an original work of
  8 | authorship and/or a database (each, a "Work").
  9 | 
 10 | Certain owners wish to permanently relinquish those rights to a Work for the
 11 | purpose of contributing to a commons of creative, cultural and scientific
 12 | works ("Commons") that the public can reliably and without fear of later
 13 | claims of infringement build upon, modify, incorporate in other works, reuse
 14 | and redistribute as freely as possible in any form whatsoever and for any
 15 | purposes, including without limitation commercial purposes. These owners may
 16 | contribute to the Commons to promote the ideal of a free culture and the
 17 | further production of creative, cultural and scientific works, or to gain
 18 | reputation or greater distribution for their Work in part through the use and
 19 | efforts of others.
 20 | 
 21 | For these and/or other purposes and motivations, and without any expectation
 22 | of additional consideration or compensation, the person associating CC0 with a
 23 | Work (the "Affirmer"), to the extent that he or she is an owner of Copyright
 24 | and Related Rights in the Work, voluntarily elects to apply CC0 to the Work
 25 | and publicly distribute the Work under its terms, with knowledge of his or her
 26 | Copyright and Related Rights in the Work and the meaning and intended legal
 27 | effect of CC0 on those rights.
 28 | 
 29 | 1. Copyright and Related Rights. A Work made available under CC0 may be
 30 | protected by copyright and related or neighboring rights ("Copyright and
 31 | Related Rights"). Copyright and Related Rights include, but are not limited
 32 | to, the following:
 33 | 
 34 |   i. the right to reproduce, adapt, distribute, perform, display, communicate,
 35 |   and translate a Work;
 36 | 
 37 |   ii. moral rights retained by the original author(s) and/or performer(s);
 38 | 
 39 |   iii. publicity and privacy rights pertaining to a person's image or likeness
 40 |   depicted in a Work;
 41 | 
 42 |   iv. rights protecting against unfair competition in regards to a Work,
 43 |   subject to the limitations in paragraph 4(a), below;
 44 | 
 45 |   v. rights protecting the extraction, dissemination, use and reuse of data in
 46 |   a Work;
 47 | 
 48 |   vi. database rights (such as those arising under Directive 96/9/EC of the
 49 |   European Parliament and of the Council of 11 March 1996 on the legal
 50 |   protection of databases, and under any national implementation thereof,
 51 |   including any amended or successor version of such directive); and
 52 | 
 53 |   vii. other similar, equivalent or corresponding rights throughout the world
 54 |   based on applicable law or treaty, and any national implementations thereof.
 55 | 
 56 | 2. Waiver. To the greatest extent permitted by, but not in contravention of,
 57 | applicable law, Affirmer hereby overtly, fully, permanently, irrevocably and
 58 | unconditionally waives, abandons, and surrenders all of Affirmer's Copyright
 59 | and Related Rights and associated claims and causes of action, whether now
 60 | known or unknown (including existing as well as future claims and causes of
 61 | action), in the Work (i) in all territories worldwide, (ii) for the maximum
 62 | duration provided by applicable law or treaty (including future time
 63 | extensions), (iii) in any current or future medium and for any number of
 64 | copies, and (iv) for any purpose whatsoever, including without limitation
 65 | commercial, advertising or promotional purposes (the "Waiver"). Affirmer makes
 66 | the Waiver for the benefit of each member of the public at large and to the
 67 | detriment of Affirmer's heirs and successors, fully intending that such Waiver
 68 | shall not be subject to revocation, rescission, cancellation, termination, or
 69 | any other legal or equitable action to disrupt the quiet enjoyment of the Work
 70 | by the public as contemplated by Affirmer's express Statement of Purpose.
 71 | 
 72 | 3. Public License Fallback. Should any part of the Waiver for any reason be
 73 | judged legally invalid or ineffective under applicable law, then the Waiver
 74 | shall be preserved to the maximum extent permitted taking into account
 75 | Affirmer's express Statement of Purpose. In addition, to the extent the Waiver
 76 | is so judged Affirmer hereby grants to each affected person a royalty-free,
 77 | non transferable, non sublicensable, non exclusive, irrevocable and
 78 | unconditional license to exercise Affirmer's Copyright and Related Rights in
 79 | the Work (i) in all territories worldwide, (ii) for the maximum duration
 80 | provided by applicable law or treaty (including future time extensions), (iii)
 81 | in any current or future medium and for any number of copies, and (iv) for any
 82 | purpose whatsoever, including without limitation commercial, advertising or
 83 | promotional purposes (the "License"). The License shall be deemed effective as
 84 | of the date CC0 was applied by Affirmer to the Work. Should any part of the
 85 | License for any reason be judged legally invalid or ineffective under
 86 | applicable law, such partial invalidity or ineffectiveness shall not
 87 | invalidate the remainder of the License, and in such case Affirmer hereby
 88 | affirms that he or she will not (i) exercise any of his or her remaining
 89 | Copyright and Related Rights in the Work or (ii) assert any associated claims
 90 | and causes of action with respect to the Work, in either case contrary to
 91 | Affirmer's express Statement of Purpose.
 92 | 
 93 | 4. Limitations and Disclaimers.
 94 | 
 95 |   a. No trademark or patent rights held by Affirmer are waived, abandoned,
 96 |   surrendered, licensed or otherwise affected by this document.
 97 | 
 98 |   b. Affirmer offers the Work as-is and makes no representations or warranties
 99 |   of any kind concerning the Work, express, implied, statutory or otherwise,
100 |   including without limitation warranties of title, merchantability, fitness
101 |   for a particular purpose, non infringement, or the absence of latent or
102 |   other defects, accuracy, or the present or absence of errors, whether or not
103 |   discoverable, all to the greatest extent permissible under applicable law.
104 | 
105 |   c. Affirmer disclaims responsibility for clearing rights of other persons
106 |   that may apply to the Work or any use thereof, including without limitation
107 |   any person's Copyright and Related Rights in the Work. Further, Affirmer
108 |   disclaims responsibility for obtaining any necessary consents, permissions
109 |   or other rights required for any use of the Work.
110 | 
111 |   d. Affirmer understands and acknowledges that Creative Commons is not a
112 |   party to this document and has no duty or obligation with respect to this
113 |   CC0 or use of the Work.
114 | 
115 | For more information, please see
116 | <http://creativecommons.org/publicdomain/zero/1.0/>
117 | 


--------------------------------------------------------------------------------
/OSINT.md:
--------------------------------------------------------------------------------
 1 | ## OSINT Browser Plugins
 2 | 
 3 | ### Firefox
 4 | 
 5 | #### [Bitref](https://addons.mozilla.org/en-US/firefox/addon/bitref/)
 6 | BitRef will help you view the current balance of any Bitcoin address. Just type: "btc [space or tab] bitcoin_address" in Firefox's address bar. This is the easiest and fastest way to check balance of any Bitcoin address.
 7 | 
 8 | #### [Distill Web Monitor](https://addons.mozilla.org/en-US/firefox/addon/alertbox/) (formerly AlertBox)
 9 | Distill runs in your browser to check monitored pages for changes. Get instant alerts as soon as a change is detected
10 | 
11 | #### [DownThemAll](https://addons.mozilla.org/en-US/firefox/addon/downthemall/)
12 | DownThemAll is fast, reliable and easy-to-use! It lets you download all the links or images contained in a webpage and much more: you can refine your downloads by fully customizable criteria to get only what you really want! Be in full control over your downloads, dedicated speed and number of parallel connections at any time. Use Metalinks or add mirrors manually to download a file from different servers at the same time.
13 | 
14 | #### [Flag Fox](https://addons.mozilla.org/en-US/firefox/addon/flagfox/)
15 | Displays a country flag depicting the location of the current website's server and provides a multitude of tools such as site safety checks, whois, translation, similar sites, validation, URL shortening, and more..
16 | 
17 | #### [Imacros](https://addons.mozilla.org/en-US/firefox/addon/imacros-for-firefox/)
18 | Automate Firefox. Record and replay repetitive tasks. If you're tired of manually visiting the same sites, filling out forms, downloading files and extracting data, then iMacros is for you! Save time, effort and money with iMacros browser automation!
19 | 
20 | #### [Image Zoom](https://addons.mozilla.org/en-US/firefox/addon/image-zoom/)
21 | Adds zoom and rotation functionality for images
22 | 
23 | #### [Img2tab](https://addons.mozilla.org/en-US/firefox/addon/img2tab/)
24 | Opens all images from a page into a new tabbed window. Great for image focused sites like reddit, 4chan, tumblr etc
25 | 
26 | #### [LightBeam](https://addons.mozilla.org/en-US/firefox/addon/lightbeam/)
27 | Lightbeam is a Firefox add-on that enables you to see the first and third party sites you interact with on the Web. Using interactive visualizations, Lightbeam shows you the relationships between these third parties and the sites you visit
28 | 
29 | #### [Link Gopher](https://addons.mozilla.org/en-US/firefox/addon/link-gopher/)
30 | Extracts all links from web page, sorts them, removes duplicates, and displays them in a new tab for inspection or copy and paste into other systems
31 | 
32 | #### [Nimbus Screen Capture](https://addons.mozilla.org/en-US/firefox/addon/nimbus-screenshot/)
33 | Capture the whole web page, a part of it or the whole browser window, edit your screenshots in a very user-friendly interface and save the images to Google Drive
34 | 
35 | #### [RSS Fox](https://addons.mozilla.org/en-US/firefox/addon/rss-ticker)
36 | RSS Ticker loads your Live Bookmarks and scrolls their entries across your screen while you surf
37 | 
38 | #### [ScrapBook](https://addons.mozilla.org/en-US/firefox/addon/scrapbook/)
39 | ScrapBook is a Firefox extension, which helps you to save Web pages and easily manage collections. Key features are lightness, speed, accuracy and multi-language support
40 | 
41 | #### [Search on YouTube](https://addons.mozilla.org/en-US/firefox/addon/search-on-youtube-context-menu/)
42 | Use the context menu (right click) to search on YouTube any text from other websites.
43 | 
44 | #### [Search the current site](https://addons.mozilla.org/en-US/firefox/addon/search-current-site/)
45 | Searches the current website using search engine of your choice (DDG, Google,Yahoo,Bing)
46 | 
47 | #### [TinEye Reverse Image Search](https://addons.mozilla.org/en-US/firefox/addon/tineye-reverse-image-search/)
48 | TinEye is a reverse image search engine. The extension adds a context menu item so you can search for an image to find out where it came from, how it is being used, if modified versions of the image exist, or to find higher resolution versions
49 | 
50 | #### [Wappalyzer](https://addons.mozilla.org/en-US/firefox/addon/wappalyzer/)
51 | Wappalyzer is a browser extension that identifies software on websites
52 | 
53 | #### [Who stole my pictures?](https://addons.mozilla.org/en-US/firefox/addon/who-stole-my-pictures/)
54 | Search for copies of the images using Yandex.ru, Tineye.com, Google.com, Baidu.com and VK.com via right click menu
55 | 
56 | ### Chrome / Chromium
57 | 
58 | #### [Distill](https://chrome.google.com/webstore/detail/inlikjemeeknofckkjolnjbpehgadgge)
59 | Distill runs in your browser to check monitored pages for changes. Get instant alerts as soon as a change is detected
60 | 
61 | #### [Frame by Frame](https://chrome.google.com/webstore/detail/frame-by-frame-for-youtub/elkadbdicdciddfkdpmaolomehalghio)
62 | Watch Youtube Videos, frame by frame
63 | 
64 | #### [Google Similar Pages](https://chrome.google.com/webstore/detail/google-similar-pages/pjnfggphgdjblhfjaphkjhfpiiekbbej)
65 | Discover webpages similar to the page you're currently browsing
66 | 
67 | #### [Google Translate](https://chrome.google.com/webstore/detail/google-translate/aapbdbdomjkkjkaonfhkkikfgjllcleb)
68 | Highlight or right-click on a section of text and click on Translate icon next to it to translate it to your language. Or, to translate the entire page you're visiting, click the translate icon on the browser toolbar
69 | 
70 | #### [Hunch.ly](https://hunch.ly/) \*Paid
71 | Inspector Hunchly toils in the background of your web browser to track, analyze and store web pages while you perform online investigations. Forgets nothing, keeps everything.
72 | 
73 | #### [Lightshot](https://chrome.google.com/webstore/detail/mbniclmhobmnbdlbpiphghaielnnpgdp)
74 | Lightshot is the fastest way to take a customizable screenshot. Simple interface, nothing useless and light weight
75 | 
76 | #### [Web Scraper](https://chrome.google.com/webstore/detail/web-scraper/jnhgnonknehpejjnehehllkliplmbmhn)
77 | Web Scraper is a chrome browser extension built for data extraction from web pages. Using this extension you can create a plan (sitemap) how a web site should be traversed and what should be extracted. Using these sitemaps the Web Scraper will navigate the site accordingly and extract all data. Scraped data later can be exported as CSV
78 | 


--------------------------------------------------------------------------------
/OllyDbg.md:
--------------------------------------------------------------------------------
 1 | ## OllyDbg Debugger
 2 | 
 3 | ### [Plugme-OllyDBGv1.0](https://github.com/JohnTroony/Plugme-OllyDBGv1.0)
 4 | All OllyDBG v1.0 Plugins
 5 | 
 6 | ### [Plugme-OllyDBGv2.0](https://github.com/JohnTroony/Plugme-OllyDBGv2.0-)
 7 | All OllyDBG v2.0 Plugins
 8 | 
 9 | ### Others
10 | 
11 | ### [CLBPlus](https://github.com/justdanpo/CLBPlus)
12 | CLBPlus! plugin extends standart capabilities of conditional log breakpointing. It uses new feature of OllyDbg (implemented from version 1.10) which allows you to pass commands to plugins from "Set conditional log breakpoint window"
13 | 
14 | ### [Continue-point](https://github.com/Plonecakes/Continue-point)
15 | OllyDbg v1.10 plugin to continue on certain breaks, useful for ignoring irrelevant places where memory breakpoints trigger.
16 | 
17 | ### [FireFly](https://github.com/pezcode/FireFly)
18 | An embedded C++ script plugin for Ollydbg
19 | 
20 | ### [Holyshit](https://github.com/lynnux/holyshit)
21 | ollydbg plugin, the goal is to make life easier
22 | 
23 | ### [Instruction-Dump-Plugin](https://github.com/inovkovic/Instruction-dump-plugin)
24 | It's function is to collect information about program structure and state while it is being analysed. Project's introductory information can be seen here: [http://sgros-students.blogspot.com/2015/10/machine-learning-augmented-reverse.html](http://sgros-students.blogspot.com/2015/10/machine-learning-augmented-reverse.html)
25 | 
26 | ### [Labeless](https://github.com/a1ext/labeless)
27 | Labeless is a plugin system for dynamic, seamless and realtime synchronization between IDA Database and Olly. It consists of two parts: IDA plugin and OllyDbg plugin.
28 | 
29 | ### [mapimp v1](https://github.com/pezcode/mapimp)
30 | Ollydbg plugin for importing information from .map files
31 | 
32 | ### [mapimp v2](https://github.com/RaMMicHaeL/mapimp)
33 | This is an OllyDbg plugin which will help you to import map files exported by IDA, Dede, IDR, Microsoft and Borland linkers.
34 | 
35 | ### [ODDM2File](https://github.com/xxxxnnxxxx/ODDM2File)
36 | A simple plugin of OllyDBG for saving data from memory to a file
37 | 
38 | ### [Ollight](https://github.com/sinsoul/Ollight)
39 | A Code highlighting plugin for OllyDbg 2.01.
40 | 
41 | ### [OllyCallTrace](https://github.com/stephenfewer/OllyCallTrace)
42 | OllyCallTrace is a plugin for OllyDbg to trace the call chain of a thread.
43 | 
44 | ### [OllyCapstone](https://github.com/quangnh89/OllyCapstone)
45 | This is a plugin for OllyDbg 1.10 to replace the old disasm engine by Capstone disassembly/disassembler framework.
46 | 
47 | ### [OllyDbg-Backup](https://github.com/hifi/ollydbg-backup)
48 | OllyDbg v1.10 / v2.01 backup plugin. This simple plugin allows saving the loaded executable labels and comments to a CSV file and later loading them back in. 
49 | 
50 | ### [OllyDbgLauncher](https://github.com/piec/OllyDbgLauncher)
51 | Ollydbg plugin to generate exe launchers from the list of ollydbg's patches
52 | 
53 | ### [OllyEmbellisher](https://github.com/mgeeky/OllyEmbellisher)
54 | This plugin does nothing special despite providing ability to edit EIP and removing this superfluous elements from popup menu
55 | 
56 | ### [OllyHeapTrace](https://github.com/stephenfewer/OllyHeapTrace)
57 | OllyHeapTrace is a plugin for OllyDbg to trace the heap operations being performed by a process.
58 | 
59 | ### [OllyResourceRefs](https://github.com/akrutsinger/OllyResourceRefs)
60 | OllyDbg 2.01 plugin that finds possible references to a loaded modules resources
61 | 
62 | ### [OllySocketTrace](https://github.com/stephenfewer/OllySocketTrace)
63 | OllySocketTrace is a plugin for OllyDbg to trace the socket operations being performed by a process.
64 | 
65 | ### [ollysseh](https://github.com/marioballano/ollysseh)
66 | This OllyDbg plugin performs an in-memory scan of loaded modules to display some of their compiled options that aid in exploit development, originally it only supported '/SafeSEH', ASLR and NX flags have only recently been implemented.
67 | 
68 | ### [RunAsLua](https://github.com/ExUltima/RunAsLua)
69 | OllyDbg plugin to start debugging process as Limited User Account (LUA)
70 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # Powerful Plugins
 2 | 
 3 | This repository is a collection of powerful open source plugins for different frameworks and tools. The available plugins are categorised as:
 4 | 
 5 | - [BurpSuite](Burp.md)
 6 | - [Chrome](Chrome.md)
 7 | - [Firefox](Firefox.md)
 8 | - [IDA](IDA.md)
 9 | - [Immunity](Immunity.md)
10 | - [OllyDbg](OllyDbg.md)
11 | - [Volatility-Framework](Volatility-Framework.md)
12 | 
13 | Contributions are always welcome !
14 | 


--------------------------------------------------------------------------------
/ThreatIntel.md:
--------------------------------------------------------------------------------
1 | ## Threat Intelligence
2 | 
3 | ### Chrome
4 | 
5 | #### [ThreatPinch Lookup](https://chrome.google.com/webstore/detail/threatpinch-lookup/ljdgplocfnmnofbhpkjclbefmjoikgke)
6 | 
7 | ThreatPinch Lookup creates informational tooltips when hovering oven an item of interest on any website. It helps speed up security investigations by automatically providing relevant information upon hovering over any IPv4 address, MD5 hash, SHA2 hash, and CVE title.
8 | 


--------------------------------------------------------------------------------
/Volatility-Framework.md:
--------------------------------------------------------------------------------
1 | ## Volatility Framework
2 | 
3 | ### [editbox](https://github.com/bridgeythegeek/editbox)
4 | EditBox is a plugin for the Volatility Framework. It extracts the text from Windows Edit controls, that is, textboxes as generated by Windows Common Controls.
5 | 
6 | ### [volatility-bitlocker](https://github.com/tribalchicken/volatility-bitlocker)
7 | A plugin for the Volatility Framework which aims to extract BitLocker Full Volume Encryption Keys (FVEK) from memory. Works on Windows 7 through to Windows 10.
8 | 


--------------------------------------------------------------------------------