buzzer-re

# A Python script using LIEF to search a specific exported function name in a directories
# This is useful when you don't know the DLL name but (somehow) knows the exported function name
import sys
import lief
import os
import logging

lief.logging.set_level(lief.logging.LOGGING_LEVEL.CRITICAL)

DLL_CHAR = 0x2000

buzzer-re

# Clean PE files that have a lot of junk after its end to avoid AV scanners and slow down analysis tools

import pefile
import sys
import os

TRESHOLD = 100

if __name__ == '__main__':
    if len(sys.argv) < 2:

buzzer-re

Unicorn-Engine API Documentation

Version	2.0.0

Official API document by kabeor

PDF File

Unicorn Engine is a lightweight, multi-platform, multi-architecture CPU simulator framework, the current version is based on [Qemu](https://www.qemu. org/) 5.0.1 development, it can replace the execution of CPU simulation code, commonly used in program virtualization, malicious code analysis, Fuzzing, etc. This project is used in [Qiling Virtual Framework] (https://github.com/qilingframework/ qiling), Radare2 Reverse Analysis Framework, GEF (pwn analysis plugin for gdb), [Pwndbg] (https://github.com/pwndbg/pwndbg), Angr Symbol Execution Framework and many other famous projects.

buzzer-re

0	AUE_NULL	ALL	{ int nosys(void); }   { indirect syscall }
1	AUE_EXIT	ALL	{ void exit(int rval) NO_SYSCALL_STUB; }
2	AUE_FORK	ALL	{ int fork(void) NO_SYSCALL_STUB; }
3	AUE_NULL	ALL	{ user_ssize_t read(int fd, user_addr_t cbuf, user_size_t nbyte); }
4	AUE_NULL	ALL	{ user_ssize_t write(int fd, user_addr_t cbuf, user_size_t nbyte); }
5	AUE_OPEN_RWTC	ALL	{ int open(user_addr_t path, int flags, int mode) NO_SYSCALL_STUB; }
6	AUE_CLOSE	ALL	{ int sys_close(int fd); }
7	AUE_WAIT4	ALL	{ int wait4(int pid, user_addr_t status, int options, user_addr_t rusage) NO_SYSCALL_STUB; }
8	AUE_NULL	ALL	{ int enosys(void); }   { old creat }
9	AUE_LINK	ALL	{ int link(user_addr_t path, user_addr_t link); }

buzzer-re

import os
import json
import requests

class VirusTotal:
    VT_API = 'https://www.virustotal.com/api/v3'

    def __init__(self, key = None, query = None, limit_query=5):
        self.valid = True
        self.last_err = ''

buzzer-re

alias ccintel='clang -target x86_64-apple-macos10.12'

buzzer-re

#!/bin/bash

# This will organize a whole directory with each folder containing the filetype name

path=$1


if [ -z $path ] 
then
	echo "Usage $0 <path>"

buzzer-re

package main

import (
	"os"
	"flag"
	"fmt"
	"syscall"
	"io/ioutil"
	"crypto/rand"
	"crypto/cipher"

buzzer-re

import frida
import subprocess
import sys
import argparse

if __name__ == '__main__':
        args = argparse.ArgumentParser(description="A simple scriptable frida tracer")
        args.add_argument("process", help="Process name to spawn!")
        args.add_argument("--inject-script", help="script path to inject", required=True)
        args = args.parse_args()

buzzer-re

# Use the "public api" that https://www.virustotal.com/old-browsers/ uses for request the sample information


echo "[+] Virus Total file checker [+]"


if [ $# -ne 1 ]
then
	echo "Usage: $0 <SHA1>"
	exit