From df1276641db62fabe94fd5128e4c8f39e3a73d9c Mon Sep 17 00:00:00 2001 From: Kyle Zeng Date: Mon, 9 Sep 2024 11:57:27 -0700 Subject: [PATCH] update tools in Readme --- README.md | 32 ++++++++++++-------------------- 1 file changed, 12 insertions(+), 20 deletions(-) diff --git a/README.md b/README.md index 4034bee..c0254cb 100644 --- a/README.md +++ b/README.md @@ -104,42 +104,34 @@ gdb -q -ex "start" ./malloc_playground There are some heap exploitation tools floating around. -## shadow - -jemalloc exploitation framework: https://github.com/CENSUS/shadow - -## libheap +## Malloc Playground -Examine the glibc heap in gdb: https://github.com/cloudburst/libheap +The `malloc_playground.c` file given is the source for a program that prompts the user for commands to allocate and free memory interactively. -## heap-viewer +## Pwngdb -Examine the glibc heap in IDA Pro: https://github.com/danigargu/heap-viewer +Examine the glibc heap in gdb: https://github.com/scwuaptx/Pwngdb -## heapinspect +## pwndbg -A Python based heap playground with good visualization for educational purposes: https://github.com/matrix1001/heapinspect +An exploitation-centric gdb plugin that provides the ability to view/tamper with the glibc heap: https://github.com/pwndbg/pwndbg -## Forkever +## gef -Debugger that lets you set "checkpoints" as well as view and edit the heap using a hexeditor: https://github.com/haxkor/forkever +Another excellent gdb plugin that provides the ability to examine the glibc heap: https://github.com/hugsy/gef -## Malloc Playground +## heap-viewer -The `malloc_playground.c` file given is the source for a program that prompts the user for commands to allocate and free memory interactively. +Examine the glibc heap in IDA Pro: https://github.com/danigargu/heap-viewer -## Pwngdb +## Forkever -Examine the glibc heap in gdb: https://github.com/scwuaptx/Pwngdb +Debugger that lets you set "checkpoints" as well as view and edit the heap using a hexeditor: https://github.com/haxkor/forkever ## heaptrace Helps you visualize heap operations by replacing addresses with symbols: https://github.com/Arinerron/heaptrace -## Heap Search - -Search for applicable heap exploitation techniques based on primitive requirements: https://kissprogramming.com/heap/heap-search - # Other resources Some good heap exploitation resources, roughly in order of their publication, are: