30 open-source projects similar to shellphish/how2heap, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best How2heap alternative.
Matrix is a suite of mobile application performance management and analysis tools. It provides a plugin-based monitoring system for capturing crashes, lags, and memory leaks, alongside a static binary auditor for reducing installation package size and a bytecode instrumentation tool for performance tracking. The project distinguishes itself through native memory debugging and a SQLite query linter that identifies inefficient database patterns. It employs native interception techniques to detect memory leaks and heap corruption without requiring source code recompilation, and uses a custom run
pwndbg is a GDB plugin and binary analysis framework designed for reverse engineering, exploit development, and low-level program analysis. It extends the core functionality of the debugger to provide advanced memory inspection and automation tools. The project distinguishes itself with specialized capabilities for heap analysis across glibc, jemalloc, and musl, as well as a comprehensive kernel debugging toolkit for inspecting Linux kernel tasks and slab allocators. It includes an integrated ROP gadget searcher for constructing exploit chains and an LLM-powered debugging assistant that provi
GEF is a Python-based extension for GDB that serves as a framework for binary analysis, exploit development, and low-level debugging. It functions as a dynamic analysis extension designed to assist in reverse engineering workflows and malware analysis by enhancing the debugger's ability to inspect process state and memory. The project is distinguished by its specialized heap analysis tools, which allow for the inspection of glibc heap arenas, bins, and chunks to detect memory corruption. It also provides a dedicated toolkit for exploit development, including cyclic pattern generation for offs
Pwntools is a Python-based framework designed for rapid prototyping and automation in binary exploitation, reverse engineering, and security research. It serves as a comprehensive toolkit for interacting with local and remote processes, providing the primitives necessary to manage complex exploit workflows and streamline security analysis tasks. The framework distinguishes itself through its specialized capabilities for binary manipulation and automated exploit construction. It includes dedicated utilities for parsing executable file formats, assembling and disassembling machine code, and gen
This is a hands-on lab environment for learning network penetration testing techniques, centered on setting up and attacking a vulnerable Active Directory network. The project provides a structured framework for practicing the full attack chain, from initial reconnaissance and scanning through exploitation, privilege escalation, lateral movement, and credential theft, all within isolated virtual machine labs. The lab environment is designed to simulate real-world attack scenarios, including the ability to compile and execute exploit code directly against targets without relying on Metasploit.
GOAD is an Ansible-based automation tool and infrastructure orchestrator used to deploy pre-configured networks of vulnerable Windows virtual machines. It serves as a security training environment for practicing Active Directory penetration testing, privilege escalation, and lateral movement across various cloud platforms and local virtualization hypervisors. The project distinguishes itself through a multi-provider infrastructure model and a system of infrastructure recipes that simulate intentional security misconfigurations. It supports the deployment of varied attack scenarios, including
Vulhub is a collection of pre-configured, containerized applications designed to serve as a standardized platform for security research, vulnerability testing, and educational exploitation exercises. It functions as an orchestration framework that enables users to deploy isolated software environments for the purpose of practicing penetration testing and analyzing common security flaws in a controlled setting. The project utilizes an infrastructure-as-code pattern to define complex, multi-service software stacks, ensuring that testing targets remain consistent and reproducible. By leveraging
This project is a Chinese translation of a technical reference and educational resource focused on the Python interpreter. It serves as a collection of case studies and examples designed to explain unintuitive execution patterns, obscure language behaviors, and the internal mechanics of the Python language specification. The resource translates complex technical explanations from English to Chinese to improve accessibility. It focuses on mapping specific code patterns to internal execution logic, linking observed results to language rules to resolve confusing behaviors. The content covers se
This project is a structured JavaScript programming tutorial and web development learning resource. It serves as an educational guide for learning the JavaScript language, ranging from basic syntax to advanced programming concepts. The resource functions as a JavaScript code example library and a technical guide for DOM manipulation. It provides conceptual explanations and runnable code samples to demonstrate how to solve common development tasks and programmatically manage browser elements. The material covers frontend development training, web browser programming, and the implementation of
DVWA is a vulnerable web application lab and penetration testing sandbox designed to simulate common security flaws. It serves as a training platform for the OWASP Top 10 security risks and functions as a PHP and MySQL security lab for practicing the identification and exploitation of web vulnerabilities. The project provides a graduated learning experience through configurable security levels that adjust the difficulty of the vulnerabilities. It also supports switching between different database engines to research how various storage systems respond to injection attacks. The application is
Metasploitable3 is an automated virtual machine provisioner designed to build and deploy operating system images with intentional security weaknesses. It functions as a penetration testing lab by creating vulnerable virtual machine targets used for security training, exploit development, and the validation of security tools. The system uses configuration scripts to inject vulnerabilities into Windows and Linux environments. This includes the deployment of insecure applications and services, such as web servers and databases, and the application of misconfigured system permissions to simulate
This project is an Android bootloader unlock tool designed to bypass account binding restrictions on devices running Xiaomi HyperOS. It functions as an exploit that circumvents the community account requirements typically necessary to unlock the bootloader. The tool serves as a prerequisite for device rooting and system modification. By removing manufacturer bootloader locks, it enables the installation of custom recoveries, kernels, and modified operating systems. The project achieves these results through vulnerability-based account bypass and memory-corruption exploits to intercept the ve
This repository contains the digital textbook and supplementary materials for probabilistic machine learning education. It provides structured text and guided study materials covering the mathematical foundations of probability and neural networks. The project emphasizes reproducibility through a collection of interactive notebooks and standalone scripts used to recreate data plots and figures from the text. These materials are hosted in external environments to allow users to execute complex machine learning code without local installation. The educational surface includes lecture slides, e
WebGoat is a deliberately insecure web application designed as an interactive security lab for learning how to identify and exploit common web vulnerabilities. It serves as a containerized sandbox that allows for the simulation and experimentation of web-based attacks and penetration testing techniques without risking production systems. The project functions as a learning lab that maps specific insecure coding patterns to structured lessons. It implements simulated server-side flaws to provide a hands-on environment for studying common security vulnerabilities and defensive coding practices.
Hyperblog is a Git learning resource and static site blog template. It provides a practical codebase and markdown blog theme designed for hands-on implementation of version control and collaborative development. The project focuses on Git workflow practice and GitHub collaborative development. It allows users to master version control and project management by building and deploying a functional static website. The system uses static site generation and markdown-driven content to create blog posts. It includes template-based layouts and client-side search indexing to locate specific text or
This project is an educational toolkit that provides implementations of fundamental machine learning algorithms built from scratch. By avoiding high-level library abstractions, it serves as a pedagogical reference for understanding the mathematical foundations and core mechanics of supervised learning, unsupervised learning, and reinforcement learning models. The repository distinguishes itself through a modular approach to model construction, allowing users to build custom neural networks by chaining independent functional blocks. It covers a wide range of techniques, including gradient-base
This project serves as a comprehensive textbook and educational resource for data analysis using the Python ecosystem. It provides a structured guide to manipulating, cleaning, and processing datasets, focusing on the core tools required for numerical computing and statistical analysis. The repository distinguishes itself by offering a collection of practical code examples and workflows that demonstrate how to perform complex data tasks. It covers the application of vectorized numerical computations, the management of time-indexed data, and the creation of statistical visualizations to commun
This project is a comprehensive directory of software utilities, frameworks, and educational resources designed for cybersecurity competitions and offensive security research. It serves as a centralized index for tools used in cryptography, forensics, reverse engineering, and web exploitation, while providing structured materials for training and skill development. The repository distinguishes itself through a community-driven maintenance model that aggregates and organizes technical resources into a searchable, hierarchical structure. It facilitates knowledge transfer by cataloging expert pr
Async-profiler is a sampling profiler for Java applications that tracks CPU time and stack traces across execution frames to identify performance bottlenecks. It is designed to capture profiling data without introducing timing bias. The project provides capabilities for JVM memory analysis to locate native and heap allocation hotspots and memory leaks. It also includes system contention analysis to identify resource bottlenecks through the tracking of contended locks and hardware performance counters. The tool converts raw profiling data into visual performance reports, including interactive
rust-by-practice is an interactive coding platform and language learning curriculum designed to teach the Rust programming language. It functions as a code practice sandbox and tutorial, providing a structured path of examples and challenges to bridge the gap between basic knowledge and professional development. The platform features a web-based environment for editing, compiling, and executing code directly in the browser. It employs a graded curriculum of increasing difficulty, allowing users to solve exercises and verify their logic against reference solutions to ensure accuracy and adhere
Memory Profiler is a diagnostic library for Ruby applications designed to monitor runtime memory consumption and object lifecycles. It provides tools to track object allocations and memory usage, enabling the identification of performance bottlenecks and potential memory leaks that affect software stability. The tool functions by observing memory behavior during program execution, allowing developers to distinguish between short-lived data and objects that persist beyond their intended lifecycle. It captures the execution context of allocations by walking the call stack, which helps attribute
Heaptrack is a heap memory profiler and diagnostic tool for applications running on Linux. It functions as a memory leak detector and performance analysis system that records heap allocations and stack traces to identify memory hotspots and consumption patterns. The project provides a graphical heap allocation visualizer for exploring memory usage through tree views and peak memory reports. It utilizes flame graphs and allocation charts to visualize memory hotspots and assist in the detection of leaks. The toolset includes capabilities for heap memory allocation tracing and the generation of
Async-profiler is a suite of performance tools designed for sampling Java runtimes, tracking memory allocations, and monitoring hardware counters. It functions as a low-overhead sampling profiler for Java applications, collecting stack traces and memory allocation data without safepoint bias. The project provides specialized utilities for generating interactive flame graphs to visualize execution hotspots in a web browser. It includes a hardware performance counter monitor to track low-level system events such as cache misses and page faults. The toolset covers several diagnostic domains, in
BenchmarkDotNet is a library and tool suite for measuring the execution time and memory allocation of .NET code. It utilizes statistical sampling and warm-up iterations to determine the stability and precise execution speed of specific methods. The project provides a JIT disassembly viewer to inspect processor disassembly and analyze how the compiler executes code paths. It includes a memory allocation profiler that tracks managed and native memory traffic to identify efficiency bottlenecks. Additionally, a runtime performance comparator allows the same benchmarks to be executed across differ
itsy-bitsy-data-structures is a collection of fundamental computer science data structures implemented in JavaScript. It serves as an educational resource and algorithm study guide, providing simplified code implementations of classic data organization patterns to demonstrate internal logic and usage. The project provides clear and concise JavaScript implementations of stacks, queues, and linked lists. These examples are designed for learning, technical interview preparation, and studying the mechanical behavior of core data structures through code. The implementations utilize various comput
CVE-2020-0796 - Windows SMBv3 LPE exploit #SMBGhost
Simple wrapper around some of the features of Rubeus and KrbRelay (and a few other honorable mentions in the acknowledgements section) in order to streamline the abuse of the following attack primitive: