-

ROPgadget - This Tool Lets You Search Your Gadgets On Your Binaries To Facilitate Your ROP Exploitation


This tool lets you search your gadgets on your binaries to facilitate your ROP exploitation. ROPgadget supports ELF/PE/Mach-O format on x86, x64, ARM, ARM64, PowerPC, SPARC and MIPS architectures. Since the version 5, ROPgadget has a new core which is written in Python using Capstone disassembly framework for the gadgets search engine - The older version can be found in the Archives directory but it will not be maintained.

Install
If you want to use ROPgadget, you have to install Capstonefirst.
For the Capstone's installation on nix machine:
$ sudo pip install capstone
Capstone supports multi-platforms (windows, ios, android, cygwin...). For the cross-compilation, please refer to the https://github.com/aquynh/capstone/blob/master/COMPILE.TXT file.
After Capstone is installed, ROPgadget can be used as a standalone tool:
$ ROPgadget.py
Or installed into the Python site-packages library, and executed from $PATH.
$ python setup.py install
 $ ROPgadget
Or installed from PyPi
$ pip install ropgadget
 $ ROPgadget

Usage
usage: ROPgadget.py [-h] [-v] [-c] [--binary ] [--opcode ]
                     [--string ] [--memstr ] [--depth ]
                     [--only ] [--filter ] [--range ]
                     [--badbytes ] [--rawArch ] [--rawMode ]
                     [--re ] [--offset ] [--ropchain] [--thumb]
                     [--console] [--norop] [--nojop] [--nosys] [--multibr]
                     [--all] [--dump]
 
 optional arguments:
     -h, --help           show this help message and exit
     -v, --version        Display the ROPgadget's version
     -c, --checkUpdate    Checks if a new version is available
     --binary     Specify a binary filename to analyze
     --opcode    Search opcode in executable segment
     --string     Search string in readable segment
     --memstr     Search each byte in all readable segment
     --depth       Depth for search engine (default 10)
     --only          Only show specific instructions
     --filter        Suppress specific instructions
     --range   Search between two addresses (0x...-0x...)
     --badbytes     Rejects specific bytes in the gadget's address
     --rawArch      Specify an arch for a raw file
     --rawMode      Specify a mode for a raw file
     --re             Regular expression
     --offset    Specify an offset for gadget addresses
     --ropchain           Enable the ROP chain generation
     --thumb              Use the thumb mode for the search engine (ARM only)
     --console            Use an interactive console for search engine
     --norop              Disable ROP search engine
     --nojop              Disable JOP search engine
     --callPreceded       Only show gadgets which are call-preceded (x86 only)
     --nosys              Disable SYS search engine
     --multibr            Enable multiple branch gadgets
     --all                Disables the removal of duplicate gadgets
     --dump               Outputs the gadget bytes

Screenshots





https://github.com/JonathanSalwan/ROPgadget

تعليقات

إرسال تعليق

المشاركات الشائعة من هذه المدونة

-
صورة
Astra - Automated Security Testing For REST API's  is complex due to continuous changes in existing APIs and newly added APIs. Astra can be used by security engineers or developers as an integral part of their process, so they can detect and patch vulnerabilities early during development cycle. Astra can automatically detect and test login & logout (Authentication API), so it's easy for anyone to integrate this into CICD pipeline. Astra can take API collection as an input so this can also be used for testing apis in standalone mode. SQL injection Cross site scripting Information Leakage Broken Authentication and session management CSRF (including Blind CSRF) Rate limit CORS misonfiguration (including CORS bypass techniques) JWT attack Coming soon XXE CSP misconfiguration Requirement Linux or MacOS Python 2.7 mongoDB Installation $ git clone https://github.com/flipkart-incubator/Astra $ cd Astra $ sudo pip install -r require...
Plus d'infos »chaker hacker
-
صورة
Snallygaster - Tool To Scan For Secret Files On HTTP Servers Snallygaster is a tool that looks for files accessible on web servers that shouldn't be public and can pose a security risk. Typical examples include publicly accessible git repositories, backup files potentially containing passwords or database dumps. In addition it contains a few checks for other security vulnerabilities. As an introduction to these kinds of issues you may want to watch this talk: Install snallygaster is available  via pypi : pip3 install snallygaster It's a simple python 3 script, so you can just download the file "snallygaster" and execute it. Dependencies are urllib3, beautifulsoup4 and dnspython. Faq Q: I want to contribute / send a patch / a pull request! A: That's great, but please read the  CONTRIBUTIONS.md file. Q: What's that name? A:  Snallygaster  is the name of a dragon that according to some legends was seen in Maryland and other parts of the ...
Plus d'infos »chaker hacker
-
صورة
Intel Processors Now Allows Antivirus to Use Built-in GPUs for Malware Scanning         Global chip-maker Intel on Tuesday  announced  two new technologies—Threat Detection Technology (TDT) and Security Essentials—that not only offer hardware-based built-in security features across Intel processors but also improve threat detection without compromising system performance. Intel's Threat Detection Technology (TDT) offers a new set of features that leverage hardware-level telemetry to help security products detect new classes of threats and exploits. It includes two main capabilities—Accelerated Memory Scanning and Advanced Platform Telemetry. Accelerated Memory Scanning allows antivirus programs to use Intel's integrated GPU to scan and detect memory-based malware attacks while reducing the impact on performance and power consumption.  "Current scanning technologies can detect system memory-based cyber-attacks, but at...
Plus d'infos »chaker hacker