All Projects → matrix1001 → Heapinspect

matrix1001 / Heapinspect

Licence: mit
🔍Heap analysis tool for CTF pwn.

Programming Languages

python
139335 projects - #7 most used programming language

Projects that are alternatives of or similar to Heapinspect

Hyperpwn
A hyper plugin to provide a flexible GDB GUI with the help of GEF, pwndbg or peda
Stars: ✭ 387 (+118.64%)
Mutual labels:  exploit, pwn, gdb
Gef
GEF (GDB Enhanced Features) - a modern experience for GDB with advanced debugging features for exploit developers & reverse engineers ☢
Stars: ✭ 4,197 (+2271.19%)
Mutual labels:  exploit, pwn, gdb
exploiting
Exploiting challenges in Linux and Windows
Stars: ✭ 122 (-31.07%)
Mutual labels:  exploit, gdb, pwn
Exploits
Real world and CTFs exploiting web/binary POCs.
Stars: ✭ 69 (-61.02%)
Mutual labels:  exploit, pwn
pwnscripts
Very simple script(s) to hasten binary exploit creation
Stars: ✭ 66 (-62.71%)
Mutual labels:  exploit, pwn
CTF
My CTF tools & some other stuff
Stars: ✭ 17 (-90.4%)
Mutual labels:  gdb, pwn
heaptrace
helps visualize heap operations for pwn and debugging
Stars: ✭ 252 (+42.37%)
Mutual labels:  pwn, heap
Pwn2exploit
all mine papers, pwn & exploit
Stars: ✭ 289 (+63.28%)
Mutual labels:  exploit, pwn
Heap Viewer
An IDA Pro plugin to examine the glibc heap, focused on exploit development
Stars: ✭ 574 (+224.29%)
Mutual labels:  heap, exploit
Main arena offset
A simple shell script to get main_arena offset of a given libc
Stars: ✭ 53 (-70.06%)
Mutual labels:  heap, pwn
Write Ups
📚 VoidHack CTF write-ups
Stars: ✭ 45 (-74.58%)
Mutual labels:  exploit, pwn
One gadget
The best tool for finding one gadget RCE in libc.so.6
Stars: ✭ 1,306 (+637.85%)
Mutual labels:  exploit, pwn
FastPwn
CTF中Pwn的快速利用模板(包含awd pwn)
Stars: ✭ 18 (-89.83%)
Mutual labels:  exploit, pwn
CTF
CTF binary exploit code
Stars: ✭ 37 (-79.1%)
Mutual labels:  exploit, pwn
how-to-exploit-a-double-free
How to exploit a double free vulnerability in 2021. Use After Free for Dummies
Stars: ✭ 1,165 (+558.19%)
Mutual labels:  pwn, heap
Pwninit
pwninit - automate starting binary exploit challenges
Stars: ✭ 127 (-28.25%)
Mutual labels:  exploit, pwn
Ctf All In One
CTF竞赛权威指南
Stars: ✭ 2,807 (+1485.88%)
Mutual labels:  exploit, pwn
ctf-writeups
📚 Yet another CTF writeups repository. PWN and RE tasks
Stars: ✭ 29 (-83.62%)
Mutual labels:  pwn, heap
Shellen
🌸 Interactive shellcoding environment to easily craft shellcodes
Stars: ✭ 799 (+351.41%)
Mutual labels:  exploit, pwn
Gdb Static
Public repository of static GDB and GDBServer
Stars: ✭ 103 (-41.81%)
Mutual labels:  exploit, gdb

HeapInspect

Pwnning is an art.

HeapInspect is designed to make heap much more prettier.

Now this tool is a plugin of nadbg. Try it!

Features

  • Free of gdb and other requirement
  • Multi glibc support
    • 2.19, 2.23-2.27 (currently tested)
    • both 32bit and 64bit
  • Nice UI to show heap
    • HeapShower (detailed)
    • PrettyPrinter (colorful, summary)
  • Heapdiff (working)
  • Corruption detect & exploit analysis (working)
  • Also support gdb
  • Python2 & Python3 compatible

Usage

Quick shot

A quick use of this tool.

pp1

pp2

raw1

rela1

You can also use it as a gdb plugin, very useful when pwndbg or other plugins failed to analysis heap.

sed -i "1i source `pwd`/gdbscript.py" ~/.gdbinit # alternatively, you can add that line manually

Note

gdb1

gdb2

gdb3

Basic

Pretty easy to use. I will make it a package later.

from heapinspect.core import *
hi = HeapInspector(1234)       #pid here
hs = HeapShower(hi)

print(hs.fastbins)
print(hs.smallbins)
print(hs.largebins)
print(hs.unsortedbins)
print(hs.tcache_chunks)

hs.relative = 1              #relative mode, check Quick shot
print(hs.fastbins)

sleep(10)
#now assume that the heap state has changed
hs.update()                  #use this to refresh

pp = PrettyPrinter(hi)
print(pp.all)                #pretty printer
pp.update()                  #use this to update

Test

There are some testcases.

heapinspect/tests/ $ python test.py  #this will run all test cases for you to check this tool.

......
......

test case unsortedbins64 at test/testcases/libc-2.27/64bit
pid:6704
=========================           fastbins           =========================
=========================         unsortedbins         =========================
chunk(0x7f9aae2e6720): prev_size=0x0      size=0xb1     fd=0x7f9aacdfbca0  bk=0x7f9aae2e6880
chunk(0x7f9aae2e6880): prev_size=0x0      size=0xb1     fd=0x7f9aae2e6720  bk=0x7f9aacdfbca0
=========================          smallbins           =========================
=========================          largebins           =========================
=========================            tcache            =========================
tcache[9]:
chunk(0x7f9aae2e6670): prev_size=0x0      size=0xb1     fd=0x7f9aae2e65d0  bk=0x0
chunk(0x7f9aae2e65c0): prev_size=0x0      size=0xb1     fd=0x7f9aae2e6520  bk=0x0
chunk(0x7f9aae2e6510): prev_size=0x0      size=0xb1     fd=0x7f9aae2e6470  bk=0x0
chunk(0x7f9aae2e6460): prev_size=0x0      size=0xb1     fd=0x7f9aae2e63c0  bk=0x0
chunk(0x7f9aae2e63b0): prev_size=0x0      size=0xb1     fd=0x7f9aae2e6310  bk=0x0
chunk(0x7f9aae2e6300): prev_size=0x0      size=0xb1     fd=0x7f9aae2e6260  bk=0x0
chunk(0x7f9aae2e6250): prev_size=0x0      size=0xb1     fd=0x0             bk=0x0

Docs

Detailed docstrings have been written into the source code.

I have built a sphinx doc in docs. Just open docs/build/html/index.html with your browser.

Devlog

2020/5/11 Version 0.1.4

  • python3 support

2018/12/10 Version 0.1.3

  • add support for gdb

2018/11/6 version 0.1.2

docs update.

  • update sphinx docs
  • reshape file structure

2018/11/5 version 0.1.1

not a functional update.

  • PEP8
  • docstrings
  • performance update

2018/10/31 version 0.1.0

first release

  • better cmdline option

2018/10/30 version 0.0.8

next version will be a release.

  • CRLF to LF
  • code refine
  • readme refine
  • pretty printer

2018/10/29 version 0.0.7

  • auto test
  • code refine

2018/10/27 version 0.0.6

this is not a stable version. im trying to fix bugs due to different glibc. i need help to test this.

  • add multi libc support
  • add x86 support

2018/10/26 version 0.0.5

next version will add multi libc support. heapdiff and heap check will be added later.

  • HeapShower
  • relative heap & libc offset showing
  • fix search loop bug
  • bins now search from bk instead of fd, as the manner of glibc

2018/10/24 version 0.0.4

  • HeapRecoder , I will make a heapdiff
  • smallbins and largebins

2018/10/23 version 0.0.3

  • fastbin prototype
  • unsortedbin prototype
  • bins prototype
  • tcache prototype

2018/10/22 version 0.0.2

  • add C_Struct to handle c structure

2018/10/19 version 0.0.1

  • add class HeapInspector
  • trying to parse more information of arena

2018/10/18 version 0.0.0

  • add class Proc in proc_util
  • experimental test in test.py
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].