GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → t00sh → Rop Tool

t00sh / Rop Tool

Licence: gpl-3.0
A tool to help you write binary exploits

Programming Languages

c
50402 projects - #5 most used programming language

Labels

armexploitx86x86-64elfmipsperop

Projects that are alternatives of or similar to Rop Tool

Arm now
arm_now is a qemu powered tool that allows instant setup of virtual machines on arm cpu, mips, powerpc, nios2, x86 and more, for reverse, exploit, fuzzing and programming purpose.
Stars: ✭ 719 (+21.86%)
Mutual labels:  arm, x86, x86-64, mips
Easy Linux Pwn
A set of Linux binary exploitation tasks for beginners on various architectures
Stars: ✭ 353 (-40.17%)
Mutual labels:  arm, x86, mips, rop
Capstone
Capstone disassembly/disassembler framework: Core (Arm, Arm64, BPF, EVM, M68K, M680X, MOS65xx, Mips, PPC, RISCV, Sparc, SystemZ, TMS320C64x, Web Assembly, X86, X86_64, XCore) + bindings.
Stars: ✭ 5,374 (+810.85%)
Mutual labels:  arm, x86, x86-64, mips
Keypatch
Multi-architecture assembler for IDA Pro. Powered by Keystone Engine.
Stars: ✭ 939 (+59.15%)
Mutual labels:  arm, x86, x86-64, mips
Keystone
Keystone assembler framework: Core (Arm, Arm64, Hexagon, Mips, PowerPC, Sparc, SystemZ & X86) + bindings
Stars: ✭ 1,654 (+180.34%)
Mutual labels:  arm, x86, x86-64, mips
Plasma
Plasma is an interactive disassembler for x86/ARM/MIPS. It can generates indented pseudo-code with colored syntax.
Stars: ✭ 2,956 (+401.02%)
Mutual labels:  arm, x86, x86-64, mips
Mandibule
linux elf injector for x86 x86_64 arm arm64
Stars: ✭ 171 (-71.02%)
Mutual labels:  arm, x86, x86-64, elf
Unicorn
Unicorn CPU emulator framework (ARM, AArch64, M68K, Mips, Sparc, PowerPC, RiscV, X86)
Stars: ✭ 4,934 (+736.27%)
Mutual labels:  arm, x86, x86-64, mips
toddler
Toddler is a well-designed usable and portable microkernel OS
Stars: ✭ 70 (-88.14%)
Mutual labels:  arm, mips, x86
asmdot
[Unstable] Fast, zero-copy and lightweight (Arm | Mips | x86) assembler in (C | C++ | C# | Go | Haskell | Javascript | Nim | OCaml | Python | Rust).
Stars: ✭ 23 (-96.1%)
Mutual labels:  arm, mips, x86
cross
“Zero setup” cross compilation and “cross testing” of Rust crates
Stars: ✭ 3,550 (+501.69%)
Mutual labels:  arm, mips, x86
Capstone.NET
.NET Core and .NET Framework binding for the Capstone Disassembly Framework
Stars: ✭ 108 (-81.69%)
Mutual labels:  arm, x86-64, x86
asm2cfg
Python command-line tool and GDB extension to view and save x86, ARM and objdump assembly files as control-flow graph (CFG) pdf files
Stars: ✭ 42 (-92.88%)
Mutual labels:  arm, x86-64, x86
Bdvl
LD_PRELOAD Linux rootkit (x86 & ARM)
Stars: ✭ 232 (-60.68%)
Mutual labels:  arm, x86, x86-64
alpine-php-fpm
Lightweight and optimised PHP-FPM (PHP 7.4, 8.0, 8.1) Docker images with essential extensions on top of latest Alpine Linux.
Stars: ✭ 53 (-91.02%)
Mutual labels:  arm, x86-64, x86
uvmm
Virtual machine monitor for L4Re
Stars: ✭ 22 (-96.27%)
Mutual labels:  arm, mips, x86-64
GoRAT
GoRAT (Go Remote Access Tool) is an extremely powerful reverse shell, file server, and control plane using HTTPS reverse tunnels as a transport mechanism.
Stars: ✭ 34 (-94.24%)
Mutual labels:  arm, mips, x86
Tengine
Tengine is a lite, high performance, modular inference engine for embedded device
Stars: ✭ 4,012 (+580%)
Mutual labels:  arm, x86-64, mips
Steed
[INACTIVE] Rust's standard library, free of C dependencies, for Linux systems
Stars: ✭ 520 (-11.86%)
Mutual labels:  arm, x86, mips
HatVenom
HatVenom is a HatSploit native powerful payload generation tool that provides support for all common platforms and architectures.
Stars: ✭ 84 (-85.76%)
Mutual labels:  exploit, elf, pe
View All Similar Projects ➔

rop-tool v2.4.2

A tool to help you write binary exploits

OPTIONS

rop-tool v2.4.2
Help you make binary exploits.

Usage: rop-tool <cmd> [OPTIONS]

Commands :
   gadget        Search gadgets
   patch         Patch the binary
   info          Print info about binary
   heap          Display heap structure
   disassemble   Disassemble the binary
   search        Search on binary
   help          Print help
   version       Print version

Try "rop-tool help <cmd>" for more informations about a command.

GADGET COMMAND

Usage : rop-tool gadget [OPTIONS] [FILENAME]

OPTIONS:
  --arch, -A               Select an architecture (x86, x86-64, arm, arm64)
  --all, -a                Print all gadgets (even gadgets which are not uniq)
  --depth, -d         [d]  Specify the depth for gadget searching (default is 5)
  --flavor, -f        [f]  Select a flavor (att or intel)
  --no-filter, -F          Do not apply some filters on gadgets
  --help, -h               Print this help message
  --no-color, -N           Do not colorize output

SEARCH COMMAND

Usage : rop-tool search [OPTIONS] [FILENAME]

OPTIONS:
  --all-string, -a    [n]  Search all printable strings of at least [n] caracteres. (default is 6)
  --byte, -b          [b]  Search the byte [b] in binary
  --dword, -d         [d]  Search the dword [d] in binary
  --help, -h               Print this help message
  --no-color, -N           Don't colorize output
  --qword, -q         [q]  Search the qword [q] in binary
  --raw, -r                Open file in raw mode (don't considere any file format)
  --split-string, -s  [s]  Search a string "splited" in memory (which is not contiguous in memory)
  --string, -S        [s]  Search a string (a byte sequence) in binary
  --word, -w          [w]  Search the word [w] in binary

PATCH COMMAND

Usage : rop-tool patch [OPTIONS] [FILENAME]

OPTIONS:
  --address, -a       [a]  Select an address to patch
  --bytes, -b         [b]  A byte sequence (e.g. : "\xaa\xbb\xcc") to write
  --filename, -f      [f]  Specify the filename
  --help, -h               Print this help message
  --offset, -o        [o]  Select an offset to patch (from start of the file)
  --output, -O        [o]  Write to an another filename
  --raw, -r                Open file in raw mode

INFO COMMAND

Usage : rop-tool info [OPTIONS] [FILENAME]

OPTIONS:
  --all, -a                Show all infos
  --segments, -l           Show segments
  --sections, -s           Show sections
  --syms, -S               Show symbols
  --filename, -f      [f]  Specify the filename
  --help, -h               Print this help message
  --no-color, -N           Disable colors

DISASSEMBLE COMMAND

Usage : rop-tool dis [OPTIONS] [FILENAME]

OPTIONS:
  --help, -h               Print this help message
  --no-color, -N           Do not colorize output
  --address, -a    <a>     Start disassembling at address <a>
  --offset, -o     <o>     Start disassembling at offset <o>
  --sym, -s        <s>     Disassemble symbol
  --len, -l        <l>     Disassemble only <l> bytes
  --arch, -A       <a>     Select architecture (x86, x86-64, arm, arm64)
  --flavor, -f     <f>     Change flavor (intel, att)

HEAP COMMAND

Usage : rop-tool heap [OPTIONS] [COMMAND]

OPTIONS:
  --calloc, -C             Trace calloc calls
  --free, -F               Trace free calls
  --realloc, -R            Trace realloc calls
  --malloc, -M             Trace malloc calls
  --dumpdata, -d           Dump chunk's data
  --output, -O             Output in a file
  --help, -h               Print this help message
  --tmp, -t        <d>     Specify the writable directory, to dump the library (default: /tmp/)
  --no-color, -N           Do not colorize output

Small explainations about output of heap command

Each line correspond to a malloc chunk, and the heap is dumped after each execution of heap functions (free, malloc, realloc, calloc)

  • addr: is the real address of the malloc chunk

  • usr_addr: is the address returned by malloc functions to user

  • size: is the size of the malloc chunk

  • flags: P is PREV_INUSE, M is IS_MAPED and A is NON_MAIN_ARENA

FEATURES

  • String searching, gadget searching, patching, info, heap visualization, disassembling

  • Colored output

  • Intel and AT&T flavor

  • Support of ELF, PE and MACH-O binary format

  • Support of big and little endian

  • Support of x86, x86_64, ARM, ARM64, MIPS, MIPS64 architectures

EXAMPLES

Basic gadget searching

rop-tool gadget ./program

Display all gadgets with AT&T syntax

rop-tool gadget ./program -f att -a

Search gadgets in RAW x86 file

rop-tool gadget ./program -A x86

Search a "splitted" string in the binary

rop-tool search ./program -s "/bin/sh"

Search all strings in binary

rop-tool search ./program -a

Patch binary at offset 0x1000, with "\xaa\xbb\xcc\xdd" and save as "patched" :

rop-tool patch ./program -o 0x1000 -b "\xaa\xbb\xcc\xdd" -O patched

Visualize heap allocation of /bin/ls command :

rop-tool heap /bin/ls

Disassemble 0x100 bytes at address 0x08048452

rop-tool dis /bin/ls -l 0x100 -a 0x08048452

SCREENSHOTS

rop-tool gadget /bin/ls

ScreenShot

rop-tool search /bin/ls -a

ScreenShot

rop-tool search /bin/ls -s "/bin/sh\x00"

ScreenShot

rop-tool heap ./a.out

ScreenShot

rop-tool dis ./bin  # Many formats

ScreenShot

COMPILATION

git clone https://github.com/t00sh/rop-tool.git
cd rop-tool
sh scripts/set_env.sh
make

DEPENDENCIES

LICENSE

AUTHOR

Tosh (tosh at t0x0sh . org)

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].