Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

EKOLABS esta dedicada para investigadores independientes y para la comunidad del Software Libre. Vamos a proveer de stands completos con monitor, alimentacion de energia y acceso a internet por cable, y vos vas a traer tu maquina para mostrar tu trabajo y responder preguntas de los participantes de Ekoparty Security Conference

Stars: ✭ 47 (-83.68%)

Mutual labels: security-vulnerability

BeFree

Website Security, Antivirus & Firewall || a powerful application that can secure your website against hackers, attacks and other incidents of abuse

Stars: ✭ 24 (-91.67%)

Mutual labels: security-vulnerability

Opennars

OpenNARS for Research 3.0+

Stars: ✭ 264 (-8.33%)

Mutual labels: semantic

vuestic-ui

Free and Open Source UI Library for Vue 3 🤘

Stars: ✭ 1,501 (+421.18%)

Mutual labels: semantic

ngx-fomantic-ui

🚀 An Angular 10 library for Fomantic UI without jQuery. ⚒️ Based on @edcarroll's ng2-semantic-ui.

Stars: ✭ 36 (-87.5%)

Mutual labels: semantic

Subzy

Subdomain takeover vulnerability checker

Stars: ✭ 287 (-0.35%)

Mutual labels: security-vulnerability

Modular Admin Html

ModularAdmin - Free Dashboard Theme Built On Bootstrap 4 | HTML Version

Stars: ✭ 2,875 (+898.26%)

Mutual labels: semantic

McSherry.SemanticVersioning

A semantic versioning library for .NET 5, Core, FX, and Standard with version range support.

Stars: ✭ 16 (-94.44%)

Mutual labels: semantic

View All Similar Projects ➔

About

ROPium (ex-ROPGenerator) is a library/tool that makes ROP-exploits easy. It automatically extracts and analyses gadgets from binaries and lets you find ROP-chains with semantic queries. ROPium supports X86 and X64 architectures, soon to be extended with ARM.

Key features:

Effortless: ROPium works out-of-the-box with a smooth Command Line Interface
Python API: It is easy to integrate ROPium in script thanks to its python API
Automatic chaining: ROPium automatically combines gadgets to create complex ROP-chains
Advanced features: ROPium supports function calls for various ABIs, syscalls, ...
Semantic queries: ROPium queries are quick and convenient to write : rax=rbx+8, [rdi+0x20]=rax, rsi=[rbx+16], 0x08040212(1, 2, rax), [0xdeadbeaf] = "/bin/sh\x00", sys_execve(0xdeadbeef, 0, 0), sys_0x1(0), ...

Content

About
Installation
Getting started
- CLI tool
- Python API
Docker
Contact
Licence
Special thanks

Installation

First install the Capstone disassembly framework:

  sudo apt-get install libcapstone-dev

You also need the latest ROPgadget release:

  git clone https://github.com/JonathanSalwan/ROPgadget && cd ROPgadget
  python setup.py install --user

To use the CLI tool, install prompt_toolkit:

  pip3 install prompt_toolkit

Finally install ROPium:

  git clone https://github.com/Boyan-MILANOV/ropium && cd ropium
  make
  make test
  sudo make install

Getting started

CLI tool

Thanks to a Command-Line-Interface wrapper, you can use ROPium interactively to quickly build ropchains:

Python API

Do you need to integrate ropchains directly in your scripts ? Good news, ROPium has a python API !

Loading a binary and finding ropchains:

from ropium import *
rop = ROPium(ARCH.X64)
rop.load('/lib/x86_64-linux-gnu/libc-2.27.so')

chain = rop.compile('rbx = [rax + 0x20]')

Dumping a ropchain in various formats:

>>> print( chain.dump() )

0x000000000009a851 (sub rax, 0x10; ret)
0x0000000000130018 (mov rax, qword ptr [rax + 0x30]; ret)
0x0000000000052240 (push rax; pop rbx; ret)

>>> print(chain.dump('python'))

from struct import pack
off = 0x0
p = ''
p += pack('<Q', 0x000000000009a851+off) # sub rax, 0x10; ret
p += pack('<Q', 0x0000000000130018+off) # mov rax, qword ptr [rax + 0x30]; ret
p += pack('<Q', 0x0000000000052240+off) # push rax; pop rbx; ret

>>> print(chain.dump('raw'))

b'Q\xa8\t\x00\x00\x00\x00\x00\x18\x00\x13\x00\x00\x00\x00\[email protected]"\x05\x00\x00\x00\x00\x00'

Set constraints on ropchains:

# Bytes that should not appear in the ropchain
rop.bad_bytes = [0x00, 0x0a, 0x0b]

# Register that should not be clobbered by the ropchain
rop.keep_regs = ['rsi', 'rdx']

# Enable/Forbid ropchain to dereference registers that might hold invalid addresses
# Safe mode is 'True' by default
rop.safe_mem = False

# Specify which ABI you want to use when calling functions
rop.abi = ABI.X86_CDECL

# Specify which system to target when doing syscalls
rop.os = OS.LINUX

Docker

If needed you can run ROPium in a docker container. The container can be generated from the Dockerfile as follows:

# Create your docker image (this will take time!)
docker build . --tag ropium

# Run the image in interactive mode, bind mounting the file to analyze
docker run --rm -it -v /FULL/HOST/PATH/FILE:/tmp/FILE:ro ropium

(ropium)> load -a X86 /tmp/FILE

The actual image is around 200 MB based on a Debian Stretch with a Python 3.7.3 installed.

Contact

Boyan MILANOV - boyan.milanov (at) hotmail (dot) fr

Licence

ROPium is provided under the MIT licence.

Special thanks

Contributors:

Docker container support: migounette, clslgrnc

ROPium uses the following awesome projects:

capstone : Disassembly Framework
ROPgadget : Gadget extractor
prompt-toolkit : Python CLI interface library

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].

Stars: ✭ 288

Visit Git Page 🔗Visit User Page 🔗Visit Issues Page (4) 🔗