GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → 1Project → Scanr

1Project / Scanr

Licence: other
Detect x86 shellcode in files and traffic.

Programming Languages

python
139335 projects - #7 most used programming language

Labels

emulatorsecuritydetectionemulationidsips

Projects that are alternatives of or similar to Scanr

Washingtondc
Open-source Sega Dreamcast emulator
Stars: ✭ 201 (+1156.25%)
Mutual labels:  emulator, emulation
GhidraEmu
Native Pcode emulator
Stars: ✭ 25 (+56.25%)
Mutual labels:  emulator, emulation
Bsnes Plus
debug-oriented fork of bsnes
Stars: ✭ 209 (+1206.25%)
Mutual labels:  emulator, emulation
Snowflake
❄️ 🎮 Extensible Emulator Frontend written in C# and Javascript
Stars: ✭ 185 (+1056.25%)
Mutual labels:  emulator, emulation
Thistle
6502 based architecture for OpenComputers
Stars: ✭ 26 (+62.5%)
Mutual labels:  emulator, emulation
Openemu
🕹 Retro video game emulation for macOS
Stars: ✭ 13,369 (+83456.25%)
Mutual labels:  emulator, emulation
js-nes-emulator
NES emulator in javascript.
Stars: ✭ 12 (-25%)
Mutual labels:  emulator, emulation
Nsfplay
Nintendo NES sound file NSF music player
Stars: ✭ 155 (+868.75%)
Mutual labels:  emulator, emulation
Yuzu
Nintendo Switch Emulator
Stars: ✭ 17,405 (+108681.25%)
Mutual labels:  emulator, emulation
Emu Docs
Emulator documentation archive
Stars: ✭ 222 (+1287.5%)
Mutual labels:  emulator, emulation
Vaporboy
Gameboy / Gameboy Color Emulator PWA built with Preact. ⚛️ Powered by wasmBoy. 🎮Themed with VaporWave. 🌴🐬
Stars: ✭ 182 (+1037.5%)
Mutual labels:  emulator, emulation
faucon
NVIDIA Falcon Microprocessor Suite
Stars: ✭ 28 (+75%)
Mutual labels:  emulator, emulation
Rust64
Commodore 64 emulator written in Rust
Stars: ✭ 176 (+1000%)
Mutual labels:  emulator, emulation
Segs
💪 SEGS - Super Entity Game Server
Stars: ✭ 190 (+1087.5%)
Mutual labels:  emulator, emulation
Nes
A Javascript NES Emulator
Stars: ✭ 168 (+950%)
Mutual labels:  emulator, emulation
Emupedia.github.io
The purpose of Emupedia is to serve as a nonprofit meta-resource, hub and community for those interested mainly in video game preservation which aims to digitally collect, archive and preserve games and software to make them available online accessible by a user-friendly UI that simulates several retro operating systems for educational purposes.
Stars: ✭ 206 (+1187.5%)
Mutual labels:  emulator, emulation
Byuu
byuu is a multi-system emulator focused on performance, features, and ease of use.
Stars: ✭ 123 (+668.75%)
Mutual labels:  emulator, emulation
Epsxe64ubuntu
Install ePSXe Linux (x64) & shaders using BIOS HLE and Core Plugins on x86-64 Debian, Ubuntu, Linux Mint and their derivatives.
Stars: ✭ 130 (+712.5%)
Mutual labels:  emulator, emulation
Punes
Nintendo Entertaiment System emulator and NSF/NSFe Music Player (Linux, FreeBSD, OpenBSD and Windows)
Stars: ✭ 217 (+1256.25%)
Mutual labels:  emulator, emulation
UTMFW
UTM Firewall on OpenBSD
Stars: ✭ 104 (+550%)
Mutual labels:  ids, ips
View All Similar Projects ➔

Scanr

Detect x86 shellcode in files and traffic.

Usage

> python main.py --help
Usage: main.py [-h] [-f OBJ_PATH] [-o START_OFFSET] [-l LIMIT] [-d]
               [-i INTERFACE] [-c CAPTURE]

Windows shellcode emulation and detection tool

optional arguments:
  -h, --help       show this help message and exit
  -f OBJ_PATH      input file
  -o START_OFFSET  shellcode start offset
  -l LIMIT         max instructions to analyze
  -d               enable debug mode
  -i INTERFACE     network interface
  -c CAPTURE       network capture

Example: python main.py -c test-http-get.pcap

Output

python main.py -d -f call4_dword_xor_shell
[!] Starting analysis in file mode
[*] Analyzing file <open file 'call4_dword_xor_shell', mode 'r' at 0x10ed2bdb0>
[+] Found 1 potential offsets:
	0x00000000
  0x0   :	xor	ecx, ecx
  0x2   :	sub	ecx, -0x54
  0x5   :	call	9
  0xa   :	rcr	byte ptr [esi - 0x7f], 0x76
  0xe   :	push	cs
  0xf   :	js	0xfffffff5
  0x11  :	dec	eax
  0x12  :	mov	eax, dword ptr [0xe2fcee83]
  0x17  :	hlt
  0x18  :	test	byte ptr [edx + ecx*8], cl
  0x1b  :	mov	eax, dword ptr [0x2828e478]
  0x20  :	popfd
  0x21  :	aad	0x88
[!] Trying with offset number 0 at 0x00000000
[*] Emulator processing shellcode
  0x2000:	xor	ecx, ecx
  0x2002:	sub	ecx, -0x54
  0x2005:	call	4
  0x2009:	inc	eax
  0x200b:	pop	esi
	mem READ:  0x4, data size = 4, data value = 0x0
	near deref:
		0a 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x200c:	xor	dword ptr [esi + 0xe], 0xa148e478
	mem READ:  0x2018, data size = 4, data value = 0x0
	near deref:
		84 0c ca a1 78 e4 28 28 9d d5 88 c5 f3 b4 78 2a
[!] Self-modyfying code heuristic triggered!
  0x2013:	sub	esi, -4
  0x2016:	loop	0xfffffff6
  0x200c:	xor	dword ptr [esi + 0xe], 0xa148e478
	mem READ:  0x201c, data size = 4, data value = 0x0
	near deref:
		78 e4 28 28 9d d5 88 c5 f3 b4 78 2a 2a e8 c3 f3
# skipped..
[!] Self-modyfying code heuristic triggered!
  0x2013:	sub	esi, -4
  0x2016:	loop	0xfffffff6
  0x200c:	xor	dword ptr [esi + 0xe], 0xa148e478
	mem READ:  0x2164, data size = 4, data value = 0x0
	near deref:
		ad e4 48 a1 cc cc cc cc 00 00 00 00 00 00 00 00
[!] Self-modyfying code heuristic triggered!
  0x2013:	sub	esi, -4
  0x2016:	loop	0xfffffff6
  0x2018:	cld
  0x2019:	call	0x87
  0x20a0:	pop	ebp
[!] GetPC (callpop) heuristic triggered!
	mem READ:  0x4, data size = 4, data value = 0x0
	near deref:
		1e 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x20a1:	push	0x3233
  0x20a6:	push	0x5f327377
  0x20ab:	push	esp
  0x20ac:	push	0x726774c
  0x20b1:	call	ebp
  0x201e:	pushal
  0x201f:	mov	ebp, esp
  0x2021:	xor	eax, eax
  0x2023:	mov	edx, dword ptr fs:[eax + 0x30]

[!] PEB accessed!
	mem READ:  0x30, data size = 4, data value = 0x0
	near deref:
		30 00 00 00 00 00 00 00 00 00 00 00 3c 00 00 00
  0x2027:	mov	edx, dword ptr [edx + 0xc]

[!] PEB_Ldr accessed!
[!] HEUR level 3, shellcode detected. Exiting!
	mem READ:  0x3c, data size = 4, data value = 0x0
	near deref:
		3c 00 00 00 00 00 00 00 00 00 00 00 48 00 00 00
[+] Processed!
	Shellcode address ranges:
	   low:  0x2018
	   high: 0x2164

	Decoded shellcode:
  0x0   :	cld
  0x1   :	call	0x88
  0x6   :	pushal
  0x7   :	mov	ebp, esp
  0x9   :	xor	eax, eax
  0xb   :	mov	edx, dword ptr fs:[eax + 0x30]
  0xf   :	mov	edx, dword ptr [edx + 0xc]
  0x12  :	mov	edx, dword ptr [edx + 0x14]
  0x15  :	mov	esi, dword ptr [edx + 0x28]
  0x18  :	movzx	ecx, word ptr [edx + 0x26]
  0x1c  :	xor	edi, edi
  0x1e  :	lodsb	al, byte ptr [esi]
  # skipped..
[+] Finished analysis, took 0.067544 seconds

Dependencies

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].