universalrop - Small tool for generating ropchains using unicorn and z3

  •        8

Small tool for generating ropchains using unicorn and z3

https://github.com/kokjo/universalrop

Tags
Implementation
License
Platform

   




Related Projects

ROPgadget - This tool lets you search your gadgets on your binaries to facilitate your ROP exploitation

  •    Python

This tool lets you search your gadgets on your binaries to facilitate your ROP exploitation. ROPgadget supports ELF/PE/Mach-O format on x86, x64, ARM, ARM64, PowerPC, SPARC and MIPS architectures. Since the version 5, ROPgadget has a new core which is written in Python using Capstone disassembly framework for the gadgets search engine - The older version can be found in the Archives directory but it will not be maintained. If you want to use ROPgadget, you have to install Capstone first.

ROPMEMU - ROPMEMU is a framework to analyze, dissect and decompile complex code-reuse attacks.

  •    Python

ROPMEMU is a framework to analyze, dissect and decompile complex code-reuse attacks. It adopts a set of different techniques to analyze ROP chains and reconstruct their equivalent code in a form that can be analyzed by traditional reverse engineering tools. In particular, it is based on memory forensics (as its input is a physical memory dump), code emulation (to faithfully rebuild the original ROP chain), multi-path execution (to extract the ROP chain payload), CFG recovery (to rebuild the original control flow), and a number of compiler transformations (to simplify the final instructions of the ROP chain). Specifically, the memory forensics part is based on Volatility [1] plugins. The emulation and the multi-path part is implemented through the Unicorn emulator [2].

rp - rp++ is a full-cpp written tool that aims to find ROP sequences in PE/Elf/Mach-O x86/x64 binaries

  •    C++

rp++ is a full-cpp written tool that aims to find ROP sequences in PE/Elf/Mach-O (doesn't support the FAT binaries) x86/x64 binaries. It is open-source, documented with Doxygen (well, I'm trying to..) and has been tested on several OS: Debian / Windows 7 / FreeBSD / Mac OSX Lion (10.7.3). Moreover, it is x64 compatible. I almost forgot, it handles both Intel and AT&T syntax (beloved BeaEngine). By the way, the tool is a standalone executable ; I will upload static-compiled binaries for each OS. You can build very easily rp++ with CMake, it will generate a project file for your prefered IDE. There are some other things you will be able to do with rp++, like finding hexadecimal values, or strings, etc.

MyArticles - 蒸米的文章(iOS冰与火之歌系列,一步一步学ROP系列,安卓动态调试七种武器系列等)

  •    HTML

蒸米的文章(iOS冰与火之歌系列,一步一步学ROP系列,安卓动态调试七种武器系列等)

ROP_STEP_BY_STEP - 一步一步学ROP

  •    Python

一步一步学ROP


cemu - Cheap EMUlator: lightweight multi-architecture assembly playground

  •    Python

Writing assembly is fun. Assembly is the lowest language (humanly understandable) available to communicate with computers, and is crucial to understand the internal mechanisms of any machine. Unfortunately, setting up an environment to write, compile and run assembly for various architectures (x86, ARM, MIPS, SPARC) has always been painful. CEmu is an attempt to fix this by providing a bundled GUI application that empowers users to write assembly and test it by compiling it to bytecode and executing it in an QEMU-based emulator. CEmu combines all the advantages of a basic assembly IDE, compilation and execution environment, by relying on the great libraries Keystone, Unicorn and Capstone engines in a Qt powered GUI.

ROPgadget

  •    C

This tool lets you search your gadgets on your binaries (ELF format) to facilitate your ROP exploitation. Since version 3.0, ROPgadget has a auto-roper for build your payload automatically with the gadgets found.

Railway-Oriented-Programming-Example - This repository contains code that demonstrates the "Railway Oriented Programming" concept for error handling in functional programming languages

  •    F#

This repository contains code that demonstrates the "Railway Oriented Programming" concept for error handling in functional programming languages. You can find out more about Railway Oriented Programming at http://fsharpforfunandprofit.com/rop, where there are slides and videos that explain the concepts in more detail.

pegaswitch - PegaSwitch is an exploit toolkit for the Nintendo Switch

  •    Javascript

It should no longer be necessary to run usefulscripts/SetupNew.js, since PegaSwitch will now do it automatically. API documentation for SploitCore is automatically generated using jsdoc comments.

rop-tool - A tool to help you write binary exploits

  •    C

A tool to help you write binary exploits

pwntools - CTF framework and exploit development library

  •    Python

Pwntools is a CTF framework and exploit development library. Written in Python, it is designed for rapid prototyping and development, and intended to make exploit writing as simple as possible. You can now do a live demo of Pwntools, right in your browser.

z3 - The Z3 Theorem Prover

  •    C++

Z3 is a theorem prover from Microsoft Research. It is licensed under the MIT license. If you are not familiar with Z3, you can start here.

usercorn - dynamic binary analysis via platform emulation

  •    Go

Usercorn depends on Go 1.6 or newer, as well as the latest unstable versions of Capstone, Unicorn, and Keystone. make deps will attempt to install all of the above into the source tree.

Goohak - Automatically Launch Google Hacking Queries Against A Target Domain

  •    Shell

Automatically launch google hacking queries against a target domain to find vulnerabilities and enumerate a target. This software is free to distribute, modify and use with the condition that credit is provided to the creator (1N3@CrowdShield) and is not for commercial use.

Sn1per - Automated Pentest Recon Scanner

  •    PHP

Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Sn1per Professional is Xero Security's premium reporting addon for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes. For more information regarding Sn1per Professional, go to https://xerosecurity.com. To obtain a Sn1per Professional license, go to https://xerosecurity.com.

unicorn-worker-killer - Automatically restart Unicorn workers based on 1) max number of requests and 2) max memory

  •    Ruby

Unicorn is widely used HTTP-server for Rack applications. One thing we thought Unicorn missed, is killing the Unicorn workers based on the number of requests and consumed memories. unicorn-worker-killer gem provides automatic restart of Unicorn workers based on 1) max number of requests, and 2) process memory size (RSS), without affecting any requests. This will greatly improves site's stability by avoiding unexpected memory exhaustion at the application nodes.

unicorn - Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory

  •    Python

Magic Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. Based on Matthew Graeber's powershell attacks and the powershell bypass technique presented by David Kennedy (TrustedSec) and Josh Kelly at Defcon 18. Usage is simple, just run Magic Unicorn (ensure Metasploit is installed if using Metasploit methods and in the right path) and magic unicorn will automatically generate a powershell command that you need to simply cut and paste the powershell code into a command line window or through a payload delivery system. Unicorn supports your own shellcode, cobalt strike, and Metasploit.

vim-easytags - Automated tag file generation and syntax highlighting of tags in Vim

  •    VimL

Automated tag file generation and syntax highlighting of tags in Vim

vmcloak - Automated Virtual Machine Generation and Cloaking for Cuckoo Sandbox.

  •    Python

Automated Virtual Machine Generation and Cloaking for Cuckoo Sandbox. VMCloak is a tool to fully create and prepare Virtual Machines that can be used by Cuckoo Sandbox. In order to create a new Virtual Machine one should prepare a few configuration values that will be used later on by the tool.

NoSQLMap - Automated NoSQL database enumeration and web application exploitation tool.

  •    Python

NoSQLMap is an open source Python tool designed to audit for as well as automate injection attacks and exploit default configuration weaknesses in NoSQL databases and web applications using NoSQL in order to disclose or clone data from the database. Originally authored by @tcsstool and now maintained by @codingo_ NoSQLMap is named as a tribute to Bernardo Damele and Miroslav's Stampar's popular SQL injection tool sqlmap. Its concepts are based on and extensions of Ming Chow's excellent presentation at Defcon 21, "Abusing NoSQL Databases".