Skip to content
ROP gadget finder and analysis in pure Javascript
Branch: master
Clone or download
archisgore Merge pull request #10 from mrkiley/master
Added tracking scripts for Alexa and Google
Latest commit eaa1c7b Jun 23, 2018
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
docs
externalcss
externaljs
internalcss
internaljs
kaitaispecs uleb128 is too painful for me right now. Dec 6, 2017
overflows
samples
.gitignore
CNAME
CODE_OF_CONDUCT.md
CONTRIBUTING.md
LICENSE Initial commit Nov 14, 2017
README.md
_config.yml
index.html Updated the google analytics scripts based on Archis' comment Jun 23, 2018

README.md

⚠️ This tool may only be used for educational, teaching, learning, understanding and research purposes only.

Binary Entropy Visualizer

Completely self-contained binary ROP/JOP gadget analyzer for comparing two binaries side-by-side and understanding their structures, in 100% pure Javascript, and a self-contained client-side browser application. Focussed on extreme simplicity of usage and portability across platforms.

Get Started:

Visit the hosted version here: https://analyze.polyverse.io/

Blog posts that use the tool

How Polymorphic Linux stops attacks when everything else has failed

ASLR Simplified

Fun with binaries

Let's craft some real attacks

Find us on the Polymorphic Linux Slack channel

https://join.slack.com/t/polymorphic-linux/shared_invite/enQtMjk2MDEzNjI3MDQ3LTNjNmI3MzYzNTMwMGRmZmMxZTc0M2NkNDg2MDFlY2U0NjllZTFkZThmNGVjMWZjZjJiNTBhZDQ1M2Y1YjQ2OTI

Self hosting

Or clone this repo, and open index.html in your web-browser locally.

[Note] Occasionally your browser might not like loading scripts from the filesystem due to CORS, in which case host this directory behind a static webserver. Hacker-y folks might be used to:

python -m SimpleHTTPServer

Code Walkthrough, API, and Programmatic use

See detailed code walkthrough page.

Understanding the licenses

All code contributed directly to this project, any surrounding glue-logic, and original code is licensed under the Apache 2.0 license. It is a fairly permissive license.

However, there is a LOT of code that is either borrowed or adapted from third party open source projects, and those modules, any changes to those modules, or copies/forks of those modules, continue to stay under their original licenses.

For example,

And so on and so forth...

If GPL code is incorporated in modules, then those modules may be considered under the respective GPL license.

We want to emphasize that the practical and functional intent of this tool is to take the best of what is out there and provide a useful combination that solves a real problem, encourages study, modification, changes and distribution of the tool. If you have concerns around your particular license or code, or if we have failed to attribute your contributions, simply file an issue, and we will fix it right away.

Intended for extreme isolation, security, and simplicity

  • Run on a sandboxed/airgapped host to be assured there is no phone-home.
  • Requires no scripts/frameworks. Pure xcopy-deploy, and a modern web browser.
  • No behind-the-scenes binaries, code-pulls, platform dependencies, etc. to worry about. Zero-contamination usage.

Resources:

You can’t perform that action at this time.