Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Newer
Older
100755 175 lines (139 sloc) 4.175 kb
a0c2321 bannedit Add msfrop, a tool for collecting and ROP gadgets, features include expo...
bannedit authored
1 #!/usr/bin/env ruby
d656e31 HD Moore Mark all libraries as defaulting to 8-bit strings
hmoore-r7 authored
2 # -*- coding: binary -*-
a0c2321 bannedit Add msfrop, a tool for collecting and ROP gadgets, features include expo...
bannedit authored
3 #
4 # $Id$
5 #
6 # This tool will collect, export, and import ROP gadgets
7 # from various file formats (PE, ELF, Macho)
8 # $Revision$
9 #
10
11 msfbase = __FILE__
12 while File.symlink?(msfbase)
13 msfbase = File.expand_path(File.readlink(msfbase), File.dirname(msfbase))
14 end
15
bdf8d06 HD Moore Load from the absolute, not relative path
hmoore-r7 authored
16 $:.unshift(File.expand_path(File.join(File.dirname(msfbase), 'lib')))
bfc32f4 Adds fastlib and lib/metasploit.fastlib to the include path
HD Moore authored
17 require 'fastlib'
4bcbdc5 Tod Beardsley Cutting over rails3 to master.
todb authored
18 require 'msfenv'
bfc32f4 Adds fastlib and lib/metasploit.fastlib to the include path
HD Moore authored
19
7d2b2b1 HD Moore Fix up bad line removals
hmoore-r7 authored
20
bfc32f4 Adds fastlib and lib/metasploit.fastlib to the include path
HD Moore authored
21
a0c2321 bannedit Add msfrop, a tool for collecting and ROP gadgets, features include expo...
bannedit authored
22 $:.unshift(ENV['MSF_LOCAL_LIB']) if ENV['MSF_LOCAL_LIB']
23
24 require 'rex'
25 require 'rex/ropbuilder'
26 require 'rex/ui/text/output/stdio'
27 require 'rex/ui/text/color'
28 require 'optparse'
29
30 def opt2i(o)
31 o.index("0x")==0 ? o.hex : o.to_i
32 end
33
34 opts = {}
8eaf46e bannedit Add support to disable color
bannedit authored
35 color = true
a0c2321 bannedit Add msfrop, a tool for collecting and ROP gadgets, features include expo...
bannedit authored
36
37 opt = OptionParser.new
38 opt.banner = "Usage #{$PROGRAM_NAME} <option> [targets]"
39 opt.separator('')
40 opt.separator('Options:')
41
42 opt.on('-d', '--depth [size]', 'Number of maximum bytes to backwards disassemble from return instructions') do |d|
43 opts[:depth] = opt2i(d)
44 end
45
46 opt.on('-s', '--search [regex]', 'Search for gadgets matching a regex, match intel syntax or raw bytes') do |regex|
47 opts[:pattern] = regex
48 end
49
8eaf46e bannedit Add support to disable color
bannedit authored
50 opt.on('-n', '--nocolor', 'Disable color. Useful for piping to other tools like the less and more commands') do
51 color = false
52 end
53
a0c2321 bannedit Add msfrop, a tool for collecting and ROP gadgets, features include expo...
bannedit authored
54 opt.on('-x', '--export [filename]', 'Export gadgets to CSV format') do |csv|
55 opts[:export] = csv
56 end
57
58 opt.on('-i', '--import [filename]', 'Import gadgets from previous collections') do |csv|
59 opts[:import] = csv
60 end
61
62 opt.on('-v', '--verbose', 'Output very verbosely') do
63 opts[:verbose] = true
64 end
65
66 opt.on_tail('-h', '--help', 'Show this message') do
67 puts opt
68 exit(1)
69 end
70
71 begin
72 opt.parse!
73 rescue OptionParser::InvalidOption
74 puts "Invalid option, try -h for usage"
75 exit(1)
76 end
77
8eaf46e bannedit Add support to disable color
bannedit authored
78 if opts.empty? and (ARGV.empty? or ARGV.nil?)
b6b8aa0 bannedit moved the default option setting and fixed option checks to display help
bannedit authored
79 puts "no options"
80 puts opt
81 exit(1)
82 end
83
84 # set defaults
54f9ea7 bannedit code clean ups, fixes a bug in gadget collection, adds gadget grouping
bannedit authored
85 opts[:depth] ||= 5
b6b8aa0 bannedit moved the default option setting and fixed option checks to display help
bannedit authored
86
a0c2321 bannedit Add msfrop, a tool for collecting and ROP gadgets, features include expo...
bannedit authored
87 gadgets = []
88
89 if opts[:import].nil?
90 files = []
91 ARGV.each do |file|
92 if(File.directory?(file))
93 dir = Dir.open(file)
94 dir.entries.each do |ent|
95 path = File.join(file, ent)
96 next if not File.file?(path)
97 files << File.join(path)
98 end
99 else
100 files << file
101 end
102 end
103
104 ropbuilder = Rex::RopBuilder::RopCollect.new
8eaf46e bannedit Add support to disable color
bannedit authored
105
a0c2321 bannedit Add msfrop, a tool for collecting and ROP gadgets, features include expo...
bannedit authored
106 files.each do |file|
54f9ea7 bannedit code clean ups, fixes a bug in gadget collection, adds gadget grouping
bannedit authored
107 ret, retn = []
a0c2321 bannedit Add msfrop, a tool for collecting and ROP gadgets, features include expo...
bannedit authored
108 ropbuilder = Rex::RopBuilder::RopCollect.new(file)
8eaf46e bannedit Add support to disable color
bannedit authored
109 ropbuilder.print_msg("Collecting gadgets from %bld%cya#{file}%clr\n", color)
54f9ea7 bannedit code clean ups, fixes a bug in gadget collection, adds gadget grouping
bannedit authored
110 retn = ropbuilder.collect(opts[:depth], "\xc2") # retn
111 ret = ropbuilder.collect(opts[:depth], "\xc3") # ret
112 ropbuilder.print_msg("Found %grn#{ret.count + retn.count}%clr gadgets\n\n", color)
a0c2321 bannedit Add msfrop, a tool for collecting and ROP gadgets, features include expo...
bannedit authored
113
114 # compile a list of all gadgets from all files
54f9ea7 bannedit code clean ups, fixes a bug in gadget collection, adds gadget grouping
bannedit authored
115 ret.each do |gadget|
a0c2321 bannedit Add msfrop, a tool for collecting and ROP gadgets, features include expo...
bannedit authored
116 gadgets << gadget
54f9ea7 bannedit code clean ups, fixes a bug in gadget collection, adds gadget grouping
bannedit authored
117 if opts[:verbose]
118 ropbuilder.print_msg("#{gadget[:file]} gadget: %bld%grn#{gadget[:address]}%clr\n", color)
119 ropbuilder.print_msg("#{gadget[:disasm]}\n", color)
120 end
a0c2321 bannedit Add msfrop, a tool for collecting and ROP gadgets, features include expo...
bannedit authored
121 end
122
54f9ea7 bannedit code clean ups, fixes a bug in gadget collection, adds gadget grouping
bannedit authored
123 retn.each do |gadget|
124 gadgets << gadget
125 if opts[:verbose]
126 ropbuilder.print_msg("#{gadget[:file]} gadget: %bld%grn#{gadget[:address]}%clr\n", color)
127 ropbuilder.print_msg("#{gadget[:disasm]}\n", color)
128 end
a0c2321 bannedit Add msfrop, a tool for collecting and ROP gadgets, features include expo...
bannedit authored
129 end
54f9ea7 bannedit code clean ups, fixes a bug in gadget collection, adds gadget grouping
bannedit authored
130
a0c2321 bannedit Add msfrop, a tool for collecting and ROP gadgets, features include expo...
bannedit authored
131 end
54f9ea7 bannedit code clean ups, fixes a bug in gadget collection, adds gadget grouping
bannedit authored
132
8eaf46e bannedit Add support to disable color
bannedit authored
133 ropbuilder.print_msg("Found %bld%grn#{gadgets.count}%clr gadgets total\n\n", color)
a0c2321 bannedit Add msfrop, a tool for collecting and ROP gadgets, features include expo...
bannedit authored
134 end
135
136 if opts[:import]
137
138 ropbuilder = Rex::RopBuilder::RopCollect.new()
8eaf46e bannedit Add support to disable color
bannedit authored
139 ropbuilder.print_msg("Importing gadgets from %bld%cya#{opts[:import]}\n", color)
a0c2321 bannedit Add msfrop, a tool for collecting and ROP gadgets, features include expo...
bannedit authored
140 gadgets = ropbuilder.import(opts[:import])
141
142 gadgets.each do |gadget|
8eaf46e bannedit Add support to disable color
bannedit authored
143 ropbuilder.print_msg("gadget: %bld%cya#{gadget[:address]}%clr\n", color)
144 ropbuilder.print_msg(gadget[:disasm] + "\n", color)
a0c2321 bannedit Add msfrop, a tool for collecting and ROP gadgets, features include expo...
bannedit authored
145 end
146
8eaf46e bannedit Add support to disable color
bannedit authored
147 ropbuilder.print_msg("Imported %grn#{gadgets.count}%clr gadgets\n", color)
a0c2321 bannedit Add msfrop, a tool for collecting and ROP gadgets, features include expo...
bannedit authored
148 end
149
150 if opts[:pattern]
151 matches = ropbuilder.pattern_search(opts[:pattern])
152 if opts[:verbose]
8eaf46e bannedit Add support to disable color
bannedit authored
153 ropbuilder.print_msg("Found %grn#{matches.count}%clr matches\n", color)
a0c2321 bannedit Add msfrop, a tool for collecting and ROP gadgets, features include expo...
bannedit authored
154 end
155 end
156
157 if opts[:export]
8eaf46e bannedit Add support to disable color
bannedit authored
158 ropbuilder.print_msg("Exporting %grn#{gadgets.count}%clr gadgets to %bld%cya#{opts[:export]}%clr\n", color)
a0c2321 bannedit Add msfrop, a tool for collecting and ROP gadgets, features include expo...
bannedit authored
159 csv = ropbuilder.to_csv(gadgets)
8fd04c7 bannedit fixes some bugs in msfrop
bannedit authored
160
161 if csv.nil?
162 exit(1)
163 end
164
a0c2321 bannedit Add msfrop, a tool for collecting and ROP gadgets, features include expo...
bannedit authored
165 begin
166 fd = File.new(opts[:export], 'w')
167 fd.puts csv
168 fd.close
169 rescue
170 puts "Error writing #{opts[:export]} file"
171 exit(1)
172 end
5905ef3 Joshua J. Drake msftidy pass on msf*
jduck authored
173 ropbuilder.print_msg("%bld%redSuccess!%clr gadgets exported to %bld%cya#{opts[:export]}%clr\n", color)
a0c2321 bannedit Add msfrop, a tool for collecting and ROP gadgets, features include expo...
bannedit authored
174 end
Something went wrong with that request. Please try again.