Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Newer
Older
100755 169 lines (136 sloc) 4.095 kb
a0c2321 @bannedit Add msfrop, a tool for collecting and ROP gadgets, features include expo...
bannedit authored
1 #!/usr/bin/env ruby
2 #
3 # $Id$
4 #
5 # This tool will collect, export, and import ROP gadgets
6 # from various file formats (PE, ELF, Macho)
7 # $Revision$
8 #
9
10 msfbase = __FILE__
11 while File.symlink?(msfbase)
12 msfbase = File.expand_path(File.readlink(msfbase), File.dirname(msfbase))
13 end
14
15 $:.unshift(File.join(File.dirname(msfbase), 'lib'))
16 $:.unshift(ENV['MSF_LOCAL_LIB']) if ENV['MSF_LOCAL_LIB']
17
18 require 'rex'
19 require 'rex/ropbuilder'
20 require 'rex/ui/text/output/stdio'
21 require 'rex/ui/text/color'
22 require 'optparse'
23
24 def opt2i(o)
25 o.index("0x")==0 ? o.hex : o.to_i
26 end
27
28 opts = {}
8eaf46e @bannedit Add support to disable color
bannedit authored
29 color = true
a0c2321 @bannedit Add msfrop, a tool for collecting and ROP gadgets, features include expo...
bannedit authored
30
31 opt = OptionParser.new
32 opt.banner = "Usage #{$PROGRAM_NAME} <option> [targets]"
33 opt.separator('')
34 opt.separator('Options:')
35
36 opt.on('-d', '--depth [size]', 'Number of maximum bytes to backwards disassemble from return instructions') do |d|
37 opts[:depth] = opt2i(d)
38 end
39
40 opt.on('-s', '--search [regex]', 'Search for gadgets matching a regex, match intel syntax or raw bytes') do |regex|
41 opts[:pattern] = regex
42 end
43
8eaf46e @bannedit Add support to disable color
bannedit authored
44 opt.on('-n', '--nocolor', 'Disable color. Useful for piping to other tools like the less and more commands') do
45 color = false
46 end
47
a0c2321 @bannedit Add msfrop, a tool for collecting and ROP gadgets, features include expo...
bannedit authored
48 opt.on('-x', '--export [filename]', 'Export gadgets to CSV format') do |csv|
49 opts[:export] = csv
50 end
51
52 opt.on('-i', '--import [filename]', 'Import gadgets from previous collections') do |csv|
53 opts[:import] = csv
54 end
55
56 opt.on('-v', '--verbose', 'Output very verbosely') do
57 opts[:verbose] = true
58 end
59
60 opt.on_tail('-h', '--help', 'Show this message') do
61 puts opt
62 exit(1)
63 end
64
65 begin
66 opt.parse!
67 rescue OptionParser::InvalidOption
68 puts "Invalid option, try -h for usage"
69 exit(1)
70 end
71
8eaf46e @bannedit Add support to disable color
bannedit authored
72 if opts.empty? and (ARGV.empty? or ARGV.nil?)
b6b8aa0 @bannedit moved the default option setting and fixed option checks to display help
bannedit authored
73 puts "no options"
74 puts opt
75 exit(1)
76 end
77
78 # set defaults
54f9ea7 @bannedit code clean ups, fixes a bug in gadget collection, adds gadget grouping
bannedit authored
79 opts[:depth] ||= 5
b6b8aa0 @bannedit moved the default option setting and fixed option checks to display help
bannedit authored
80
a0c2321 @bannedit Add msfrop, a tool for collecting and ROP gadgets, features include expo...
bannedit authored
81 gadgets = []
82
83 if opts[:import].nil?
84 files = []
85 ARGV.each do |file|
86 if(File.directory?(file))
87 dir = Dir.open(file)
88 dir.entries.each do |ent|
89 path = File.join(file, ent)
90 next if not File.file?(path)
91 files << File.join(path)
92 end
93 else
94 files << file
95 end
96 end
97
98 ropbuilder = Rex::RopBuilder::RopCollect.new
8eaf46e @bannedit Add support to disable color
bannedit authored
99
a0c2321 @bannedit Add msfrop, a tool for collecting and ROP gadgets, features include expo...
bannedit authored
100 files.each do |file|
54f9ea7 @bannedit code clean ups, fixes a bug in gadget collection, adds gadget grouping
bannedit authored
101 ret, retn = []
a0c2321 @bannedit Add msfrop, a tool for collecting and ROP gadgets, features include expo...
bannedit authored
102 ropbuilder = Rex::RopBuilder::RopCollect.new(file)
8eaf46e @bannedit Add support to disable color
bannedit authored
103 ropbuilder.print_msg("Collecting gadgets from %bld%cya#{file}%clr\n", color)
54f9ea7 @bannedit code clean ups, fixes a bug in gadget collection, adds gadget grouping
bannedit authored
104 retn = ropbuilder.collect(opts[:depth], "\xc2") # retn
105 ret = ropbuilder.collect(opts[:depth], "\xc3") # ret
106 ropbuilder.print_msg("Found %grn#{ret.count + retn.count}%clr gadgets\n\n", color)
a0c2321 @bannedit Add msfrop, a tool for collecting and ROP gadgets, features include expo...
bannedit authored
107
108 # compile a list of all gadgets from all files
54f9ea7 @bannedit code clean ups, fixes a bug in gadget collection, adds gadget grouping
bannedit authored
109 ret.each do |gadget|
a0c2321 @bannedit Add msfrop, a tool for collecting and ROP gadgets, features include expo...
bannedit authored
110 gadgets << gadget
54f9ea7 @bannedit code clean ups, fixes a bug in gadget collection, adds gadget grouping
bannedit authored
111 if opts[:verbose]
112 ropbuilder.print_msg("#{gadget[:file]} gadget: %bld%grn#{gadget[:address]}%clr\n", color)
113 ropbuilder.print_msg("#{gadget[:disasm]}\n", color)
114 end
a0c2321 @bannedit Add msfrop, a tool for collecting and ROP gadgets, features include expo...
bannedit authored
115 end
116
54f9ea7 @bannedit code clean ups, fixes a bug in gadget collection, adds gadget grouping
bannedit authored
117 retn.each do |gadget|
118 gadgets << gadget
119 if opts[:verbose]
120 ropbuilder.print_msg("#{gadget[:file]} gadget: %bld%grn#{gadget[:address]}%clr\n", color)
121 ropbuilder.print_msg("#{gadget[:disasm]}\n", color)
122 end
a0c2321 @bannedit Add msfrop, a tool for collecting and ROP gadgets, features include expo...
bannedit authored
123 end
54f9ea7 @bannedit code clean ups, fixes a bug in gadget collection, adds gadget grouping
bannedit authored
124
a0c2321 @bannedit Add msfrop, a tool for collecting and ROP gadgets, features include expo...
bannedit authored
125 end
54f9ea7 @bannedit code clean ups, fixes a bug in gadget collection, adds gadget grouping
bannedit authored
126
8eaf46e @bannedit Add support to disable color
bannedit authored
127 ropbuilder.print_msg("Found %bld%grn#{gadgets.count}%clr gadgets total\n\n", color)
a0c2321 @bannedit Add msfrop, a tool for collecting and ROP gadgets, features include expo...
bannedit authored
128 end
129
130 if opts[:import]
131
132 ropbuilder = Rex::RopBuilder::RopCollect.new()
8eaf46e @bannedit Add support to disable color
bannedit authored
133 ropbuilder.print_msg("Importing gadgets from %bld%cya#{opts[:import]}\n", color)
a0c2321 @bannedit Add msfrop, a tool for collecting and ROP gadgets, features include expo...
bannedit authored
134 gadgets = ropbuilder.import(opts[:import])
135
136 gadgets.each do |gadget|
8eaf46e @bannedit Add support to disable color
bannedit authored
137 ropbuilder.print_msg("gadget: %bld%cya#{gadget[:address]}%clr\n", color)
138 ropbuilder.print_msg(gadget[:disasm] + "\n", color)
a0c2321 @bannedit Add msfrop, a tool for collecting and ROP gadgets, features include expo...
bannedit authored
139 end
140
8eaf46e @bannedit Add support to disable color
bannedit authored
141 ropbuilder.print_msg("Imported %grn#{gadgets.count}%clr gadgets\n", color)
a0c2321 @bannedit Add msfrop, a tool for collecting and ROP gadgets, features include expo...
bannedit authored
142 end
143
144 if opts[:pattern]
145 matches = ropbuilder.pattern_search(opts[:pattern])
146 if opts[:verbose]
8eaf46e @bannedit Add support to disable color
bannedit authored
147 ropbuilder.print_msg("Found %grn#{matches.count}%clr matches\n", color)
a0c2321 @bannedit Add msfrop, a tool for collecting and ROP gadgets, features include expo...
bannedit authored
148 end
149 end
150
151 if opts[:export]
8eaf46e @bannedit Add support to disable color
bannedit authored
152 ropbuilder.print_msg("Exporting %grn#{gadgets.count}%clr gadgets to %bld%cya#{opts[:export]}%clr\n", color)
a0c2321 @bannedit Add msfrop, a tool for collecting and ROP gadgets, features include expo...
bannedit authored
153 csv = ropbuilder.to_csv(gadgets)
8fd04c7 @bannedit fixes some bugs in msfrop
bannedit authored
154
155 if csv.nil?
156 exit(1)
157 end
158
a0c2321 @bannedit Add msfrop, a tool for collecting and ROP gadgets, features include expo...
bannedit authored
159 begin
160 fd = File.new(opts[:export], 'w')
161 fd.puts csv
162 fd.close
163 rescue
164 puts "Error writing #{opts[:export]} file"
165 exit(1)
166 end
8eaf46e @bannedit Add support to disable color
bannedit authored
167 ropbuilder.print_msg("%bld%redSuccess!%clr gadgets exported to %bld%cya#{opts[:export]}%clr\n", color)
a0c2321 @bannedit Add msfrop, a tool for collecting and ROP gadgets, features include expo...
bannedit authored
168 end
Something went wrong with that request. Please try again.