Skip to content
This repository
Newer
Older
100755 172 lines (138 sloc) 4.188 kb
a0c2321e » bannedit
2011-06-10 Add msfrop, a tool for collecting and ROP gadgets, features include e…
1 #!/usr/bin/env ruby
2 #
3 # $Id$
4 #
5 # This tool will collect, export, and import ROP gadgets
6 # from various file formats (PE, ELF, Macho)
7 # $Revision$
8 #
9
10 msfbase = __FILE__
11 while File.symlink?(msfbase)
12 msfbase = File.expand_path(File.readlink(msfbase), File.dirname(msfbase))
13 end
14
15 $:.unshift(File.join(File.dirname(msfbase), 'lib'))
bfc32f4a » HD Moore
2011-11-21 Adds fastlib and lib/metasploit.fastlib to the include path
16 require 'fastlib'
17
18 $:.unshift(File.join(File.dirname(msfbase), 'lib', 'metasploit.fastlib'))
19
a0c2321e » bannedit
2011-06-10 Add msfrop, a tool for collecting and ROP gadgets, features include e…
20 $:.unshift(ENV['MSF_LOCAL_LIB']) if ENV['MSF_LOCAL_LIB']
21
22 require 'rex'
23 require 'rex/ropbuilder'
24 require 'rex/ui/text/output/stdio'
25 require 'rex/ui/text/color'
26 require 'optparse'
27
28 def opt2i(o)
29 o.index("0x")==0 ? o.hex : o.to_i
30 end
31
32 opts = {}
8eaf46ec » bannedit
2011-06-10 Add support to disable color
33 color = true
a0c2321e » bannedit
2011-06-10 Add msfrop, a tool for collecting and ROP gadgets, features include e…
34
35 opt = OptionParser.new
36 opt.banner = "Usage #{$PROGRAM_NAME} <option> [targets]"
37 opt.separator('')
38 opt.separator('Options:')
39
40 opt.on('-d', '--depth [size]', 'Number of maximum bytes to backwards disassemble from return instructions') do |d|
41 opts[:depth] = opt2i(d)
42 end
43
44 opt.on('-s', '--search [regex]', 'Search for gadgets matching a regex, match intel syntax or raw bytes') do |regex|
45 opts[:pattern] = regex
46 end
47
8eaf46ec » bannedit
2011-06-10 Add support to disable color
48 opt.on('-n', '--nocolor', 'Disable color. Useful for piping to other tools like the less and more commands') do
49 color = false
50 end
51
a0c2321e » bannedit
2011-06-10 Add msfrop, a tool for collecting and ROP gadgets, features include e…
52 opt.on('-x', '--export [filename]', 'Export gadgets to CSV format') do |csv|
53 opts[:export] = csv
54 end
55
56 opt.on('-i', '--import [filename]', 'Import gadgets from previous collections') do |csv|
57 opts[:import] = csv
58 end
59
60 opt.on('-v', '--verbose', 'Output very verbosely') do
61 opts[:verbose] = true
62 end
63
64 opt.on_tail('-h', '--help', 'Show this message') do
65 puts opt
66 exit(1)
67 end
68
69 begin
70 opt.parse!
71 rescue OptionParser::InvalidOption
72 puts "Invalid option, try -h for usage"
73 exit(1)
74 end
75
8eaf46ec » bannedit
2011-06-10 Add support to disable color
76 if opts.empty? and (ARGV.empty? or ARGV.nil?)
b6b8aa0f » bannedit
2011-06-10 moved the default option setting and fixed option checks to display help
77 puts "no options"
78 puts opt
79 exit(1)
80 end
81
82 # set defaults
54f9ea7c » bannedit
2011-06-11 code clean ups, fixes a bug in gadget collection, adds gadget grouping
83 opts[:depth] ||= 5
b6b8aa0f » bannedit
2011-06-10 moved the default option setting and fixed option checks to display help
84
a0c2321e » bannedit
2011-06-10 Add msfrop, a tool for collecting and ROP gadgets, features include e…
85 gadgets = []
86
87 if opts[:import].nil?
88 files = []
89 ARGV.each do |file|
90 if(File.directory?(file))
91 dir = Dir.open(file)
92 dir.entries.each do |ent|
93 path = File.join(file, ent)
94 next if not File.file?(path)
95 files << File.join(path)
96 end
97 else
98 files << file
99 end
100 end
101
102 ropbuilder = Rex::RopBuilder::RopCollect.new
8eaf46ec » bannedit
2011-06-10 Add support to disable color
103
a0c2321e » bannedit
2011-06-10 Add msfrop, a tool for collecting and ROP gadgets, features include e…
104 files.each do |file|
54f9ea7c » bannedit
2011-06-11 code clean ups, fixes a bug in gadget collection, adds gadget grouping
105 ret, retn = []
a0c2321e » bannedit
2011-06-10 Add msfrop, a tool for collecting and ROP gadgets, features include e…
106 ropbuilder = Rex::RopBuilder::RopCollect.new(file)
8eaf46ec » bannedit
2011-06-10 Add support to disable color
107 ropbuilder.print_msg("Collecting gadgets from %bld%cya#{file}%clr\n", color)
54f9ea7c » bannedit
2011-06-11 code clean ups, fixes a bug in gadget collection, adds gadget grouping
108 retn = ropbuilder.collect(opts[:depth], "\xc2") # retn
109 ret = ropbuilder.collect(opts[:depth], "\xc3") # ret
110 ropbuilder.print_msg("Found %grn#{ret.count + retn.count}%clr gadgets\n\n", color)
a0c2321e » bannedit
2011-06-10 Add msfrop, a tool for collecting and ROP gadgets, features include e…
111
112 # compile a list of all gadgets from all files
54f9ea7c » bannedit
2011-06-11 code clean ups, fixes a bug in gadget collection, adds gadget grouping
113 ret.each do |gadget|
a0c2321e » bannedit
2011-06-10 Add msfrop, a tool for collecting and ROP gadgets, features include e…
114 gadgets << gadget
54f9ea7c » bannedit
2011-06-11 code clean ups, fixes a bug in gadget collection, adds gadget grouping
115 if opts[:verbose]
116 ropbuilder.print_msg("#{gadget[:file]} gadget: %bld%grn#{gadget[:address]}%clr\n", color)
117 ropbuilder.print_msg("#{gadget[:disasm]}\n", color)
118 end
a0c2321e » bannedit
2011-06-10 Add msfrop, a tool for collecting and ROP gadgets, features include e…
119 end
120
54f9ea7c » bannedit
2011-06-11 code clean ups, fixes a bug in gadget collection, adds gadget grouping
121 retn.each do |gadget|
122 gadgets << gadget
123 if opts[:verbose]
124 ropbuilder.print_msg("#{gadget[:file]} gadget: %bld%grn#{gadget[:address]}%clr\n", color)
125 ropbuilder.print_msg("#{gadget[:disasm]}\n", color)
126 end
a0c2321e » bannedit
2011-06-10 Add msfrop, a tool for collecting and ROP gadgets, features include e…
127 end
54f9ea7c » bannedit
2011-06-11 code clean ups, fixes a bug in gadget collection, adds gadget grouping
128
a0c2321e » bannedit
2011-06-10 Add msfrop, a tool for collecting and ROP gadgets, features include e…
129 end
54f9ea7c » bannedit
2011-06-11 code clean ups, fixes a bug in gadget collection, adds gadget grouping
130
8eaf46ec » bannedit
2011-06-10 Add support to disable color
131 ropbuilder.print_msg("Found %bld%grn#{gadgets.count}%clr gadgets total\n\n", color)
a0c2321e » bannedit
2011-06-10 Add msfrop, a tool for collecting and ROP gadgets, features include e…
132 end
133
134 if opts[:import]
135
136 ropbuilder = Rex::RopBuilder::RopCollect.new()
8eaf46ec » bannedit
2011-06-10 Add support to disable color
137 ropbuilder.print_msg("Importing gadgets from %bld%cya#{opts[:import]}\n", color)
a0c2321e » bannedit
2011-06-10 Add msfrop, a tool for collecting and ROP gadgets, features include e…
138 gadgets = ropbuilder.import(opts[:import])
139
140 gadgets.each do |gadget|
8eaf46ec » bannedit
2011-06-10 Add support to disable color
141 ropbuilder.print_msg("gadget: %bld%cya#{gadget[:address]}%clr\n", color)
142 ropbuilder.print_msg(gadget[:disasm] + "\n", color)
a0c2321e » bannedit
2011-06-10 Add msfrop, a tool for collecting and ROP gadgets, features include e…
143 end
144
8eaf46ec » bannedit
2011-06-10 Add support to disable color
145 ropbuilder.print_msg("Imported %grn#{gadgets.count}%clr gadgets\n", color)
a0c2321e » bannedit
2011-06-10 Add msfrop, a tool for collecting and ROP gadgets, features include e…
146 end
147
148 if opts[:pattern]
149 matches = ropbuilder.pattern_search(opts[:pattern])
150 if opts[:verbose]
8eaf46ec » bannedit
2011-06-10 Add support to disable color
151 ropbuilder.print_msg("Found %grn#{matches.count}%clr matches\n", color)
a0c2321e » bannedit
2011-06-10 Add msfrop, a tool for collecting and ROP gadgets, features include e…
152 end
153 end
154
155 if opts[:export]
8eaf46ec » bannedit
2011-06-10 Add support to disable color
156 ropbuilder.print_msg("Exporting %grn#{gadgets.count}%clr gadgets to %bld%cya#{opts[:export]}%clr\n", color)
a0c2321e » bannedit
2011-06-10 Add msfrop, a tool for collecting and ROP gadgets, features include e…
157 csv = ropbuilder.to_csv(gadgets)
8fd04c7d » bannedit
2011-09-06 fixes some bugs in msfrop
158
159 if csv.nil?
160 exit(1)
161 end
162
a0c2321e » bannedit
2011-06-10 Add msfrop, a tool for collecting and ROP gadgets, features include e…
163 begin
164 fd = File.new(opts[:export], 'w')
165 fd.puts csv
166 fd.close
167 rescue
168 puts "Error writing #{opts[:export]} file"
169 exit(1)
170 end
5905ef3f » jduck
2011-10-23 msftidy pass on msf*
171 ropbuilder.print_msg("%bld%redSuccess!%clr gadgets exported to %bld%cya#{opts[:export]}%clr\n", color)
a0c2321e » bannedit
2011-06-10 Add msfrop, a tool for collecting and ROP gadgets, features include e…
172 end
Something went wrong with that request. Please try again.