Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Newer
Older
100755 175 lines (139 sloc) 4.175 kB
a0c2321 @bannedit Add msfrop, a tool for collecting and ROP gadgets, features include e…
bannedit authored
1 #!/usr/bin/env ruby
d656e31 @hmoore-r7 Mark all libraries as defaulting to 8-bit strings
hmoore-r7 authored
2 # -*- coding: binary -*-
a0c2321 @bannedit Add msfrop, a tool for collecting and ROP gadgets, features include e…
bannedit authored
3 #
4 # $Id$
5 #
6 # This tool will collect, export, and import ROP gadgets
7 # from various file formats (PE, ELF, Macho)
8 # $Revision$
9 #
10
11 msfbase = __FILE__
12 while File.symlink?(msfbase)
13 msfbase = File.expand_path(File.readlink(msfbase), File.dirname(msfbase))
14 end
15
bdf8d06 @hmoore-r7 Load from the absolute, not relative path
hmoore-r7 authored
16 $:.unshift(File.expand_path(File.join(File.dirname(msfbase), 'lib')))
bfc32f4 Adds fastlib and lib/metasploit.fastlib to the include path
HD Moore authored
17 require 'fastlib'
4bcbdc5 @todb Cutting over rails3 to master.
todb authored
18 require 'msfenv'
bfc32f4 Adds fastlib and lib/metasploit.fastlib to the include path
HD Moore authored
19
7d2b2b1 @hmoore-r7 Fix up bad line removals
hmoore-r7 authored
20
bfc32f4 Adds fastlib and lib/metasploit.fastlib to the include path
HD Moore authored
21
a0c2321 @bannedit Add msfrop, a tool for collecting and ROP gadgets, features include e…
bannedit authored
22 $:.unshift(ENV['MSF_LOCAL_LIB']) if ENV['MSF_LOCAL_LIB']
23
24 require 'rex'
25 require 'rex/ropbuilder'
26 require 'rex/ui/text/output/stdio'
27 require 'rex/ui/text/color'
28 require 'optparse'
29
30 def opt2i(o)
31 o.index("0x")==0 ? o.hex : o.to_i
32 end
33
34 opts = {}
8eaf46e @bannedit Add support to disable color
bannedit authored
35 color = true
a0c2321 @bannedit Add msfrop, a tool for collecting and ROP gadgets, features include e…
bannedit authored
36
37 opt = OptionParser.new
38 opt.banner = "Usage #{$PROGRAM_NAME} <option> [targets]"
39 opt.separator('')
40 opt.separator('Options:')
41
42 opt.on('-d', '--depth [size]', 'Number of maximum bytes to backwards disassemble from return instructions') do |d|
43 opts[:depth] = opt2i(d)
44 end
45
46 opt.on('-s', '--search [regex]', 'Search for gadgets matching a regex, match intel syntax or raw bytes') do |regex|
47 opts[:pattern] = regex
48 end
49
8eaf46e @bannedit Add support to disable color
bannedit authored
50 opt.on('-n', '--nocolor', 'Disable color. Useful for piping to other tools like the less and more commands') do
51 color = false
52 end
53
a0c2321 @bannedit Add msfrop, a tool for collecting and ROP gadgets, features include e…
bannedit authored
54 opt.on('-x', '--export [filename]', 'Export gadgets to CSV format') do |csv|
55 opts[:export] = csv
56 end
57
58 opt.on('-i', '--import [filename]', 'Import gadgets from previous collections') do |csv|
59 opts[:import] = csv
60 end
61
62 opt.on('-v', '--verbose', 'Output very verbosely') do
63 opts[:verbose] = true
64 end
65
66 opt.on_tail('-h', '--help', 'Show this message') do
67 puts opt
68 exit(1)
69 end
70
71 begin
72 opt.parse!
73 rescue OptionParser::InvalidOption
74 puts "Invalid option, try -h for usage"
75 exit(1)
76 end
77
8eaf46e @bannedit Add support to disable color
bannedit authored
78 if opts.empty? and (ARGV.empty? or ARGV.nil?)
b6b8aa0 @bannedit moved the default option setting and fixed option checks to display help
bannedit authored
79 puts "no options"
80 puts opt
81 exit(1)
82 end
83
84 # set defaults
54f9ea7 @bannedit code clean ups, fixes a bug in gadget collection, adds gadget grouping
bannedit authored
85 opts[:depth] ||= 5
b6b8aa0 @bannedit moved the default option setting and fixed option checks to display help
bannedit authored
86
a0c2321 @bannedit Add msfrop, a tool for collecting and ROP gadgets, features include e…
bannedit authored
87 gadgets = []
88
89 if opts[:import].nil?
90 files = []
91 ARGV.each do |file|
92 if(File.directory?(file))
93 dir = Dir.open(file)
94 dir.entries.each do |ent|
95 path = File.join(file, ent)
96 next if not File.file?(path)
97 files << File.join(path)
98 end
99 else
100 files << file
101 end
102 end
103
104 ropbuilder = Rex::RopBuilder::RopCollect.new
8eaf46e @bannedit Add support to disable color
bannedit authored
105
a0c2321 @bannedit Add msfrop, a tool for collecting and ROP gadgets, features include e…
bannedit authored
106 files.each do |file|
54f9ea7 @bannedit code clean ups, fixes a bug in gadget collection, adds gadget grouping
bannedit authored
107 ret, retn = []
a0c2321 @bannedit Add msfrop, a tool for collecting and ROP gadgets, features include e…
bannedit authored
108 ropbuilder = Rex::RopBuilder::RopCollect.new(file)
8eaf46e @bannedit Add support to disable color
bannedit authored
109 ropbuilder.print_msg("Collecting gadgets from %bld%cya#{file}%clr\n", color)
54f9ea7 @bannedit code clean ups, fixes a bug in gadget collection, adds gadget grouping
bannedit authored
110 retn = ropbuilder.collect(opts[:depth], "\xc2") # retn
111 ret = ropbuilder.collect(opts[:depth], "\xc3") # ret
112 ropbuilder.print_msg("Found %grn#{ret.count + retn.count}%clr gadgets\n\n", color)
a0c2321 @bannedit Add msfrop, a tool for collecting and ROP gadgets, features include e…
bannedit authored
113
114 # compile a list of all gadgets from all files
54f9ea7 @bannedit code clean ups, fixes a bug in gadget collection, adds gadget grouping
bannedit authored
115 ret.each do |gadget|
a0c2321 @bannedit Add msfrop, a tool for collecting and ROP gadgets, features include e…
bannedit authored
116 gadgets << gadget
54f9ea7 @bannedit code clean ups, fixes a bug in gadget collection, adds gadget grouping
bannedit authored
117 if opts[:verbose]
118 ropbuilder.print_msg("#{gadget[:file]} gadget: %bld%grn#{gadget[:address]}%clr\n", color)
119 ropbuilder.print_msg("#{gadget[:disasm]}\n", color)
120 end
a0c2321 @bannedit Add msfrop, a tool for collecting and ROP gadgets, features include e…
bannedit authored
121 end
122
54f9ea7 @bannedit code clean ups, fixes a bug in gadget collection, adds gadget grouping
bannedit authored
123 retn.each do |gadget|
124 gadgets << gadget
125 if opts[:verbose]
126 ropbuilder.print_msg("#{gadget[:file]} gadget: %bld%grn#{gadget[:address]}%clr\n", color)
127 ropbuilder.print_msg("#{gadget[:disasm]}\n", color)
128 end
a0c2321 @bannedit Add msfrop, a tool for collecting and ROP gadgets, features include e…
bannedit authored
129 end
54f9ea7 @bannedit code clean ups, fixes a bug in gadget collection, adds gadget grouping
bannedit authored
130
a0c2321 @bannedit Add msfrop, a tool for collecting and ROP gadgets, features include e…
bannedit authored
131 end
54f9ea7 @bannedit code clean ups, fixes a bug in gadget collection, adds gadget grouping
bannedit authored
132
8eaf46e @bannedit Add support to disable color
bannedit authored
133 ropbuilder.print_msg("Found %bld%grn#{gadgets.count}%clr gadgets total\n\n", color)
a0c2321 @bannedit Add msfrop, a tool for collecting and ROP gadgets, features include e…
bannedit authored
134 end
135
136 if opts[:import]
137
138 ropbuilder = Rex::RopBuilder::RopCollect.new()
8eaf46e @bannedit Add support to disable color
bannedit authored
139 ropbuilder.print_msg("Importing gadgets from %bld%cya#{opts[:import]}\n", color)
a0c2321 @bannedit Add msfrop, a tool for collecting and ROP gadgets, features include e…
bannedit authored
140 gadgets = ropbuilder.import(opts[:import])
141
142 gadgets.each do |gadget|
8eaf46e @bannedit Add support to disable color
bannedit authored
143 ropbuilder.print_msg("gadget: %bld%cya#{gadget[:address]}%clr\n", color)
144 ropbuilder.print_msg(gadget[:disasm] + "\n", color)
a0c2321 @bannedit Add msfrop, a tool for collecting and ROP gadgets, features include e…
bannedit authored
145 end
146
8eaf46e @bannedit Add support to disable color
bannedit authored
147 ropbuilder.print_msg("Imported %grn#{gadgets.count}%clr gadgets\n", color)
a0c2321 @bannedit Add msfrop, a tool for collecting and ROP gadgets, features include e…
bannedit authored
148 end
149
150 if opts[:pattern]
151 matches = ropbuilder.pattern_search(opts[:pattern])
152 if opts[:verbose]
8eaf46e @bannedit Add support to disable color
bannedit authored
153 ropbuilder.print_msg("Found %grn#{matches.count}%clr matches\n", color)
a0c2321 @bannedit Add msfrop, a tool for collecting and ROP gadgets, features include e…
bannedit authored
154 end
155 end
156
157 if opts[:export]
8eaf46e @bannedit Add support to disable color
bannedit authored
158 ropbuilder.print_msg("Exporting %grn#{gadgets.count}%clr gadgets to %bld%cya#{opts[:export]}%clr\n", color)
a0c2321 @bannedit Add msfrop, a tool for collecting and ROP gadgets, features include e…
bannedit authored
159 csv = ropbuilder.to_csv(gadgets)
8fd04c7 @bannedit fixes some bugs in msfrop
bannedit authored
160
161 if csv.nil?
162 exit(1)
163 end
164
a0c2321 @bannedit Add msfrop, a tool for collecting and ROP gadgets, features include e…
bannedit authored
165 begin
166 fd = File.new(opts[:export], 'w')
167 fd.puts csv
168 fd.close
169 rescue
170 puts "Error writing #{opts[:export]} file"
171 exit(1)
172 end
5905ef3 @jduck msftidy pass on msf*
jduck authored
173 ropbuilder.print_msg("%bld%redSuccess!%clr gadgets exported to %bld%cya#{opts[:export]}%clr\n", color)
a0c2321 @bannedit Add msfrop, a tool for collecting and ROP gadgets, features include e…
bannedit authored
174 end
Something went wrong with that request. Please try again.