Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Newer
Older
100755 174 lines (138 sloc) 4.304 kb
a0c2321 @bannedit Add msfrop, a tool for collecting and ROP gadgets, features include expo...
bannedit authored
1 #!/usr/bin/env ruby
d656e31 @hmoore-r7 Mark all libraries as defaulting to 8-bit strings
hmoore-r7 authored
2 # -*- coding: binary -*-
a0c2321 @bannedit Add msfrop, a tool for collecting and ROP gadgets, features include expo...
bannedit authored
3 #
4 # $Id$
5 #
6 # This tool will collect, export, and import ROP gadgets
7 # from various file formats (PE, ELF, Macho)
8 # $Revision$
9 #
10
11 msfbase = __FILE__
12 while File.symlink?(msfbase)
2e8d19e @tabassassin Retab all the things (except external/)
tabassassin authored
13 msfbase = File.expand_path(File.readlink(msfbase), File.dirname(msfbase))
a0c2321 @bannedit Add msfrop, a tool for collecting and ROP gadgets, features include expo...
bannedit authored
14 end
15
bdf8d06 @hmoore-r7 Load from the absolute, not relative path
hmoore-r7 authored
16 $:.unshift(File.expand_path(File.join(File.dirname(msfbase), 'lib')))
4bcbdc5 @todb Cutting over rails3 to master.
todb authored
17 require 'msfenv'
bfc32f4 Adds fastlib and lib/metasploit.fastlib to the include path
HD Moore authored
18
7d2b2b1 @hmoore-r7 Fix up bad line removals
hmoore-r7 authored
19
bfc32f4 Adds fastlib and lib/metasploit.fastlib to the include path
HD Moore authored
20
a0c2321 @bannedit Add msfrop, a tool for collecting and ROP gadgets, features include expo...
bannedit authored
21 $:.unshift(ENV['MSF_LOCAL_LIB']) if ENV['MSF_LOCAL_LIB']
22
23 require 'rex'
24 require 'rex/ropbuilder'
25 require 'rex/ui/text/output/stdio'
26 require 'rex/ui/text/color'
27 require 'optparse'
28
29 def opt2i(o)
2e8d19e @tabassassin Retab all the things (except external/)
tabassassin authored
30 o.index("0x")==0 ? o.hex : o.to_i
a0c2321 @bannedit Add msfrop, a tool for collecting and ROP gadgets, features include expo...
bannedit authored
31 end
32
33 opts = {}
8eaf46e @bannedit Add support to disable color
bannedit authored
34 color = true
a0c2321 @bannedit Add msfrop, a tool for collecting and ROP gadgets, features include expo...
bannedit authored
35
36 opt = OptionParser.new
37 opt.banner = "Usage #{$PROGRAM_NAME} <option> [targets]"
38 opt.separator('')
39 opt.separator('Options:')
40
41 opt.on('-d', '--depth [size]', 'Number of maximum bytes to backwards disassemble from return instructions') do |d|
2e8d19e @tabassassin Retab all the things (except external/)
tabassassin authored
42 opts[:depth] = opt2i(d)
a0c2321 @bannedit Add msfrop, a tool for collecting and ROP gadgets, features include expo...
bannedit authored
43 end
44
45 opt.on('-s', '--search [regex]', 'Search for gadgets matching a regex, match intel syntax or raw bytes') do |regex|
2e8d19e @tabassassin Retab all the things (except external/)
tabassassin authored
46 opts[:pattern] = regex
a0c2321 @bannedit Add msfrop, a tool for collecting and ROP gadgets, features include expo...
bannedit authored
47 end
48
8eaf46e @bannedit Add support to disable color
bannedit authored
49 opt.on('-n', '--nocolor', 'Disable color. Useful for piping to other tools like the less and more commands') do
2e8d19e @tabassassin Retab all the things (except external/)
tabassassin authored
50 color = false
8eaf46e @bannedit Add support to disable color
bannedit authored
51 end
52
a0c2321 @bannedit Add msfrop, a tool for collecting and ROP gadgets, features include expo...
bannedit authored
53 opt.on('-x', '--export [filename]', 'Export gadgets to CSV format') do |csv|
2e8d19e @tabassassin Retab all the things (except external/)
tabassassin authored
54 opts[:export] = csv
a0c2321 @bannedit Add msfrop, a tool for collecting and ROP gadgets, features include expo...
bannedit authored
55 end
56
57 opt.on('-i', '--import [filename]', 'Import gadgets from previous collections') do |csv|
2e8d19e @tabassassin Retab all the things (except external/)
tabassassin authored
58 opts[:import] = csv
a0c2321 @bannedit Add msfrop, a tool for collecting and ROP gadgets, features include expo...
bannedit authored
59 end
60
61 opt.on('-v', '--verbose', 'Output very verbosely') do
2e8d19e @tabassassin Retab all the things (except external/)
tabassassin authored
62 opts[:verbose] = true
a0c2321 @bannedit Add msfrop, a tool for collecting and ROP gadgets, features include expo...
bannedit authored
63 end
64
65 opt.on_tail('-h', '--help', 'Show this message') do
2e8d19e @tabassassin Retab all the things (except external/)
tabassassin authored
66 puts opt
67 exit(1)
a0c2321 @bannedit Add msfrop, a tool for collecting and ROP gadgets, features include expo...
bannedit authored
68 end
69
70 begin
2e8d19e @tabassassin Retab all the things (except external/)
tabassassin authored
71 opt.parse!
a0c2321 @bannedit Add msfrop, a tool for collecting and ROP gadgets, features include expo...
bannedit authored
72 rescue OptionParser::InvalidOption
2e8d19e @tabassassin Retab all the things (except external/)
tabassassin authored
73 puts "Invalid option, try -h for usage"
74 exit(1)
a0c2321 @bannedit Add msfrop, a tool for collecting and ROP gadgets, features include expo...
bannedit authored
75 end
76
8eaf46e @bannedit Add support to disable color
bannedit authored
77 if opts.empty? and (ARGV.empty? or ARGV.nil?)
2e8d19e @tabassassin Retab all the things (except external/)
tabassassin authored
78 puts "no options"
79 puts opt
80 exit(1)
b6b8aa0 @bannedit moved the default option setting and fixed option checks to display help
bannedit authored
81 end
82
83 # set defaults
54f9ea7 @bannedit code clean ups, fixes a bug in gadget collection, adds gadget grouping
bannedit authored
84 opts[:depth] ||= 5
b6b8aa0 @bannedit moved the default option setting and fixed option checks to display help
bannedit authored
85
a0c2321 @bannedit Add msfrop, a tool for collecting and ROP gadgets, features include expo...
bannedit authored
86 gadgets = []
87
88 if opts[:import].nil?
2e8d19e @tabassassin Retab all the things (except external/)
tabassassin authored
89 files = []
90 ARGV.each do |file|
91 if(File.directory?(file))
92 dir = Dir.open(file)
93 dir.entries.each do |ent|
94 path = File.join(file, ent)
95 next if not File.file?(path)
96 files << File.join(path)
97 end
98 else
99 files << file
100 end
101 end
102
103 ropbuilder = Rex::RopBuilder::RopCollect.new
104
105 files.each do |file|
106 ret, retn = []
107 ropbuilder = Rex::RopBuilder::RopCollect.new(file)
108 ropbuilder.print_msg("Collecting gadgets from %bld%cya#{file}%clr\n", color)
109 retn = ropbuilder.collect(opts[:depth], "\xc2") # retn
110 ret = ropbuilder.collect(opts[:depth], "\xc3") # ret
111 ropbuilder.print_msg("Found %grn#{ret.count + retn.count}%clr gadgets\n\n", color)
112
113 # compile a list of all gadgets from all files
114 ret.each do |gadget|
115 gadgets << gadget
116 if opts[:verbose]
117 ropbuilder.print_msg("#{gadget[:file]} gadget: %bld%grn#{gadget[:address]}%clr\n", color)
118 ropbuilder.print_msg("#{gadget[:disasm]}\n", color)
119 end
120 end
121
122 retn.each do |gadget|
123 gadgets << gadget
124 if opts[:verbose]
125 ropbuilder.print_msg("#{gadget[:file]} gadget: %bld%grn#{gadget[:address]}%clr\n", color)
126 ropbuilder.print_msg("#{gadget[:disasm]}\n", color)
127 end
128 end
129
130 end
131
132 ropbuilder.print_msg("Found %bld%grn#{gadgets.count}%clr gadgets total\n\n", color)
a0c2321 @bannedit Add msfrop, a tool for collecting and ROP gadgets, features include expo...
bannedit authored
133 end
134
135 if opts[:import]
136
2e8d19e @tabassassin Retab all the things (except external/)
tabassassin authored
137 ropbuilder = Rex::RopBuilder::RopCollect.new()
138 ropbuilder.print_msg("Importing gadgets from %bld%cya#{opts[:import]}\n", color)
139 gadgets = ropbuilder.import(opts[:import])
a0c2321 @bannedit Add msfrop, a tool for collecting and ROP gadgets, features include expo...
bannedit authored
140
2e8d19e @tabassassin Retab all the things (except external/)
tabassassin authored
141 gadgets.each do |gadget|
142 ropbuilder.print_msg("gadget: %bld%cya#{gadget[:address]}%clr\n", color)
143 ropbuilder.print_msg(gadget[:disasm] + "\n", color)
144 end
a0c2321 @bannedit Add msfrop, a tool for collecting and ROP gadgets, features include expo...
bannedit authored
145
2e8d19e @tabassassin Retab all the things (except external/)
tabassassin authored
146 ropbuilder.print_msg("Imported %grn#{gadgets.count}%clr gadgets\n", color)
a0c2321 @bannedit Add msfrop, a tool for collecting and ROP gadgets, features include expo...
bannedit authored
147 end
148
149 if opts[:pattern]
2e8d19e @tabassassin Retab all the things (except external/)
tabassassin authored
150 matches = ropbuilder.pattern_search(opts[:pattern])
151 if opts[:verbose]
152 ropbuilder.print_msg("Found %grn#{matches.count}%clr matches\n", color)
153 end
a0c2321 @bannedit Add msfrop, a tool for collecting and ROP gadgets, features include expo...
bannedit authored
154 end
155
156 if opts[:export]
2e8d19e @tabassassin Retab all the things (except external/)
tabassassin authored
157 ropbuilder.print_msg("Exporting %grn#{gadgets.count}%clr gadgets to %bld%cya#{opts[:export]}%clr\n", color)
158 csv = ropbuilder.to_csv(gadgets)
159
160 if csv.nil?
161 exit(1)
162 end
163
164 begin
165 fd = File.new(opts[:export], 'w')
166 fd.puts csv
167 fd.close
168 rescue
169 puts "Error writing #{opts[:export]} file"
170 exit(1)
171 end
172 ropbuilder.print_msg("%bld%redSuccess!%clr gadgets exported to %bld%cya#{opts[:export]}%clr\n", color)
a0c2321 @bannedit Add msfrop, a tool for collecting and ROP gadgets, features include expo...
bannedit authored
173 end
Something went wrong with that request. Please try again.