{"id":37179516,"url":"https://github.com/chris-sahyouni/iago","last_synced_at":"2026-01-14T20:53:23.177Z","repository":{"id":279294673,"uuid":"850886128","full_name":"Chris-Sahyouni/Iago","owner":"Chris-Sahyouni","description":"A tool for crafting Return-Oriented-Programming payloads","archived":false,"fork":false,"pushed_at":"2025-05-05T15:34:40.000Z","size":92,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-05-05T16:48:36.692Z","etag":null,"topics":["go","pentesting","return-oriented-programming","tool"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Chris-Sahyouni.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2024-09-02T02:44:53.000Z","updated_at":"2025-05-05T15:34:43.000Z","dependencies_parsed_at":"2025-03-16T22:27:05.709Z","dependency_job_id":"f6c6928e-1e37-4985-b9f2-eba61c79b704","html_url":"https://github.com/Chris-Sahyouni/Iago","commit_stats":null,"previous_names":["chris-sahyouni/iago"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/Chris-Sahyouni/Iago","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Chris-Sahyouni%2FIago","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Chris-Sahyouni%2FIago/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Chris-Sahyouni%2FIago/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Chris-Sahyouni%2FIago/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Chris-Sahyouni","download_url":"https://codeload.github.com/Chris-Sahyouni/Iago/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Chris-Sahyouni%2FIago/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28434500,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-14T18:57:19.464Z","status":"ssl_error","status_checked_at":"2026-01-14T18:52:48.501Z","response_time":107,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["go","pentesting","return-oriented-programming","tool"],"created_at":"2026-01-14T20:53:22.541Z","updated_at":"2026-01-14T20:53:23.165Z","avatar_url":"https://github.com/Chris-Sahyouni.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Iago\r\n\r\nIago is a tool for crafting Return-Oriented-Programming payloads.\r\n\r\n## Features\r\n- Generates a complete ROP chain in a single command\r\n- Finds individual gadgets in the target binary\r\n- Adds padding bytes to ROP chains for buffer overflows\r\n- **Supported file formats**: `ELF`\r\n- **Supported ISAs**: `x86`, `x64`, `ARM`, `ARM (Thumb Mode)`, `AArch64`\r\n\r\n## Installation\r\n\r\n### Binary Releases\r\nBinaries can be downloaded from the [releases](https://github.com/Chris-Sahyouni/iago/releases) page\r\n\r\n### Using `go install`\r\nInstalling using `go install` requires Go 1.24.1 or later. To do so run\r\n```\r\ngo install github.com/Chris-Sahyouni/iago@latest\r\n```\r\n### Compiling From Source\r\nCompiling from source also requires Go 1.24.1 or later. First, install the necessary dependencies by running\r\n```\r\ngo get\r\n```\r\nThen build the binary simply running\r\n```\r\nmake\r\n```\r\n\r\nNote that compiling via the Makefile will not add the binary to `$GOPATH/bin`. If you want the binary to be available system-wide then `go install` would be the better installation method.\r\n\r\n## Usage\r\nIago is an interactive shell, so to open it, after installing, simply run\r\n```\r\niago\r\n```\r\nThen to specify the target binary run\r\n```\r\nload \u003cpath\u003e\r\n```\r\n(Note: `iago` currently only targets ELF files)\r\n\r\n### Finding Gadgets\r\nFinding gadgets is as simple as running\r\n```\r\nfind \u003cgadget\u003e\r\n```\r\nwhere `\u003cgadget\u003e` is a hexadecimal string representing the machine code of the target gadget. If successful, `find` returns the virtual address of `\u003cgadget\u003e`.\r\n\r\nNote that `find` will only search the target binary for a single contiguous gadget. If you are trying to find multiple gadgets whose result when chained together is `\u003cgadget\u003e` then `rop` would be the appropriate command.\r\n\r\n### Generating ROP Chains\r\n\r\n#### Specifying the Payload\r\nTo generate a ROP chain, first you must specify the target payload (i.e. the instructions you want to actually execute as a result of your ROP chain). To do so, run\r\n```\r\nset-target\r\n```\r\nto manually input the target payload. Or\r\n```\r\nset-target \u003cpath\u003e\r\n```\r\nTo specify a file containing the desired payload.\r\nSimilar to `find`, `set-target` expects a hexadecimal string representing the machine code of the desired payload.\r\n\r\n*Tip:*\r\nTo get the machine code for the payload you want to execute, [godbolt.org](https://godbolt.org/) is a great resource.\r\n\r\n#### Generating the Chain\r\nOnce you have specified a target binary as well as a target payload, generating a ROP chain can be in a single command with\r\n```\r\nrop\r\n```\r\nThe chain of addresses will be written to a file called rop_chain or one you specify if you use the -o flag. It is written in raw binary so that the chain can be easily piped into the process you want to hijack.\r\n\r\n#### Padding Payloads\r\nTo add padding to the current payload for buffer overflows run\r\n```\r\npad \u003cbytes\u003e\r\n```\r\nwhich will generate a new paylaod with `\u003cbytes\u003e` number of bytes of padding prepended to it.\r\n\r\n\r\nIf you want to use a payload in `set-payload` that has been already been padded, the name of the file *must* include the substring \"pad\" directly followed by the number of bytes of padding (e.g. rop_chain_pad32) otherwise `iago` will misinterpret the padding as a part of the chain.\r\n\r\n\r\n\r\n## Limitations\r\n- For ISAs with variable length instruction encodings such as `x86`, Iago may include gadgets that begin execution from the middle of an instruction encoding resulting in a different set of instructions being executed than intended.\r\n- Iago only treats `ARM` binaries as entirely Thumb mode or entirely ARM. Because of this it can make mistakes parsing `ARM` binaries due to the fact that the size of instruction encodings can switch mid-execution between being either 4 bytes during ARM mode or either 2 or 4 bytes during Thumb mode.\r\n- Iago searches for direct string matches when searching for gadgets in `find` and generating ROP chains with `rop`. It is semantically unaware. Because of this, it's a good idea to try several semantically-equivalent gadgets/targets when using these commands.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fchris-sahyouni%2Fiago","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fchris-sahyouni%2Fiago","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fchris-sahyouni%2Fiago/lists"}