{"id":13387550,"url":"https://github.com/jonathansalwan/ropgadget","last_synced_at":"2025-05-14T11:08:35.034Z","repository":{"id":39613713,"uuid":"2234715","full_name":"JonathanSalwan/ROPgadget","owner":"JonathanSalwan","description":"This tool lets you search your gadgets on your binaries to facilitate your ROP exploitation. ROPgadget supports ELF, PE and Mach-O format on x86, x64, ARM, ARM64, PowerPC, SPARC, MIPS, RISC-V 64, and RISC-V Compressed architectures. ","archived":false,"fork":false,"pushed_at":"2025-05-03T15:34:09.000Z","size":50834,"stargazers_count":4123,"open_issues_count":13,"forks_count":564,"subscribers_count":123,"default_branch":"master","last_synced_at":"2025-05-07T10:52:45.408Z","etag":null,"topics":["binary-exploitation","reverse-engineering","rop","rop-exploitation","rop-gadgets"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/JonathanSalwan.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE_BSD.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":"AUTHORS","dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2011-08-19T15:30:14.000Z","updated_at":"2025-05-06T21:40:29.000Z","dependencies_parsed_at":"2023-01-24T01:15:05.944Z","dependency_job_id":"c4a13747-77cd-492c-a985-7ea3c24604a2","html_url":"https://github.com/JonathanSalwan/ROPgadget","commit_stats":{"total_commits":444,"total_committers":61,"mean_commits":7.278688524590164,"dds":0.7207207207207207,"last_synced_commit":"e38c9d7be9bc68cb637f75ac0f9f4d6f41662025"},"previous_names":[],"tags_count":28,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JonathanSalwan%2FROPgadget","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JonathanSalwan%2FROPgadget/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JonathanSalwan%2FROPgadget/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JonathanSalwan%2FROPgadget/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/JonathanSalwan","download_url":"https://codeload.github.com/JonathanSalwan/ROPgadget/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254129486,"owners_count":22019628,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["binary-exploitation","reverse-engineering","rop","rop-exploitation","rop-gadgets"],"created_at":"2024-07-30T12:01:22.577Z","updated_at":"2025-05-14T11:08:34.990Z","avatar_url":"https://github.com/JonathanSalwan.png","language":"Python","funding_links":[],"categories":["\u003ca id=\"683b645c2162a1fce5f24ac2abfa1973\"\u003e\u003c/a\u003e漏洞\u0026\u0026漏洞管理\u0026\u0026漏洞发现/挖掘\u0026\u0026漏洞开发\u0026\u0026漏洞利用\u0026\u0026Fuzzing","\u003ca id=\"830f40713cef05f0665180d840d56f45\"\u003e\u003c/a\u003eMach-O"],"sub_categories":["\u003ca id=\"605b1b2b6eeb5138cb4bc273a30b28a5\"\u003e\u003c/a\u003e漏洞开发","\u003ca id=\"9b0f5682dc818c93c4de3f46fc3f43d0\"\u003e\u003c/a\u003e工具"],"readme":"ROPgadget Tool\n==============\n\nThis tool lets you search your gadgets on your binaries to facilitate your ROP\nexploitation. ROPgadget supports ELF/PE/Mach-O/Raw formats on x86, x64, ARM,\nARM64, PowerPC, SPARC, MIPS, RISC-V 64, and RISC-V Compressed architectures.\n\nInstall\n-------\n\nThe easiest way is installing ROPgadget from PyPi:\n\n    $ sudo apt install python3-pip\n    $ sudo -H python3 -m pip install ROPgadget\n    $ ROPgadget --help\n\nAlternatively you can install ROPgadget from source.\nYou have to install [Capstone](http://www.capstone-engine.org/) first.\n\nFor the Capstone's installation on nix machine:\n\n    $ sudo apt install python3-pip\n    $ sudo -H python3 -m pip install capstone\n\nCapstone supports multi-platforms (windows, ios, android, cygwin...). For the cross-compilation,\nplease refer to the https://github.com/capstone-engine/capstone/blob/master/COMPILE.TXT file.\n\nAfter Capstone is installed, ROPgadget can be used as a standalone tool:\n\n    $ python3 ROPgadget.py --help\n\nOr installed into the Python site-packages library, and executed from $PATH.\n\n    $ sudo -H python3 setup.py install\n    $ ROPgadget --help\n\nUsage\n-----\n\n    usage: ROPgadget.py [-h] [-v] [-c] [--binary \u003cbinary\u003e] [--opcode \u003copcodes\u003e]\n                        [--string \u003cstring\u003e] [--memstr \u003cstring\u003e] [--depth \u003cnbyte\u003e]\n                        [--only \u003ckey\u003e] [--filter \u003ckey\u003e] [--range \u003cstart-end\u003e]\n                        [--badbytes \u003cbyte\u003e] [--rawArch \u003carch\u003e] [--rawMode \u003cmode\u003e]\n                        [--rawEndian \u003cendian\u003e] [--re \u003cre\u003e] [--offset \u003chexaddr\u003e]\n                        [--ropchain] [--thumb] [--console] [--norop] [--nojop]\n                        [--callPreceded] [--nosys] [--multibr] [--all] [--noinstr]\n                        [--dump] [--silent] [--align ALIGN] [--mipsrop \u003crtype\u003e]\n\n    description:\n      ROPgadget lets you search your gadgets on a binary. It supports several\n      file formats and architectures and uses the Capstone disassembler for\n      the search engine.\n\n    formats supported:\n      - ELF\n      - PE\n      - Mach-O\n      - Raw\n\n    architectures supported:\n      - x86\n      - x86-64\n      - ARM\n      - ARM64\n      - MIPS\n      - PowerPC\n      - Sparc\n      - RISC-V 64\n      - RISC-V Compressed\n\n    optional arguments:\n      -h, --help            show this help message and exit\n      -v, --version         Display the ROPgadget's version\n      -c, --checkUpdate     Checks if a new version is available\n      --binary \u003cbinary\u003e     Specify a binary filename to analyze\n      --opcode \u003copcodes\u003e    Search opcode in executable segment\n      --string \u003cstring\u003e     Search string in readable segment\n      --memstr \u003cstring\u003e     Search each byte in all readable segment\n      --depth \u003cnbyte\u003e       Depth for search engine (default 10)\n      --only \u003ckey\u003e          Only show specific instructions\n      --filter \u003ckey\u003e        Suppress specific mnemonics\n      --range \u003cstart-end\u003e   Search between two addresses (0x...-0x...)\n      --badbytes \u003cbyte\u003e     Rejects specific bytes in the gadget's address\n      --rawArch \u003carch\u003e      Specify an arch for a raw file\n                            x86|arm|arm64|sparc|mips|ppc|riscv\n      --rawMode \u003cmode\u003e      Specify a mode for a raw file 32|64|arm|thumb\n      --rawEndian \u003cendian\u003e  Specify an endianness for a raw file little|big\n      --re \u003cre\u003e             Regular expression\n      --offset \u003chexaddr\u003e    Specify an offset for gadget addresses\n      --ropchain            Enable the ROP chain generation\n      --thumb               Use the thumb mode for the search engine (ARM only)\n      --console             Use an interactive console for search engine\n      --norop               Disable ROP search engine\n      --nojop               Disable JOP search engine\n      --callPreceded        Only show gadgets which are call-preceded\n      --nosys               Disable SYS search engine\n      --multibr             Enable multiple branch gadgets\n      --all                 Disables the removal of duplicate gadgets\n      --noinstr             Disable the gadget instructions console printing\n      --dump                Outputs the gadget bytes\n      --silent              Disables printing of gadgets during analysis\n      --align ALIGN         Align gadgets addresses (in bytes)\n      --mipsrop \u003crtype\u003e     MIPS useful gadgets finder\n                            stackfinder|system|tails|lia0|registers\n\n    examples:\n      ROPgadget.py --binary ./test-suite-binaries/elf-Linux-x86\n      ROPgadget.py --binary ./test-suite-binaries/elf-Linux-x86 --ropchain\n      ROPgadget.py --binary ./test-suite-binaries/elf-Linux-x86 --depth 3\n      ROPgadget.py --binary ./test-suite-binaries/elf-Linux-x86 --string \"main\"\n      ROPgadget.py --binary ./test-suite-binaries/elf-Linux-x86 --string \"m..n\"\n      ROPgadget.py --binary ./test-suite-binaries/elf-Linux-x86 --opcode c9c3\n      ROPgadget.py --binary ./test-suite-binaries/elf-Linux-x86 --only \"mov|ret\"\n      ROPgadget.py --binary ./test-suite-binaries/elf-Linux-x86 --only \"mov|pop|xor|ret\"\n      ROPgadget.py --binary ./test-suite-binaries/elf-Linux-x86 --filter \"xchg|add|sub|cmov.*\"\n      ROPgadget.py --binary ./test-suite-binaries/elf-Linux-x86 --norop --nosys\n      ROPgadget.py --binary ./test-suite-binaries/elf-Linux-x86 --range 0x08041000-0x08042000\n      ROPgadget.py --binary ./test-suite-binaries/elf-Linux-x86 --string main --range 0x080c9aaa-0x080c9aba\n      ROPgadget.py --binary ./test-suite-binaries/elf-Linux-x86 --memstr \"/bin/sh\"\n      ROPgadget.py --binary ./test-suite-binaries/elf-Linux-x86 --console\n      ROPgadget.py --binary ./test-suite-binaries/elf-Linux-x86 --badbytes \"00|01-1f|7f|42\"\n      ROPgadget.py --binary ./test-suite-binaries/Linux_lib64.so --offset 0xdeadbeef00000000\n      ROPgadget.py --binary ./test-suite-binaries/elf-ARMv7-ls --depth 5\n      ROPgadget.py --binary ./test-suite-binaries/elf-ARM64-bash --depth 5\n      ROPgadget.py --binary ./test-suite-binaries/raw-x86.raw --rawArch=x86 --rawMode=32\n      ROPgadget.py --binary ./test-suite-binaries/elf-Linux-RISCV_64 --depth 8\n\nHow can I contribute ?\n----------------------\n\n- Add system gadgets for PPC, Sparc, ARM64 (Gadgets.addSYSGadgets()).\n- Support RISC-V 32-bit.\n- Handle bad bytes in data during ROP chain generation.\n- Manage big endian in Mach-O format like the ELF class.\n- Everything you think is cool :)\n\nBugs/Patches/Contact\n--------------------\n\nPlease, report bugs, submit pull requests, etc. on GitHub at https://github.com/JonathanSalwan/ROPgadget\n\nLicense\n-------\n\nSee LICENSE_BSD.txt and the license header on all source files.\n\nScreenshots\n-----------\n\n\u003cimg src=\"http://shell-storm.org/project/ROPgadget/x64.png\" alt=\"x64\"\u003e\u003c/img\u003e\n\n\u003cimg src=\"http://shell-storm.org/project/ROPgadget/arm.png\" alt=\"ARM\"\u003e\u003c/img\u003e\n\n\u003cimg src=\"http://shell-storm.org/project/ROPgadget/sparc.png\" alt=\"Sparc\"\u003e\u003c/img\u003e\n\n\u003cimg src=\"http://shell-storm.org/project/ROPgadget/mips.png\" alt=\"MIPS\"\u003e\u003c/img\u003e\n\n\u003cimg src=\"http://shell-storm.org/project/ROPgadget/ppc.png\" alt=\"PowerPC\"\u003e\u003c/img\u003e\n\n\u003cimg src=\"http://shell-storm.org/project/ROPgadget/ropchain.png\" alt=\"ROP chain\"\u003e\u003c/img\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjonathansalwan%2Fropgadget","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjonathansalwan%2Fropgadget","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjonathansalwan%2Fropgadget/lists"}