{"id":13843653,"url":"https://github.com/matrix1001/heapinspect","last_synced_at":"2025-07-11T19:33:04.499Z","repository":{"id":52221978,"uuid":"152177574","full_name":"matrix1001/heapinspect","owner":"matrix1001","description":"🔍Heap analysis tool for CTF pwn.","archived":false,"fork":false,"pushed_at":"2021-05-04T16:47:53.000Z","size":12267,"stargazers_count":221,"open_issues_count":4,"forks_count":20,"subscribers_count":10,"default_branch":"master","last_synced_at":"2024-08-05T17:38:26.203Z","etag":null,"topics":["exploit","gdb","gdbheap","heap","pwn","python"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/matrix1001.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-10-09T02:47:18.000Z","updated_at":"2024-07-29T14:24:37.000Z","dependencies_parsed_at":"2022-08-24T04:51:03.602Z","dependency_job_id":null,"html_url":"https://github.com/matrix1001/heapinspect","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/matrix1001%2Fheapinspect","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/matrix1001%2Fheapinspect/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/matrix1001%2Fheapinspect/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/matrix1001%2Fheapinspect/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/matrix1001","download_url":"https://codeload.github.com/matrix1001/heapinspect/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225755076,"owners_count":17519195,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["exploit","gdb","gdbheap","heap","pwn","python"],"created_at":"2024-08-04T17:02:22.166Z","updated_at":"2024-11-21T15:31:22.263Z","avatar_url":"https://github.com/matrix1001.png","language":"Python","funding_links":[],"categories":["Python (1887)","Python"],"sub_categories":[],"readme":"# HeapInspect\n\n_Pwnning is an art._\n\n`HeapInspect` is designed to make `heap` much more prettier.\n\n**Now this tool is a plugin of [nadbg](https://github.com/matrix1001/nadbg). Try it!**\n\n## Features\n\n- Free of gdb and other requirement\n- Multi glibc support\n    - 2.19, 2.23-2.27 (currently tested)\n    - both 32bit and 64bit\n- Nice UI to show heap\n    - `HeapShower` (detailed)\n    - `PrettyPrinter` (colorful, summary)\n- Heapdiff (working)\n- Corruption detect \u0026 exploit analysis (working)\n- Also support gdb\n- Python2 \u0026 Python3 compatible\n\n# Usage\n\n## Quick shot\n\nA quick use of this tool.\n\n![pp1](img/pp1.png)\n\n![pp2](img/pp2.png)\n\n![raw1](img/raw1.png)\n\n![rela1](img/rela1.png)\n\nYou can also use it as a gdb plugin, very useful when `pwndbg` or other plugins failed to analysis heap.\n```sh\nsed -i \"1i source `pwd`/gdbscript.py\" ~/.gdbinit # alternatively, you can add that line manually\n```\n\n__Note__\n\n\n![gdb1](img/gdb1.png)\n\n![gdb2](img/gdb2.png)\n\n![gdb3](img/gdb3.png)\n\n\n## Basic\n\nPretty easy to use. I will make it a package later.\n\n```python\nfrom heapinspect.core import *\nhi = HeapInspector(1234)       #pid here\nhs = HeapShower(hi)\n\nprint(hs.fastbins)\nprint(hs.smallbins)\nprint(hs.largebins)\nprint(hs.unsortedbins)\nprint(hs.tcache_chunks)\n\nhs.relative = 1              #relative mode, check Quick shot\nprint(hs.fastbins)\n\nsleep(10)\n#now assume that the heap state has changed\nhs.update()                  #use this to refresh\n\npp = PrettyPrinter(hi)\nprint(pp.all)                #pretty printer\npp.update()                  #use this to update\n```\n\n## Test \n\nThere are some testcases.\n\n```raw\nheapinspect/tests/ $ python test.py  #this will run all test cases for you to check this tool.\n\n......\n......\n\ntest case unsortedbins64 at test/testcases/libc-2.27/64bit\npid:6704\n=========================           fastbins           =========================\n=========================         unsortedbins         =========================\nchunk(0x7f9aae2e6720): prev_size=0x0      size=0xb1     fd=0x7f9aacdfbca0  bk=0x7f9aae2e6880\nchunk(0x7f9aae2e6880): prev_size=0x0      size=0xb1     fd=0x7f9aae2e6720  bk=0x7f9aacdfbca0\n=========================          smallbins           =========================\n=========================          largebins           =========================\n=========================            tcache            =========================\ntcache[9]:\nchunk(0x7f9aae2e6670): prev_size=0x0      size=0xb1     fd=0x7f9aae2e65d0  bk=0x0\nchunk(0x7f9aae2e65c0): prev_size=0x0      size=0xb1     fd=0x7f9aae2e6520  bk=0x0\nchunk(0x7f9aae2e6510): prev_size=0x0      size=0xb1     fd=0x7f9aae2e6470  bk=0x0\nchunk(0x7f9aae2e6460): prev_size=0x0      size=0xb1     fd=0x7f9aae2e63c0  bk=0x0\nchunk(0x7f9aae2e63b0): prev_size=0x0      size=0xb1     fd=0x7f9aae2e6310  bk=0x0\nchunk(0x7f9aae2e6300): prev_size=0x0      size=0xb1     fd=0x7f9aae2e6260  bk=0x0\nchunk(0x7f9aae2e6250): prev_size=0x0      size=0xb1     fd=0x0             bk=0x0\n```\n\n# Docs\n\nDetailed docstrings have been written into the source code.\n\nI have built a sphinx doc in `docs`. Just open `docs/build/html/index.html` with your browser.\n\n# Devlog\n\n## 2020/5/11 Version 0.1.4\n\n- python3 support\n\n## 2018/12/10 Version 0.1.3\n\n- add support for gdb\n\n## 2018/11/6 version 0.1.2\n\ndocs update.\n\n- update sphinx docs\n- reshape file structure\n\n## 2018/11/5 version 0.1.1\n\nnot a functional update.\n\n- PEP8\n- docstrings\n- performance update\n\n## 2018/10/31 version 0.1.0\n\nfirst release\n\n- better cmdline option\n  \n## 2018/10/30 version 0.0.8\n\nnext version will be a release.\n\n- CRLF to LF\n- code refine\n- readme refine\n- pretty printer\n\n## 2018/10/29 version 0.0.7\n\n- auto test\n- code refine\n\n## 2018/10/27 version 0.0.6\n\nthis is not a stable version. im trying to fix bugs due to different glibc. i need help to test this.\n\n- add multi libc support\n- add x86 support \n\n## 2018/10/26 version 0.0.5\n\nnext version will add multi libc support. heapdiff and heap check will be added later.\n\n- `HeapShower`\n- relative heap \u0026 libc offset showing\n- fix search loop bug\n- `bins` now search from `bk` instead of `fd`, as the manner of glibc\n\n## 2018/10/24 version 0.0.4\n\n- `HeapRecoder` , I will make a heapdiff\n- `smallbins` and `largebins`\n\n## 2018/10/23 version 0.0.3\n\n- `fastbin` prototype\n- `unsortedbin` prototype\n- `bins` prototype\n- `tcache` prototype\n\n## 2018/10/22 version 0.0.2\n\n- add `C_Struct` to handle c structure\n\n## 2018/10/19 version 0.0.1\n\n- add `class HeapInspector`\n- trying to parse more information of `arena`\n\n## 2018/10/18 version 0.0.0\n\n- add `class Proc` in `proc_util`\n- experimental test in `test.py`","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmatrix1001%2Fheapinspect","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmatrix1001%2Fheapinspect","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmatrix1001%2Fheapinspect/lists"}