{"id":13539143,"url":"https://github.com/t00sh/rop-tool","last_synced_at":"2025-04-02T06:30:25.380Z","repository":{"id":13863029,"uuid":"16560836","full_name":"t00sh/rop-tool","owner":"t00sh","description":"A tool to help you write binary exploits","archived":false,"fork":false,"pushed_at":"2019-02-21T13:39:36.000Z","size":521,"stargazers_count":604,"open_issues_count":1,"forks_count":108,"subscribers_count":45,"default_branch":"dev","last_synced_at":"2024-11-03T04:32:18.372Z","etag":null,"topics":["arm","elf","exploit","macho","mips","pe","rop","x86","x86-64"],"latest_commit_sha":null,"homepage":"","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/t00sh.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGES","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2014-02-05T22:26:49.000Z","updated_at":"2024-10-28T00:20:30.000Z","dependencies_parsed_at":"2022-09-17T11:11:33.337Z","dependency_job_id":null,"html_url":"https://github.com/t00sh/rop-tool","commit_stats":null,"previous_names":[],"tags_count":10,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/t00sh%2Frop-tool","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/t00sh%2Frop-tool/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/t00sh%2Frop-tool/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/t00sh%2Frop-tool/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/t00sh","download_url":"https://codeload.github.com/t00sh/rop-tool/tar.gz/refs/heads/dev","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246767478,"owners_count":20830497,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["arm","elf","exploit","macho","mips","pe","rop","x86","x86-64"],"created_at":"2024-08-01T09:01:20.720Z","updated_at":"2025-04-02T06:30:24.830Z","avatar_url":"https://github.com/t00sh.png","language":"C","funding_links":[],"categories":["\u003ca id=\"683b645c2162a1fce5f24ac2abfa1973\"\u003e\u003c/a\u003e漏洞\u0026\u0026漏洞管理\u0026\u0026漏洞发现/挖掘\u0026\u0026漏洞开发\u0026\u0026漏洞利用\u0026\u0026Fuzzing"],"sub_categories":["\u003ca id=\"41ae40ed61ab2b61f2971fea3ec26e7c\"\u003e\u003c/a\u003e漏洞利用"],"readme":"rop-tool v2.4.2\n====\n\nA tool to help you write binary exploits\n\n\n### OPTIONS\n\n```\nrop-tool v2.4.2\nHelp you make binary exploits.\n\nUsage: rop-tool \u003ccmd\u003e [OPTIONS]\n\nCommands :\n   gadget        Search gadgets\n   patch         Patch the binary\n   info          Print info about binary\n   heap          Display heap structure\n   disassemble   Disassemble the binary\n   search        Search on binary\n   help          Print help\n   version       Print version\n\nTry \"rop-tool help \u003ccmd\u003e\" for more informations about a command.\n```\n\n#### GADGET COMMAND\n\n```\nUsage : rop-tool gadget [OPTIONS] [FILENAME]\n\nOPTIONS:\n  --arch, -A               Select an architecture (x86, x86-64, arm, arm64)\n  --all, -a                Print all gadgets (even gadgets which are not uniq)\n  --depth, -d         [d]  Specify the depth for gadget searching (default is 5)\n  --flavor, -f        [f]  Select a flavor (att or intel)\n  --no-filter, -F          Do not apply some filters on gadgets\n  --help, -h               Print this help message\n  --no-color, -N           Do not colorize output\n```\n\n#### SEARCH COMMAND\n\n```\nUsage : rop-tool search [OPTIONS] [FILENAME]\n\nOPTIONS:\n  --all-string, -a    [n]  Search all printable strings of at least [n] caracteres. (default is 6)\n  --byte, -b          [b]  Search the byte [b] in binary\n  --dword, -d         [d]  Search the dword [d] in binary\n  --help, -h               Print this help message\n  --no-color, -N           Don't colorize output\n  --qword, -q         [q]  Search the qword [q] in binary\n  --raw, -r                Open file in raw mode (don't considere any file format)\n  --split-string, -s  [s]  Search a string \"splited\" in memory (which is not contiguous in memory)\n  --string, -S        [s]  Search a string (a byte sequence) in binary\n  --word, -w          [w]  Search the word [w] in binary\n\n```\n\n#### PATCH COMMAND\n\n```\nUsage : rop-tool patch [OPTIONS] [FILENAME]\n\nOPTIONS:\n  --address, -a       [a]  Select an address to patch\n  --bytes, -b         [b]  A byte sequence (e.g. : \"\\xaa\\xbb\\xcc\") to write\n  --filename, -f      [f]  Specify the filename\n  --help, -h               Print this help message\n  --offset, -o        [o]  Select an offset to patch (from start of the file)\n  --output, -O        [o]  Write to an another filename\n  --raw, -r                Open file in raw mode\n\n```\n\n#### INFO COMMAND\n\n```\nUsage : rop-tool info [OPTIONS] [FILENAME]\n\nOPTIONS:\n  --all, -a                Show all infos\n  --segments, -l           Show segments\n  --sections, -s           Show sections\n  --syms, -S               Show symbols\n  --filename, -f      [f]  Specify the filename\n  --help, -h               Print this help message\n  --no-color, -N           Disable colors\n\n```\n\n#### DISASSEMBLE COMMAND\n\n```\nUsage : rop-tool dis [OPTIONS] [FILENAME]\n\nOPTIONS:\n  --help, -h               Print this help message\n  --no-color, -N           Do not colorize output\n  --address, -a    \u003ca\u003e     Start disassembling at address \u003ca\u003e\n  --offset, -o     \u003co\u003e     Start disassembling at offset \u003co\u003e\n  --sym, -s        \u003cs\u003e     Disassemble symbol\n  --len, -l        \u003cl\u003e     Disassemble only \u003cl\u003e bytes\n  --arch, -A       \u003ca\u003e     Select architecture (x86, x86-64, arm, arm64)\n  --flavor, -f     \u003cf\u003e     Change flavor (intel, att)\n```\n\n#### HEAP COMMAND\n\n```\nUsage : rop-tool heap [OPTIONS] [COMMAND]\n\nOPTIONS:\n  --calloc, -C             Trace calloc calls\n  --free, -F               Trace free calls\n  --realloc, -R            Trace realloc calls\n  --malloc, -M             Trace malloc calls\n  --dumpdata, -d           Dump chunk's data\n  --output, -O             Output in a file\n  --help, -h               Print this help message\n  --tmp, -t        \u003cd\u003e     Specify the writable directory, to dump the library (default: /tmp/)\n  --no-color, -N           Do not colorize output\n```\n\n**Small explainations about output of heap command**\n\nEach line correspond to a malloc chunk, and the heap is dumped after each execution of heap functions (free, malloc, realloc, calloc)\n\n* addr: is the real address of the malloc chunk\n\n* usr_addr: is the address returned by malloc functions to user\n\n* size: is the size of the malloc chunk\n\n* flags: P is PREV_INUSE, M is IS_MAPED and A is NON_MAIN_ARENA\n\n\n### FEATURES\n\n* String searching, gadget searching, patching, info, heap visualization, disassembling\n\n* Colored output\n\n* Intel and AT\u0026T flavor\n\n* Support of ELF, PE and MACH-O binary format\n\n* Support of big and little endian\n\n* Support of x86, x86_64, ARM, ARM64, MIPS, MIPS64 architectures\n\n\n### EXAMPLES\n\nBasic gadget searching\n\n```\nrop-tool gadget ./program\n```\n\nDisplay all gadgets with AT\u0026T syntax\n\n```\nrop-tool gadget ./program -f att -a\n```\n\nSearch gadgets in RAW x86 file\n\n```\nrop-tool gadget ./program -A x86\n```\n\nSearch a \"splitted\" string in the binary\n\n```\nrop-tool search ./program -s \"/bin/sh\"\n```\n\nSearch all strings in binary\n\n```\nrop-tool search ./program -a\n```\n\nPatch binary at offset 0x1000, with \"\\xaa\\xbb\\xcc\\xdd\" and save as \"patched\" :\n\n```\nrop-tool patch ./program -o 0x1000 -b \"\\xaa\\xbb\\xcc\\xdd\" -O patched\n```\n\nVisualize heap allocation of /bin/ls command :\n\n```\nrop-tool heap /bin/ls\n```\n\nDisassemble 0x100 bytes at address 0x08048452\n\n```\nrop-tool dis /bin/ls -l 0x100 -a 0x08048452\n```\n\n### SCREENSHOTS\n\n```\nrop-tool gadget /bin/ls\n```\n\n![ScreenShot](https://repo.t0x0sh.org/images/rop-tool/screen1.png)\n\n```\nrop-tool search /bin/ls -a\n```\n\n![ScreenShot](https://repo.t0x0sh.org/images/rop-tool/screen2.png)\n\n```\nrop-tool search /bin/ls -s \"/bin/sh\\x00\"\n```\n\n![ScreenShot](https://repo.t0x0sh.org/images/rop-tool/screen3.png)\n\n```\nrop-tool heap ./a.out\n```\n\n![ScreenShot](https://repo.t0x0sh.org/images/rop-tool/screen5.png)\n\n```\nrop-tool dis ./bin  # Many formats\n```\n\n![ScreenShot](https://repo.t0x0sh.org/images/rop-tool/screen6.png)\n\n### COMPILATION\n\n```\ngit clone https://github.com/t00sh/rop-tool.git\ncd rop-tool\nsh scripts/set_env.sh\nmake\n```\n\n### DEPENDENCIES\n\n- [capstone](http://capstone-engine.org/)\n\n### LICENSE\n\n- [GPLv3 license](http://www.gnu.org/licenses/gpl-3.0.txt)\n\n### AUTHOR\n\nTosh (tosh at t0x0sh . org)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ft00sh%2Frop-tool","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ft00sh%2Frop-tool","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ft00sh%2Frop-tool/lists"}