{"id":27602045,"url":"https://github.com/vasco-jofra/format-string-finder-binja","last_synced_at":"2026-02-26T16:52:24.328Z","repository":{"id":131387485,"uuid":"196974594","full_name":"Vasco-jofra/format-string-finder-binja","owner":"Vasco-jofra","description":"A binary ninja plugin that finds format string vulnerabilities","archived":false,"fork":false,"pushed_at":"2020-09-29T09:48:22.000Z","size":2367,"stargazers_count":24,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-07-05T18:32:38.107Z","etag":null,"topics":["binary-ninja","binary-ninja-plugin","format-string-attack"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Vasco-jofra.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2019-07-15T10:10:28.000Z","updated_at":"2025-06-24T00:14:58.000Z","dependencies_parsed_at":null,"dependency_job_id":"a538b413-6a13-4fef-afad-cb8070942a89","html_url":"https://github.com/Vasco-jofra/format-string-finder-binja","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/Vasco-jofra/format-string-finder-binja","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Vasco-jofra%2Fformat-string-finder-binja","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Vasco-jofra%2Fformat-string-finder-binja/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Vasco-jofra%2Fformat-string-finder-binja/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Vasco-jofra%2Fformat-string-finder-binja/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Vasco-jofra","download_url":"https://codeload.github.com/Vasco-jofra/format-string-finder-binja/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Vasco-jofra%2Fformat-string-finder-binja/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29865399,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-26T16:38:37.846Z","status":"ssl_error","status_checked_at":"2026-02-26T16:37:58.932Z","response_time":89,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["binary-ninja","binary-ninja-plugin","format-string-attack"],"created_at":"2025-04-22T17:51:29.974Z","updated_at":"2026-02-26T16:52:24.289Z","avatar_url":"https://github.com/Vasco-jofra.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Format String Finder\nAuthor: **jofra**\n\n_Finds format string vulnerabilities_\n\n## Description:\nThis plugin will detect format string vulnerabilities and printf-like functions.\n\n## Example\n![](https://raw.githubusercontent.com/Vasco-jofra/format-string-finder-binja/master/images/example.gif)\n\n## How it works\n 1. Loads [known functions](https://raw.githubusercontent.com/Vasco-jofra/format-string-finder-binja/master/src/data/default_printf_like_functions.data) that receive a format parameter.\n 2. For each xref of these functions find where the fmt parameter comes from:\n    1. If it comes from an **argument** we mark it as a **printf-like function** and test its xrefs\n    2. If it is a **constant** value located in a **read-only** area we mark it as **safe**\n    3. If it comes from a known **'safe' function call result** (functions from the `dgettext` family) we mark it as **safe**\n    4. Otherwise we mark it as **vulnerable**\n 3. Prints a markdown report\n\n## Settings\n - `format_string_finder.should_highlight_variable_trace`:\n   - Highlight instructions that are used in the trace of the format parameter origin.\n - `format_string_finder.should_enable_tests_plugin`\n   - Enable the tests plugin. Only for development.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvasco-jofra%2Fformat-string-finder-binja","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fvasco-jofra%2Fformat-string-finder-binja","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvasco-jofra%2Fformat-string-finder-binja/lists"}