{"id":21516426,"url":"https://github.com/voidsec/mona-ropshell","last_synced_at":"2025-04-09T20:42:59.007Z","repository":{"id":74148341,"uuid":"271021342","full_name":"VoidSec/mona-ropshell","owner":"VoidSec","description":"For all loaded modules (DLLs), fetch ROP gadgets querying Ropshell DB","archived":false,"fork":false,"pushed_at":"2020-06-09T14:41:00.000Z","size":79,"stargazers_count":5,"open_issues_count":0,"forks_count":2,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-03-23T22:38:09.684Z","etag":null,"topics":["corelan","exploit","exploitation","mona","rop","ropgadget","ropshell","voidsec"],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/VoidSec.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-06-09T14:13:19.000Z","updated_at":"2024-01-12T13:09:32.000Z","dependencies_parsed_at":null,"dependency_job_id":"6dda4038-2adc-4079-ae8d-1fdf5b481773","html_url":"https://github.com/VoidSec/mona-ropshell","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/VoidSec%2Fmona-ropshell","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/VoidSec%2Fmona-ropshell/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/VoidSec%2Fmona-ropshell/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/VoidSec%2Fmona-ropshell/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/VoidSec","download_url":"https://codeload.github.com/VoidSec/mona-ropshell/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248110240,"owners_count":21049456,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["corelan","exploit","exploitation","mona","rop","ropgadget","ropshell","voidsec"],"created_at":"2024-11-24T00:21:08.266Z","updated_at":"2025-04-09T20:42:58.982Z","avatar_url":"https://github.com/VoidSec.png","language":"Python","readme":"# mona-ropshell\nMona_ropshell adds [Ropshell DB](http://ropshell.com/about) supports to [Mona](https://github.com/corelan/mona). Given a list of loaded modules (DLLs), it calculate DLLs hashes and compare them querying Ropshell DB. If any results is found, it fetch ROP gadgets, downloading them in the current folder. It also generate a nice recap :)\n\n![CMD_SAMPLE](sample.PNG)\n\n### Usage\nFeed mona_ropshell.py with a file cointaining the results of !mona modules command execution (see input.txt sample)\n```\nmona_ropshell.py -i modules_list.txt -o output.txt\n```\n### Sample Output\n```\n+----------------------+-----------------------------------------------+--------+---------+------+----+--------+----------------------------------+-----------+-----------+\n| Module Name | Path | Rebase | SafeSEH | ASLR | NX | OS Dll | Hash | Ropshell | # Gadgets |\n+----------------------+-----------------------------------------------+--------+---------+------+----+--------+----------------------------------+-----------+-----------+\n| KERNELBASE.dll | C:\\Windows\\System32\\KERNELBASE.dll | V | V | V | X | V | 38054754e51d3846471281e6e8af5c56 | Not Found | 0 |\n| ws2_32.DLL | C:\\Windows\\System32\\ws2_32.DLL | V | V | V | X | V | c469ea1ce72b97796bc2da13c8f75ce2 | Not Found | 0 |\n| bcryptPrimitives.dll | C:\\Windows\\System32\\bcryptPrimitives.dll | V | V | V | X | V | 9c72a7f851375054c6ef597945d62fec | Not Found | 0 |\n| apphelp.dll | C:\\Windows\\SYSTEM32\\apphelp.dll | V | V | V | X | V | 3dcb21d5cb2dbd5839dbcbb6a85ee147 | Not Found | 0 |\n| KERNEL32.DLL | C:\\Windows\\System32\\KERNEL32.DLL | V | V | V | X | V | 226049bc657b3884e96c5b9edc908cd7 | V | 4451 |\n| mcagent.exe | C:\\Program Files (x86)\\MediaCoder\\mcagent.exe | V | V | X | X | X | 5c43df0a93dd38beb0cd52b1c1cac9cb | Not Found | 0 |\n| msvcrt.dll | C:\\Windows\\System32\\msvcrt.dll | V | V | V | X | V | 14c8b0d022cdd56939e5385cbcab60a6 | Not Found | 0 |\n| CRYPTBASE.dll | C:\\Windows\\System32\\CRYPTBASE.dll | V | V | V | X | V | 4f66b719c3dceb50a4a568fa93cd2dc3 | Not Found | 0 |\n| WSOCK32.dll | C:\\Windows\\SYSTEM32\\WSOCK32.dll | V | V | V | X | V | 3c34c028d438b28687f0e46d753db0ea | Not Found | 0 |\n| SspiCli.dll | C:\\Windows\\System32\\SspiCli.dll | V | V | V | X | V | e10fbe976fd4b1a9bf7e6e8ec02d4d5c | Not Found | 0 |\n| ntdll.dll | C:\\Windows\\SYSTEM32\\ntdll.dll | V | V | V | X | V | 013f9a951a890a4e517d2a13fc4b80c0 | Not Found | 0 |\n| RPCRT4.dll | C:\\Windows\\System32\\RPCRT4.dll | V | V | V | X | V | c77db772dc21d40708c522614c92619f | Not Found | 0 |\n| sechost.dll | C:\\Windows\\System32\\sechost.dll | V | V | V | X | V | 4076ed8b6325a79d4550514d2a959473 | Not Found | 0 |\n+----------------------+-----------------------------------------------+--------+---------+------+----+--------+----------------------------------+-----------+-----------+```\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvoidsec%2Fmona-ropshell","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fvoidsec%2Fmona-ropshell","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvoidsec%2Fmona-ropshell/lists"}