Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

https://github.com/blasty/moneyshot

hax 'n shit
https://github.com/blasty/moneyshot

Last synced: 3 months ago
JSON representation

hax 'n shit

Host: GitHub
URL: https://github.com/blasty/moneyshot
Owner: blasty
Created: 2011-11-17T09:28:45.000Z (over 12 years ago)
Default Branch: master
Last Pushed: 2015-06-03T10:24:32.000Z (about 9 years ago)
Last Synced: 2024-01-22T07:39:59.654Z (5 months ago)
Language: Python
Homepage:
Size: 380 KB
Stars: 116
Watchers: 15
Forks: 19
Open Issues: 0
Metadata Files:
- Readme: README.md

Lists

awesome-security-collection - **100**星

README

Moneyshot
====================

A collection of python scripts to aid you in the final steps
of binary exploitation or during the construction of buffers.

This project is by no means any rocket-science, and many of
these components might remind you of loose scripts that everyone
has written at some point in time. ;-)

Dependencies
---------------------
Moneyshot depends on:

* python (2.x for now)
* diStorm3 (for disassembly functionality)

There's some external libraries that moneyshot depends on as well.
however, (local) installation of these is automatically done by
setting up the git submodules. (See installation notes)

Installation
---------------------


$ git clone https://github.com/blasty/moneyshot.git

$ cd moneyshot

$ git submodule init

$ git submodule update

$ cd lib/darm && make

Usage
---------------------

Running moneyshot.py without any arguments gives you an overview of
all modules/commands currently implemented. If you supply an action
without any arguments moneyshot will inform you about the usage
of the specific module/action.


$ ./moneyshot.py

    __   __  ______.___   __  _____._  __._______._ __  ____._________

   /  \ /  \/  __  |    \|  |/  ___| \/  /\  ___/  |  |/ __  \__   __/

  /    '    \   /  |  |\    |   _|_\    /__\   \|     |   /  |  |  |

 /___\  /    \_____|__|  \__|______||__||______/|__|__|\_____|  |__|

      \/ _____\

  usage: moneyshot  [options]

  actions:

    * list     - list shellcodes

    * build    - build shellcodes

    * pattern  - build patterns

    * lolsled  - build a lolsled

    * format   - format input

    * fmt      - formatstring helper

    * rop      - ROP helper

    * rop-arm  - ARM ROP helper

    * rep      - String repeater

    * dwords   - binary format dwords

    * dumpsym  - dump symbols for given binary

    * dumpelf  - dump information for given binary

Todo
---------------------

If you want to help out and improve moneyshot, that would
be most welcome. I'm a very lazy coder so I only work
in small spurts when I need a feature/fix myself. But
if you send me sensible pull requests it is likely that I
will merge them into the master repo. If you're looking for
some inspiration of what to implement/fix:

* The structure of my code sux, needs to be more pythonic, I suppose.
* Commandline argument handling is a horrible hack, switch to argparse maybe.
* The rop and rop-arm module are currently separated, but mostly equal logic-wise..
* The ELF parser is an ugly and horrible hack, rewrite or replace with a proper lib
* Assembling x86(-64)/ARM code is done using a system("gcc..") hack atm..
* Mach-O support
* PE (win) support
* Make ROP module(s) agnostic of binary format (currently only ELF32/ELF64)
* Turn moneyshot into an actual python module with a sane API, so we can import * from moneyshot
* ROP gadget finding is nice, but we might be able to propose full ROP chains as well