Easily retargetable and hackable interactive disassembler with IDAPython-compatible plugin API

Overview

ScratchABit

ScratchABit is an interactive incremental disassembler with data/control flow analysis capabilities. ScratchABit is dedicated to the efforts of the OpenSource reverse engineering community (reverse engineering to produce OpenSource drivers/firmware for hardware not properly supported by vendors, for hardware and software interoperability, for security research).

ScratchABit supports well-known in the community IDAPython API to write disassembly/extension modules.

ScratchABit is a work in progress, features are added on as needed basis, contributions are welcome.

ScratchABit is released under the terms of GNU General Public License v3 (GPLv3).

Requirements/manifesto

  1. Should not be written in an obfuscated language. These include languages which are too low-level, which allow to access non-initialized variables, which don't differentiate between variables and functions/procedures, which start array indexes from arbitrary numbers, etc., etc. ScratchABit is written in Python (modern version, Python3) for your pleasure and sanity.

  2. User interface framework should allow user interaction of the needed level, not add dependencies, bloat, issues, and incompatibilities between framework's versions. ScratchABit currently uses simple full-screen text user interface, using ANSI/VT100 terminal escape sequences (yes, even curses library was deemed too bloat a dependency to force upon users).

  3. Should leverage easy to use text formats to store "database", to facilitate easy reuse and tool writing, and storage in version control systems.

Installation

To use ScratchABit, you need Python3 installed (tested with Python 3.3 thru 3.7) and VT100 (minimum) or XTerm (recommended) terminal or terminal emulator (any Unix system should be compliant, like Linux/BSD/etc., see FAQ below for more).

Clone the code using:

git clone --recursive https://github.com/pfalcon/ScratchABit

If you cloned code without --recursive, run git submodule update --init in the ScratchABit directory.

ScratchABit now ships with Capstone Engine based CPU plugin(s), which allow access to a number of CPU architectures. To use it, recent Python bindings module for Capstone should be installed (in the preference to packages shipped by OS distributions, which are often outdated). The easiest way to install it is into the Python user packages directory:

pip3 install --no-cache-dir --user capstone

An alternative is to install it to a Python virtual environment within the ScratchABit directory:

python3 -m venv .venv
source .venv/bin/activate
pip3 install --no-cache-dir capstone

Whenever you open a new terminal session to work with ScratchABit, run source .venv/bin/activate command again to activate the virtual environment.

If nothing of the above works, you can try to install the capstone package system-wide (not recommended):

sudo pip3 install --system capstone

Quick start

If you want to disassemble a file in self-describing executable format (like ELF), just pass it as an argument to ScratchABit.py. The repository includes a number of example-*.elf files for various architectures for a quick start. For example, to try x86 32bit version:

python3 ScratchABit.py example-x86_32.elf

Alternatively, if you want to disassemble a raw binary file, you need to create a .def (definition) file, to specify what memory areas are defined for the code, at which address to load binary file, etc. (Note: a .def file may be useful for .elf and similar files too.) The repository includes a simple x86_64 raw binary code, and the corresponding example-x86_64.def file (look inside for description of available options):

python3 ScratchABit.py example-x86_64.def

Press F9 to access menus (mouse works too in XTerm-compatible terminals). Press F1 to get help about key bindings (most actions are also accessible via menu). The workflow of ScratchABit is similar to other interactive dissamblers (some previous experience or background reading may be helpful).

Using Plugins

IDAPython processor plugins can be loaded from anywhere on the Python module path. Alternatively, you can symlink/copy the plugin .py file(s) into the plugins/cpu/ subdirectory.

After the plugin is made available, create a new definition file based on example-x86_64.def that sets the plugin module name (without .py extenstion) in the cpu xxx line.

For a very simple example that uses an external plugin, see this esp8266.def file that works with the xtensa.py plugin from the ida-xtensa2 repository.

TODO/Things to decide

  • Currently uses multiple files for "database", each storing particular type of information. Switch to a single YAML file instead?
  • Add color (low priority, (unbloated!) patches welcome).
  • Few important UI commands to implement yet for comfortable work. ( All the most important commands should be there, other functionality is expected to be implemented using plugins).
  • Offer to save DB on quit if modified.
  • Git integration for DB saving.
  • Improve robustness (add exception handler at the main loop level, don't abort the application, show to user/log and continue).
  • Try to deal with code flow inconsistencies (e.g. within an instruction - low priority for intended usage) and data access inconsistencies (e.g. accessing individual bytes of previosly detected word - higher priority). (Improved in 1.4.)
  • See how to support other types of IDAPython plugins besides just processor modules.
  • Parse and use debugging information (e.g. DWARF) present in ELF (etc.) files.

FAQ

Q: What processors/architectures are supported?

A: ScratchABit doesn't support any processor architectures on its own, it is fully retargettable using IDAPython API plugins. Many plugins are available, writing a new plugin is easy. To let users test-drive ScratchABit, a simple x86 processor plugin is included in the distribution, using Pymsasid disassembler under the hood.

From version 2.0, Capstone plugin is also included, allowing access to a number of architectures, including x86, ARM, MIPS, PowerPC, SPARC, etc. (architecture support is enabled gradually based on user testing).

You can read about the plugins shipped together with ScratchABit in the README for plugins/cpu/ dir.

Q: Debugger?

A: ScratchABit is dedicated to static analysis and easy support for new CPU architectures (just code up an new CPU plugin in Python - you can get initial results in few hours). Dynamic analysis wasn't conceived to be a core feature and there're no immediate plans to implement it. Patches are welcome though.

Q: Decompiler?

A: There is a related project, called ScratchABlock for deep program analysis, transformation and decompilation. It's expected that as ScratchABlock matures, some of its functionality will be available within ScratchABit (perhaps via plugins).

Q: I'm not on Linux, how can I run ScratchABit?

A: Install Linux in an emulator/VM on your system and rejoice.

Q: Mandatory screenshot?

A: Sure:

screenshot

Comments
  • Database: Single YAML file vs multiple line-oriented files?

    Database: Single YAML file vs multiple line-oriented files?

    From current README:

    Currently uses multiple files for "database", each storing particular type of information. Switch to a single YAML file instead?

    This tickets is for discussion of this issue, opinions welcome!

    opened by pfalcon 13
  • Capstone may return negative addresses for arguments of jump instructions

    Capstone may return negative addresses for arguments of jump instructions

    It seems that addresses beyond 0x80000000 are interpreted as negative numbers, even on a 64-bit python3. The address -2147360092 or -0x7ffe1d5c is actually 0x8001E2A4 which is a valid address:

    ./ScratchABit.py EXT0CB6Q.dec.P2.def --script import Loading CPU plugin arm_32_capstone Adding area: Area(0x0-0x1ffff, {'name': '.bin', 'access': 'RWX'}) Adding area: Area(0x808000-0x80ffff, {'name': '.bin', 'access': 'RWX'}) Adding area: Area(0x80000200-0x800301ff, {'name': '.bin', 'access': 'RWX'}) Loading EXT0CB6Q.dec.P21.frmw @0x0 Loading EXT0CB6Q.dec.P22.frmw @0x808000 Loading EXT0CB6Q.dec.P23.frmw @0x80000200 Processing section: entrypoints Performing initial analysis... 3000 Traceback (most recent call last): File "./ScratchABit.py", line 1030, in call_script(script) File "./ScratchABit.py", line 949, in call_script mod = import(script) File "/home/user/scratch/ScratchABit/import.py", line 2464, in SetRegEx(0x8000855A,"T",1,2) File "/home/user/scratch/ScratchABit/idc.py", line 65, in SetRegEx engine.analyze() File "/home/user/scratch/ScratchABit/scratchabit/engine.py", line 947, in analyze if not _processor.emu(): File "/home/user/scratch/ScratchABit/plugins/cpu/_any_capstone.py", line 176, in emu assert GetReg(op.addr, "T") == 0 File "/home/user/scratch/ScratchABit/idc.py", line 28, in GetReg if engine.ADDRESS_SPACE.get_flags(ea, engine.AddressSpace.ALT_CODE): File "/home/user/scratch/ScratchABit/scratchabit/engine.py", line 245, in get_flags raise InvalidAddrException(addr) scratchabit.defs.InvalidAddrException: (-2147360092, '-0x7ffe1d5c')

    opened by thesourcerer8 7
  • KeyError: 'r_addend' on Ubuntu 14.04 Python3.4.3

    KeyError: 'r_addend' on Ubuntu 14.04 Python3.4.3

    Hi,

    I'm having trouble running ScratchABit on my machine:

    $ python scratchabit.py example-elf
    Traceback (most recent call last):
      File "scratchabit.py", line 721, in <module>
        load_target_file(loader, sys.argv[1])
      File "scratchabit.py", line 623, in load_target_file
        entry = loader.load(engine.ADDRESS_SPACE, fname)
      File "/home/user/esp/virtenv/ScratchABit/plugins/loader/elf.py", line 407, in load
        return load_sections(aspace, elffile)
      File "/home/user/esp/virtenv/ScratchABit/plugins/loader/elf.py", line 280, in load_sections
        if reloc["r_addend"] != 0:
      File "/home/user/esp/virtenv/ScratchABit/plugins/loader/pyelftools/elftools/elf/relocation.py", line 35, in __getitem__
        return self.entry[name]
      File "/home/user/esp/virtenv/ScratchABit/plugins/loader/pyelftools/elftools/construct/lib/container.py", line 35, in __getitem__
        return self.__dict__[name]
    KeyError: 'r_addend'
    

    Am I missing something? I use Ubuntu 14.04 with Python 3.4.3 Thanks

    opened by sheinz 7
  • Recommended way to add plugins?

    Recommended way to add plugins?

    Hi Paul,

    I just wanted to check if this is the recommended way to add a new plugin: http://www.esp8266.com/viewtopic.php?f=13&t=3756&p=22201#p22200

    If you let me know the recommended way, I'll submit a PR with an addition to the README about adding plugins.

    Cheers,

    Angus

    opened by projectgus 6
  • Saving slow

    Saving slow

    Saving (File->Save) seems to be slow on slow terminals, since it outputs the current location quite often. I would suggest to ouput the position less often to speed it up.

    opened by thesourcerer8 5
  • Handling invalid (cross-)references

    Handling invalid (cross-)references

    Hi, I'm writing a CPU plugin which calls ua_add_dref(0, xxx, dr_O) based on a value that's loaded into a register. Sometimes these values don't point into a valid address range, leading to a an error when I try to save the project:

    2017-05-26 21:45:56,666 Exception processing user command
    Traceback (most recent call last):
      File "/.../ScratchABit.py", line 123, in handle_input
        return super().handle_input(key)
      File "/.../ScratchABit/picotui/basewidget.py", line 69, in handle_input
        res = self.handle_key(inp)
      File "/.../ScratchABit/picotui/editor.py", line 208, in handle_key
        return self.handle_edit_key(key)
      File "/.../ScratchABit.py", line 543, in handle_edit_key
        saveload.save_state(project_dir)
      File "/.../ScratchABit/scratchabit/saveload.py", line 32, in save_state
        engine.ADDRESS_SPACE.save_addr_props(project_dir + "/project.aprops")
      File "/.../ScratchABit/scratchabit/engine.py", line 680, in save_addr_props
        fl = self.get_flags(addr)
      File "/.../ScratchABit/scratchabit/engine.py", line 247, in get_flags
        raise InvalidAddrException(addr)
    scratchabit.engine.InvalidAddrException: (57259, '0xdfab')
    

    Should I fix this in my plugin or should SAB handle this case and avoid adding the reference? What does IDA do?

    [ An alternative or complement to my approach would be to create a data item with the loaded value, and let the engine add the reference automatically. AFAICS this feateure hasn't been implemented in SAB so far, though. ]

    opened by neuschaefer 5
  • Corrupted database after crashing on save

    Corrupted database after crashing on save

    While working with ScratchABit I saved my database, during the save (I think) an unhandled exception occurred and scratchabit exited. My database doesn't open any more, the stack trace on opening is:

    (Snip many lines of relocation information)
    <Relocation (RELA): Container({'r_info_sym': 1, 'r_offset': 7, 'r_addend': 268, 'r_info_type': 11, 'r_info': 267})>
    Loading state...
    Traceback (most recent call last):
      File "/home/gus/scripts/scratchabit.py", line 587, in <module>
        load_state(project_dir)
      File "/home/gus/scripts/scratchabit.py", line 539, in load_state
        engine.ADDRESS_SPACE.load_funcs(f)
      File "/home/gus/dev/ScratchABit/engine.py", line 487, in load_funcs
        start, end = l.split()
    ValueError: need more than 1 value to unpack
    

    I tried renaming the *.bak files over the newer database files, but I get the same error.

    Here are the relevant files: http://projectgus.com/misc/esp8266/xtensa_vectors.zip

    Working from current git master 74323e9d2c4 and pfalcon/ida-xte[email protected] (one commit before current master in your fork).

    There's a related bug to the database corruption bug, which is that the stack trace from the unhandled exception on save was printed "inside" ncurses, so it wasn't readable (got interleaved with the UI elements). Also following exit the console mode was set wrong, needed a reset.

    Sorry I don't have time to investigate this further right now.

    opened by projectgus 5
  • plugins/cpu/arm_thumb: Supports only Thumb, not Thumb2

    plugins/cpu/arm_thumb: Supports only Thumb, not Thumb2

    Continuing from #23 . See "orr/mov.w", "sub.w", "ldr" below.

    │0802cf44 9878         ldrb     r0, [r3, #2]                                                                                           │
    │0802cf46 5978         ldrb     r1, [r3, #1]                                                                                           │
    │0802cf48 f268         ldr      r2, [r6, #12]                                                                                          │
    │0802cf4a 41ea0021     orr/mov.w                                                                                                       │
    │0802cf4e 0333         add      r3, #3                                                                                                 │
    │0802cf50 0b44         add      r3, r1                                                                                                 │
    │0802cf52 043a         sub      r2, #4                                                                                                 │
    │0802cf54 7360         str      r3, [r6, #4]                                                                                           │
    │0802cf56 f260         str      r2, [r6, #12]                                                                                          │
    │0802cf58 fff732ba     b.w      0xa02c3c0                                                                                              │
    │0802cf5c 5b10         asr      r3, r3, #1                                                                                             │
    │0802cf5e 012b         cmp      r3, #1                                                                                                 │
    │0802cf60 a5f10401     sub.w                                                                                                           │
    │0802cf64 5ed0         beq      loc_0802d024                                                                                           │
    │0802cf66 55f8042c     ldr                                  
    
    opened by pfalcon 4
  • Various little cleanups; idapython comment API

    Various little cleanups; idapython comment API

    Hi, this patch set is mostly cosmetics, but also one functional change: I implemented get_cmt/set_cmt so disassembler plugins can manipulate comments in the disassembly.

    Please review, thanks.

    opened by neuschaefer 4
  • plugins/cpu/arm_thumb: Condition codes in b.w don't appear to be decoded

    plugins/cpu/arm_thumb: Condition codes in b.w don't appear to be decoded

    Example of disasm:

    │08020036          nlr_jump:                                                                                                           │
    │08020036 0d4b         ldr      r3, [pc, #52]                                                                                          │
    │08020038 1a68         ldr      r2, [r3, #0]                                                                                           │
    │0802003a 002a         cmp      r2, #0                                                                                                 │
    │0802003c 0df0de83     b.w      nlr_jump_fail                                                                                          │
    │08020040 50           unk     0x50 ; 'P'                                                                                              │
    │08020041 60           unk     0x60 ; '`'                                                                                              │
    │08020042 10           unk     0x10                                                                                                    │
    │08020043 68           unk     0x68 ; 'h'                                                                                              │
    │08020044 18           unk     0x18                                                                                                    │
    │08020045 60           unk     0x60 ; '`'                                                 
    

    That b.w can't be right, should be conditional.

    (Disassembling MicroPython's bare-arm port.)

    opened by pfalcon 3
  • Crash in Keyboard handler

    Crash in Keyboard handler

    File "scratchabit.py", line 506, in e.loop() "ScratchABit/pyedit/editor.py", line 254, in loop res = self.handle_key(key) File "scratchabit.py", line 314, in handle_key if '0' <= e.value[0] <= '9': IndexError: string index out of range

    opened by thesourcerer8 3
  • ESP Firmware Image Support

    ESP Firmware Image Support

    I have some firmware images dumped from the flash of a few IOT devices whose functionality I'm trying to re-implement using ESPHomeLib. They all appear to be in esp8266 v1 format. It appears that the esptool.py 'elf2image' command grabs various parts of the ELF binary (IROM, TEXT, etc) and packs them into the format that the on-chip bootloader wants. It does not appear to have any code to do the reverse - convert the flash image back to an ELF binary for analysis.

    Is there any way I can analyze these files with ScratchABit, or is it pretty well dependent on having an ELF binary?

    opened by brandond 3
  • Add support for elf SHN_COMMON sections

    Add support for elf SHN_COMMON sections

    opened by GrahamM 0
  • Add support for loader plugins

    Add support for loader plugins

    Quoting the README:

    See how to support other types of IDAPython plugins besides just processor modules.

    Loader plugins would be highly appreciated. The problem is that Python loaders are hard to find. The existing loaders, covering widespread binary executable formats, are usually written in C++ so they need to be ported to IDAPython first. Fortunately, stand-alone Python libraries for parsing several common executable formats exist:

    Creating basic loader plugins ontop of them should be easy. The existing pyelftools based ELF loader serves as a good example of how to do that. The first step is to enable support for loader plugins in ScratchABit...

    opened by maximumspatium 1
  • Add support for different endianness

    Add support for different endianness

    PowerPC CPU is capable of running in either little-endian or big-endian modes. The required mode is usually specified in the executable itself. ELF container, for example, uses EI_DATA field of the ELF header for that purpose, see here.

    The precise endianness mode must be set before disassembling.

    I therefore propose to extend the CPU plugin interface with a possibility to specify the required endian mode as well as a way to retrieve endianness from container loaders.

    BTW, it's not clear how IDA processor modules deal with this requirement. It looks like there is no consistent way to specify/retrieve endianness information in IDA, see this discussion.

    opened by maximumspatium 2
  • Enable more Capstone-supported archs

    Enable more Capstone-supported archs

    With 2.0, Capstone-based ARM support went online, and Capstone supports several more architectures. Fairly speaking, ARM support enablement took a bunch of effort (and isn't really complete), but the cornerstone was supporting 2nd ISA for the code in the same address space. Beyond that, Capstone seems to over pretty weak semantic characterization of instructions, so bunch of that needs to be handled in arch-specific manner in the ScratchABit plugin.

    Still, it shouldn't be a rocket science to enable more archs, and this ticket is submitted in the hope to find people who'd be interested to give it a try and share feedback.

    References:

    • https://github.com/pfalcon/ScratchABit/blob/master/plugins/cpu/_any_capstone.py (and git log -p --follow on it)
    • https://github.com/pfalcon/ScratchABit/blob/master/Makefile.examples
    opened by pfalcon 8
Releases(v2.0)
  • v2.0(Jan 25, 2018)

    • Capstone-based CPU plugin for x86 and ARM. (Follow README for Capstone installation intructions.)
    • Support for "alternative ISA" during disassembly (used e.g. for handling Thumb mode for ARM).
    • Update version of Pymsasid3 disassembly library with 64-bit mode fixes.
    • Switch off some assertions by default, making end users' experience better (exceptions are still logged to scratchabit.log).
    • More idaapi and idc modules functions.
    • Documentation improvements.
    • Example ELF files for the supported architectures and subarchitectures are provided (extending on a few out of the box examples available previously).

    (Note: Don't install ScratchABit from tarballs automatically generated by Github - they miss git submodules. Instead, follow the README to clone directly from git.)

    Screenshot:

    screenshot

    Source code(tar.gz)
    Source code(zip)
  • v1.8(Nov 24, 2017)

    • Implemented disassembly export as cross-referenced HTML.
    • Added builtin ARM Thumb (not Thumb2) CPU plugin (contributed by Damien George).
    • Compatibility improvements and additions for IDAPython API.
    • Various bugfixes and reliability improvements in analysis engine.
    Source code(tar.gz)
    Source code(zip)
  • v1.7(Mar 27, 2017)

    • Added color to user interface and beginnings of syntax highlighting to disassembler listing (see screenshot below).
    • Warn if there're unsaved changes on quit.

    screenshot

    Source code(tar.gz)
    Source code(zip)
  • v1.6(Feb 25, 2017)

    • Improvements to memory map display (shows current position by default, can switch it using memory map, etc.)
    • Cosmetic UI improvements (more choices in menu, help, menu works better, etc.)
    • Continued refactoring of the codebase to make plugin writing easier.
    • Fixed few cases of exceptions being thrown.
    Source code(tar.gz)
    Source code(zip)
  • v1.5(Jan 27, 2017)

    • Add "Make function" to menu and help.
    • tools: Add indircalls plugin and map2scratchabit script.
    • Add AddressSpace.memcpy() function to be used by plugins.
    • Convert source code to Python package, for easier usage by plugins.
    • Rename main start script to "ScratchABit.py".
    Source code(tar.gz)
    Source code(zip)
  • v1.4(Jan 3, 2017)

    • Updates and fixes to UI.
    • Add Preferences dialog.
    • Add "Run plugin" command.
    • Add "Next non-function code" command (Ctrl+F).
    • Introduce a concept of subareas, an additional way to partition analysed binary (besides function). They can be used e.g. to represent object files from which a binary was linked.
    • Improvements to automatic label management during analysis.
    • Improvements to preciseness and reliability of control flow analysis.
    • For cross-references, show a containing function.
    • Improve reliability/exception handling.
    • Development to allow writing scripts/plugins for ScratchABit.
    • With v1.4, ScratchABit reaches the level of functionality which was originally intended for it (took 1.5 years of intermittent development). (Note that part of this functionality is being able to write plugins/scripts for less frequently used functionality. That works, but needs a lot of API refactoring to make it easier/more scalable.)
    Source code(tar.gz)
    Source code(zip)
  • v1.3(Sep 2, 2016)

    • Added menus support using picotui 0.8, all commands are exposed via menus.
    • Switched dialogs to picotui (better and more consistent look and feel).
    • More precise cursor positioning for "Search text" command.
    • Add support for command line arguments --script (run script/plugin on startup) and --save (run script fully in batch mode, don't go to UI).
    • Save format change: information now saves split per memory area (more friendly for human reviewer and git, potentially allows to reuse information for same memory area in different projects). Old save format is recognized and upgraded.
    • Many small improvements to user experience (better progress indication, terminal deinitialization, avoiding overwriting comments from different stages of loading process, etc.)
    Source code(tar.gz)
    Source code(zip)
  • v1.2(Aug 15, 2016)

    • "Make filler" command, allowing to mark undefined bytes as unimportant filler.
    • "Next undefined" command. Together with "Make filler" allows to follow reductionistic workflow, where a user searches for next undefined byte sequence and categorizes it (or skips for now, easily findable later).
    • ELF loader: Fix loading of executable with REL relocations (e.g. x86) and generalize to easier support architecture-specific features.
    • Number of minor UX improvements.
    • Continue switching to picotui widget set.
    Source code(tar.gz)
    Source code(zip)
  • v1.1(May 28, 2016)

    • New commands: "Show address map", "Save listing for the current function", etc.
    • Save viewer address stack on quit/load on restart.
    • Add "default plugins" map, for more automatic loading of bare executables. Add Xtensa plugin to this map.
    • Various small UI improvements.
    • Better handling of disassembly of objects.
    • Engine: clean up handling of "offset" operands.
    • Detailed changelog: https://github.com/pfalcon/ScratchABit/compare/v1.0...v1.1
    Source code(tar.gz)
    Source code(zip)
  • v1.0(Oct 7, 2015)

    • Switched to picotui (https://github.com/pfalcon/picotui) for widgets, enabling better and easier to maintain UI
    • Write disassembly listing to a file command ("W")
    Source code(tar.gz)
    Source code(zip)
  • v0.9(Oct 7, 2015)

  • v0.8(Aug 10, 2015)

  • v0.7(Aug 10, 2015)

  • v0.6(Aug 10, 2015)

  • v0.5(Jul 3, 2015)

    • Initial release
    • Ability to load raw binary files
    • Ability to load non-relocatable ELF files
    • Monochrome TextUI for VT100/XTerm terminals
    • Basic direct-manipulation user interface: ability to mark bytes as code/data/unknown, follow address references in instructions, mark arguments as value/address, add comments, etc.
    • Save/load state
    • Basic support for IDAPython CPU plugin API
    • x86 disassembler plugin based on PyMsasid3 is included.
    • Also tested with 3rd-party Xtensa plugin: https://github.com/themadinventor/ida-xtensa
    Source code(tar.gz)
    Source code(zip)
Owner
Paul Sokolovsky
Long-time open-source developer. Contributed to many projects out there. In my own free time, I prefer to work on principled, minimalist projects.
Paul Sokolovsky
Phishing Campaign Toolkit

King Phisher Phishing Campaign Toolkit Installation For instructions on how to install, please see the INSTALL.md file. After installing, for instruct

RSM US LLP 1.9k Jan 01, 2023
一款Web在线自动免杀工具

一款利用加载器以及Python反序列化绕过AV的在线免杀工具 因为打包方式的局限性,不能跨平台,若要生成exe格式的只能在Windows下运行本项目 打包速度有点慢,提交后稍等一会 开发环境及运行 前端使用Bootstrap框架,后端使用Django框架 。

yhy 172 Nov 28, 2022
the metasploit script(POC) about CVE-2021-36260

CVE-2021-36260-metasploit the metasploit script(POC) about CVE-2021-36260. A command injection vulnerability in the web server of some Hikvision produ

Taroballz 14 Nov 09, 2022
POC using subprocess lib in Python 🐍

POC subprocess ☞ POC using the subprocess library with Python. References: https://github.com/GuillaumeFalourd/poc-subprocess https://geekflare.com/le

Guillaume Falourd 2 Nov 28, 2022
Spring Cloud Gateway < 3.0.7 & < 3.1.1 Code Injection (RCE)

Spring Cloud Gateway 3.0.7 & 3.1.1 Code Injection (RCE) CVE: CVE-2022-22947 CVSS: 10.0 (Vmware - https://tanzu.vmware.com/security/cve-2022-22947)

Carlos Vieira 35 Dec 28, 2022
Attack SQL Server through gopher protocol

Attack SQL Server through gopher protocol

hack2fun 17 Nov 30, 2022
Apache OFBiz rmi反序列化EXP(CVE-2021-26295)

Apache OFBiz rmi反序列化EXP(CVE-2021-26295) 目前仅支持nc弹shell 将ysoserial.jar放置在同目录下,py3运行,根据提示输入漏洞url,你的vps地址和端口 第二次使用建议删除exp.ot 本工具仅用于安全测试,禁止未授权非法攻击站点,否则后果自负

15 Nov 09, 2022
CVE-2022-22536 - SAP memory pipes(MPI) desynchronization vulnerability CVE-2022-22536

CVE-2022-22536 SAP memory pipes desynchronization vulnerability(MPI) CVE-2022-22

antx 49 Nov 09, 2022
Mass Check Vulnerable Log4j CVE-2021-44228

Log4j-CVE-2021-44228 Mass Check Vulnerable Log4j CVE-2021-44228 Introduction Actually I just checked via Vulnerable Application from https://github.co

Justakazh 6 Dec 28, 2022
POC of CVE-2021-26084, which is Atlassian Confluence Server OGNL Pre-Auth RCE Injection Vulneralibity.

CVE-2021-26084 Description POC of CVE-2021-26084, which is Atlassian Confluence Server OGNL(Object-Graph Navigation Language) Pre-Auth RCE Injection V

antx 9 Aug 31, 2022
Security System using OpenCV

Security-System Security System using OpenCV Files in this Repository: email_send.py - This file contains python code to send an email when something

Mehul Patwari 1 Oct 28, 2021
Proof of Concept Exploit for vCenter CVE-2021-21972

CVE-2021-21972 Proof of Concept Exploit for vCenter CVE-2021-21972

Horizon 3 AI Inc 210 Dec 31, 2022
Chromepass - Hacking Chrome Saved Passwords

Chromepass - Hacking Chrome Saved Passwords and Cookies View Demo · Report Bug · Request Feature Table of Contents About the Project AV Detection Gett

darkArp 622 Jan 04, 2023
web指纹识别工具

前言 一直苦于没有用的顺手的web指纹识别工具,学习前辈s7ckTeam的Glass和broken5的WebAliveScan优秀开源程序开发的轻量型web指纹工具。

EASY 966 Dec 26, 2022
This project is for finding a solution to use Security Onion Elastic data with Jupyter Notebooks.

This project is for finding a solution to use Security Onion Elastic data with Jupyter Notebooks. The goal is to successfully use this notebook project below with Security Onion for beacon detection

4 Jun 08, 2022
I hacked my own webcam from a Kali Linux VM in my local network, using Ettercap to do the MiTM ARP poisoning attack, sniffing with Wireshark, and using metasploit

plan I - Linux Fundamentals Les utilisateurs et les droits Installer des programmes avec apt-get Surveiller l'activité du système Exécuter des program

148 Dec 22, 2022
Multi-Process Vulnerability Tool

Multi-Process Vulnerability Tool

Baris Dincer 1 Dec 22, 2021
CVE-2022-22965 - CVE-2010-1622 redux

CVE-2022-22965 - vulnerable app and PoC Trial & error $ docker rm -f rce; docker build -t rce:latest . && docker run -d -p 8080:8080 --name rce rce:la

Duarte Duarte 20 Aug 25, 2022
RDP Stealer

RDP Stealer RDP Stealer by lamp Require Python How To Use Download This Source Extract The Zip File Change webhook url Convert to exe send to target I

Lamp 14 Nov 26, 2022
Trainspotting - Python Dependency Injector based on interface binding

Choose dependency injection Friendly with MyPy Supports lazy injections Supports

avito.tech 3 Jan 26, 2022