FSF is a modular, recursive file scanning solution that enables analysts to extend the utility of Yara signatures and define actionable intelligence within a file.
This tool lets you search your gadgets on your binaries to facilitate your ROP exploitation. ROPgadget supports ELF/PE/Mach-O/Raw formats on x86, x64, ARM, ARM64, PowerPC, SPARC, MIPS, RISC-V 64, and RISC-V Compressed architectures. The easiest way to install ROPgadget is from PyPi by running: $ sudo apt install python3-pip $ sudo -H python3 -m pip install ROPgadget $ ROPgadget --help Alternatively, you can install ROPgadget from source. You have to install Capstone first. For Capstone's installation on a nix machine: $ sudo apt install python3-pip $ sudo -H python3 -m pip install capstone Capstone supports multi-platforms (windows, ios, android, cygwin...). For cross-compilation, please refer to the https://github.com/capstone-engine/capstone/blob/master/COMPILE.TXT file. After Capstone is installed, ROPgadget can be used as a standalone tool: $ python3 ROPgadget.py --help Or installed into the Python site-packages library, and executed from $PATH. $ sudo -H python3 setup.py install $ ROPgadget --help Usage: usage: ROPgadget.py [-h] [-v] [-c] [--binary <binary>] [--opcode <opcodes>] [--string <string>] [--memstr <string>] [--depth <nbyte>] [--only <key>] [--filter
FSF is a modular, recursive file scanning solution that enables analysts to extend the utility of Yara signatures and define actionable intelligence within a file.
A powerful tool for detecting and identifying malware using a rule-based system.
Python wrapper for Android APK decompilation with various converter and decompiler options.
A blog post discussing INF-SCT fetch and execute techniques for bypass, evasion, and persistence
PLASMA is an interactive disassembler with support for various architectures and formats, offering a Python API for scripting.
Generates a YARA rule to match basic blocks of the current function in IDA Pro