sploit: binary analysis and exploitation tool in Go

sploit

Sploit is a Go package that aids in binary analysis and exploitation. The motivating factor behind the development of sploit is to be able to have a well-designed API with functionality that rivals some of the more common Python exploit development frameworks while taking advantage of the Go programming language. Excellent cross-compiler support, goroutines, powerful crypto libraries, and static typing are just a few of the reasons for choosing Go.

This project is inspired by pwntools and other awesome projects. It is still early in development. Expect this project to be focused heavily on shellcoding, binary patching, ROP stack construction, and general binary analysis. It will focus less heavily on socket communication and server/client development.

Installation

git clone https://github.com/aquynh/capstone.git –branch 4.0.2 –single-branch
cd capstone
make
sudo make install

sudo apt install gcc gcc-arm-linux-gnueabi gcc-aarch64-linux-gnu gcc-mips-linux-gnu \
gcc-mipsel-linux-gnu gcc-powerpc-linux-gnu

git clone https://github.com/zznop/sploit.git

Use

Example 1 – Compiling assembly code to bytes

$ ./assemble_example

Opcode bytes:

00000000  4c 89 e1 4c 89 ea 49 c7  c0 1f 00 00 00 4d 31 c9  |L..L..I......M1.|

00000010  48 83 ec 08 48 89 44 24  28                       |H...H.D$(|

package main;



import(

    "github.com/zznop/sploit"

    "fmt"

)



var program = "../test/prog1.x86_64"



func main() {

    elf, _ := sploit.NewELF(program)

    vaddr := uint64(0x1135)

    count := 34

    fmt.Printf("Disassembling %v bytes at vaddr:%08x\n", count, vaddr)

    disasm, _ := elf.Disasm(vaddr, count)

    fmt.Print(disasm)

}

$ ./disassemble_example

Disassembling 34 bytes at vaddr:00001135

00001135: push rbp

00001136: mov rbp, rsp

00001139: sub rsp, 0x10

0000113d: mov dword ptr [rbp - 4], edi

00001140: mov qword ptr [rbp - 0x10], rsi

00001144: lea rdi, [rip + 0xeb9]

0000114b: call 0x1030

00001150: mov eax, 0

00001155: leave

00001156: ret

0000111f: pop rbp ; ret

0000111d: add byte ptr [rcx], al ; pop rbp ; ret

00001118: mov byte ptr [rip + 0x2f11], 1 ; pop rbp ; ret

00001113: call 0x1080 ; mov byte ptr [rip + 0x2f11], 1 ; pop rbp ; ret

000011b7: pop rbp ; pop r14 ; pop r15 ; ret

000011b3: pop rbp ; pop r12 ; pop r13 ; pop r14 ; pop r15 ; ret

000011b2: pop rbx ; pop rbp ; pop r12 ; pop r13 ; pop r14 ; pop r15 ; ret

000011af: add esp, 8 ; pop rbx ; pop rbp ; pop r12 ; pop r13 ; pop r14 ; pop r15 ; ret

000011ae: add rsp, 8 ; pop rbx ; pop rbp ; pop r12 ; pop r13 ; pop r14 ; pop r15 ; ret

...

Copyright (c) 2020 Brandon Miller <@zznop>

Source: https://github.com/zznop/