rex-bin_tools 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (51) hide show
  1. checksums.yaml +7 -0
  2. checksums.yaml.gz.sig +1 -0
  3. data.tar.gz.sig +0 -0
  4. data/.gitignore +9 -0
  5. data/.rspec +2 -0
  6. data/.travis.yml +5 -0
  7. data/CODE_OF_CONDUCT.md +52 -0
  8. data/Gemfile +4 -0
  9. data/LICENSE +27 -0
  10. data/README.md +22 -0
  11. data/Rakefile +6 -0
  12. data/bin/console +14 -0
  13. data/bin/msfbinscan +284 -0
  14. data/bin/msfelfscan +120 -0
  15. data/bin/msfmachscan +100 -0
  16. data/bin/msfpescan +184 -0
  17. data/bin/setup +8 -0
  18. data/data/identify.txt +3043 -0
  19. data/lib/rex/assembly/nasm.rb +104 -0
  20. data/lib/rex/bin_tools.rb +13 -0
  21. data/lib/rex/bin_tools/version.rb +5 -0
  22. data/lib/rex/elfparsey.rb +9 -0
  23. data/lib/rex/elfparsey/elf.rb +121 -0
  24. data/lib/rex/elfparsey/elfbase.rb +265 -0
  25. data/lib/rex/elfparsey/exceptions.rb +25 -0
  26. data/lib/rex/elfscan.rb +10 -0
  27. data/lib/rex/elfscan/scanner.rb +226 -0
  28. data/lib/rex/elfscan/search.rb +44 -0
  29. data/lib/rex/image_source.rb +10 -0
  30. data/lib/rex/image_source/disk.rb +58 -0
  31. data/lib/rex/image_source/image_source.rb +48 -0
  32. data/lib/rex/image_source/memory.rb +35 -0
  33. data/lib/rex/machparsey.rb +9 -0
  34. data/lib/rex/machparsey/exceptions.rb +31 -0
  35. data/lib/rex/machparsey/mach.rb +209 -0
  36. data/lib/rex/machparsey/machbase.rb +408 -0
  37. data/lib/rex/machscan.rb +9 -0
  38. data/lib/rex/machscan/scanner.rb +217 -0
  39. data/lib/rex/peparsey.rb +10 -0
  40. data/lib/rex/peparsey/exceptions.rb +30 -0
  41. data/lib/rex/peparsey/pe.rb +210 -0
  42. data/lib/rex/peparsey/pe_memdump.rb +61 -0
  43. data/lib/rex/peparsey/pebase.rb +1662 -0
  44. data/lib/rex/peparsey/section.rb +128 -0
  45. data/lib/rex/pescan.rb +11 -0
  46. data/lib/rex/pescan/analyze.rb +366 -0
  47. data/lib/rex/pescan/scanner.rb +230 -0
  48. data/lib/rex/pescan/search.rb +68 -0
  49. data/rex-bin_tools.gemspec +32 -0
  50. metadata +284 -0
  51. metadata.gz.sig +0 -0
@@ -0,0 +1,230 @@
1
+ # -*- coding: binary -*-
2
+ require 'metasm'
3
+
4
+ module Rex
5
+ module PeScan
6
+ module Scanner
7
+
8
+ class Generic
9
+
10
+ attr_accessor :pe, :regex
11
+
12
+ def initialize(pe)
13
+ self.pe = pe
14
+ end
15
+
16
+ def config(param)
17
+ end
18
+
19
+ def scan(param)
20
+ config(param)
21
+
22
+ $stdout.puts "[#{param['file']}]"
23
+ pe.all_sections.each do |section|
24
+ hits = scan_section(section, param)
25
+ hits.each do |hit|
26
+ vma = pe.rva_to_vma(hit[0])
27
+
28
+ next if (param['filteraddr'] and [vma].pack("V").reverse !~ /#{param['filteraddr']}/)
29
+
30
+ msg = hit[1].is_a?(Array) ? hit[1].join(" ") : hit[1]
31
+ $stdout.puts pe.ptr_s(vma) + " " + msg
32
+ if(param['disasm'])
33
+ #puts [msg].pack('H*').inspect
34
+ insns = []
35
+
36
+ msg.gsub!("; ", "\n")
37
+ if msg.include?("retn")
38
+ msg.gsub!("retn", "ret")
39
+ end
40
+ #puts msg
41
+ begin
42
+ d2 = Metasm::Shellcode.assemble(Metasm::Ia32.new, msg).disassemble
43
+ rescue Metasm::ParseError
44
+ d2 = Metasm::Shellcode.disassemble(Metasm::Ia32.new, [msg].pack('H*'))
45
+ end
46
+ addr = 0
47
+ while ((di = d2.disassemble_instruction(addr)))
48
+ insns << di.instruction
49
+ disasm = "0x%08x\t" % (vma + addr)
50
+ disasm << di.instruction.to_s
51
+ $stdout.puts disasm
52
+ addr = di.next_addr
53
+ end
54
+ # ::Rex::Assembly::Nasm.disassemble([msg].pack("H*")).split("\n").each do |line|
55
+ # $stdout.puts "\tnasm: #{line.strip}"
56
+ #end
57
+ end
58
+ end
59
+ end
60
+ end
61
+
62
+ def scan_section(section, param={})
63
+ []
64
+ end
65
+ end
66
+
67
+ class JmpRegScanner < Generic
68
+
69
+ def config(param)
70
+ regnums = param['args']
71
+
72
+ # build a list of the call bytes
73
+ calls = _build_byte_list(0xd0, regnums - [4]) # note call esp's don't work..
74
+ jmps = _build_byte_list(0xe0, regnums)
75
+ pushs1 = _build_byte_list(0x50, regnums)
76
+ pushs2 = _build_byte_list(0xf0, regnums)
77
+
78
+ regexstr = '('
79
+ if !calls.empty?
80
+ regexstr += "\xff[#{calls}]|"
81
+ end
82
+
83
+ regexstr += "\xff[#{jmps}]|([#{pushs1}]|\xff[#{pushs2}])(\xc3|\xc2..))"
84
+
85
+ self.regex = Regexp.new(regexstr, nil, 'n')
86
+ end
87
+
88
+ # build a list for regex of the possible bytes, based on a base
89
+ # byte and a list of register numbers..
90
+ def _build_byte_list(base, regnums)
91
+ regnums.collect { |regnum| Regexp.escape((base | regnum).chr) }.join('')
92
+ end
93
+
94
+ def _ret_size(section, index)
95
+ d = section.read(index, 1)
96
+ case d
97
+ when "\xc3"
98
+ return 1
99
+ when "\xc2"
100
+ return 3
101
+ end
102
+
103
+ raise RuntimeError, "invalid return opcode"
104
+ end
105
+
106
+ def _parse_ret(data)
107
+ if data.length == 1
108
+ return "ret"
109
+ else
110
+ return "retn 0x%04x" % data[1, 2].unpack('v')[0]
111
+ end
112
+ end
113
+
114
+
115
+ def scan_section(section, param={})
116
+ index = 0
117
+
118
+ hits = [ ]
119
+
120
+ while (index = section.index(regex, index)) != nil
121
+ rva = section.offset_to_rva(index)
122
+ message = ''
123
+
124
+ parse_ret = false
125
+
126
+ byte1 = section.read(index, 1).unpack("C*")[0]
127
+
128
+ if byte1 == 0xff
129
+ byte2 = section.read(index+1, 1).unpack("C*")[0]
130
+ regname = Rex::Arch::X86.reg_name32(byte2 & 0x7)
131
+
132
+ case byte2 & 0xf8
133
+ when 0xd0
134
+ message = "call #{regname}"
135
+ index += 2
136
+ when 0xe0
137
+ message = "jmp #{regname}"
138
+ index += 2
139
+ when 0xf0
140
+ retsize = _ret_size(section, index+2)
141
+ message = "push #{regname}; " + _parse_ret(section.read(index+2, retsize))
142
+ index += 2 + retsize
143
+ else
144
+ raise "wtf"
145
+ end
146
+ else
147
+ regname = Rex::Arch::X86.reg_name32(byte1 & 0x7)
148
+ retsize = _ret_size(section, index+1)
149
+ message = "push #{regname}; " + _parse_ret(section.read(index+1, retsize))
150
+ index += 1 + retsize
151
+ end
152
+
153
+ hits << [ rva, message ]
154
+ end
155
+
156
+ return hits
157
+ end
158
+ end
159
+
160
+ class PopPopRetScanner < JmpRegScanner
161
+
162
+ def config(param)
163
+ pops = _build_byte_list(0x58, (0 .. 7).to_a - [4]) # we don't want pop esp's...
164
+ self.regex = Regexp.new("[#{pops}][#{pops}](\xc3|\xc2..)", nil, 'n')
165
+ end
166
+
167
+ def scan_section(section, param={})
168
+
169
+ index = 0
170
+
171
+ hits = [ ]
172
+
173
+ while index < section.size && (index = section.index(regex, index)) != nil
174
+ rva = section.offset_to_rva(index)
175
+ message = ''
176
+
177
+ pops = section.read(index, 2)
178
+ reg1 = Rex::Arch::X86.reg_name32(pops[0,1].unpack("C*")[0] & 0x7)
179
+ reg2 = Rex::Arch::X86.reg_name32(pops[1,1].unpack("C*")[0] & 0x7)
180
+
181
+ message = "pop #{reg1}; pop #{reg2}; "
182
+
183
+ retsize = _ret_size(section, index+2)
184
+ message += _parse_ret(section.read(index+2, retsize))
185
+
186
+ index += 2 + retsize
187
+
188
+ hits << [ rva, message ]
189
+ end
190
+
191
+ return hits
192
+ end
193
+ end
194
+
195
+ class RegexScanner < Generic
196
+
197
+ def config(param)
198
+ self.regex = Regexp.new(param['args'], nil, 'n')
199
+ end
200
+
201
+ def scan_section(section, param={})
202
+ index = 0
203
+
204
+ hits = [ ]
205
+
206
+ while index < section.size && (index = section.index(regex, index)) != nil
207
+
208
+ idx = index
209
+ buf = ''
210
+ mat = nil
211
+
212
+ while (! (mat = buf.match(regex)))
213
+ buf << section.read(idx, 1)
214
+ idx += 1
215
+ end
216
+
217
+ rva = section.offset_to_rva(index)
218
+
219
+ hits << [ rva, buf.unpack("H*") ]
220
+ index += buf.length
221
+ end
222
+
223
+ return hits
224
+ end
225
+ end
226
+
227
+ end
228
+ end
229
+ end
230
+
@@ -0,0 +1,68 @@
1
+ # -*- coding: binary -*-
2
+ module Rex
3
+ module PeScan
4
+ module Search
5
+
6
+ require "rex/assembly/nasm"
7
+
8
+ class DumpRVA
9
+ attr_accessor :pe
10
+
11
+ def initialize(pe)
12
+ self.pe = pe
13
+ end
14
+
15
+ def config(param)
16
+ @address = pe.vma_to_rva(param['args'])
17
+ end
18
+
19
+ def scan(param)
20
+ config(param)
21
+
22
+ $stdout.puts "[#{param['file']}]"
23
+
24
+ # Adjust based on -A and -B flags
25
+ pre = param['before'] || 0
26
+ suf = param['after'] || 16
27
+
28
+ @address -= pre
29
+ @address = 0 if (@address < 0 || ! @address)
30
+
31
+ begin
32
+ buf = pe.read_rva(@address, suf)
33
+ rescue ::Rex::PeParsey::PeParseyError
34
+ return
35
+ end
36
+
37
+ $stdout.puts pe.ptr_s(pe.rva_to_vma(@address)) + " " + buf.unpack("H*")[0]
38
+ if(param['disasm'])
39
+ insns = []
40
+ buf.gsub!("; ", "\n")
41
+ if buf.include?("retn")
42
+ buf.gsub!("retn", "ret")
43
+ end
44
+ d2 = Metasm::Shellcode.disassemble(Metasm::Ia32.new, buf)
45
+ addr = 0
46
+ while ((di = d2.disassemble_instruction(addr)))
47
+ insns << di.instruction
48
+ disasm = "0x%08x\t" % (pe.rva_to_vma(@address) + addr)
49
+ disasm << di.instruction.to_s
50
+ $stdout.puts disasm
51
+ addr = di.next_addr
52
+ end
53
+ end
54
+
55
+ end
56
+ end
57
+
58
+ class DumpOffset < DumpRVA
59
+ def config(param)
60
+ begin
61
+ @address = pe.file_offset_to_rva(param['args'])
62
+ rescue Rex::PeParsey::BoundsError
63
+ end
64
+ end
65
+ end
66
+ end
67
+ end
68
+ end
@@ -0,0 +1,32 @@
1
+ # coding: utf-8
2
+ lib = File.expand_path('../lib', __FILE__)
3
+ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
4
+ require 'rex/bin_tools/version'
5
+
6
+ Gem::Specification.new do |spec|
7
+ spec.name = "rex-bin_tools"
8
+ spec.version = Rex::BinTools::VERSION
9
+ spec.authors = ["David Maloney"]
10
+ spec.email = ["DMaloney@rapid7.com"]
11
+
12
+ spec.summary = "Ruby Exploitation(rex) Library containing a suite of binary reading and manipulation tools"
13
+ spec.description = "A suite of tools for analyzing Elf,Mach, and PE format executables to find specific chunks of code."
14
+ spec.homepage = "https://github.com/rapid7/rex-bin_tools"
15
+
16
+
17
+
18
+ spec.files = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
19
+ spec.bindir = "bin"
20
+ spec.executables = ["msfbinscan", "msfelfscan", "msfmachscan", "msfpescan"]
21
+ spec.require_paths = ["lib"]
22
+
23
+ spec.add_development_dependency "bundler", "~> 1.12"
24
+ spec.add_development_dependency "rake", "~> 10.0"
25
+ spec.add_development_dependency "rspec", "~> 3.0"
26
+
27
+ spec.add_runtime_dependency 'metasm'
28
+ spec.add_runtime_dependency 'rex-arch'
29
+ spec.add_runtime_dependency 'rex-struct2'
30
+ spec.add_runtime_dependency 'rex-text'
31
+ spec.add_runtime_dependency 'rex-core'
32
+ end
metadata ADDED
@@ -0,0 +1,284 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: rex-bin_tools
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.1.0
5
+ platform: ruby
6
+ authors:
7
+ - David Maloney
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain:
11
+ - |
12
+ -----BEGIN CERTIFICATE-----
13
+ MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG
14
+ A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
15
+ b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw
16
+ MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i
17
+ YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT
18
+ aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ
19
+ jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp
20
+ xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp
21
+ 1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG
22
+ snUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ
23
+ U26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8
24
+ 9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E
25
+ BTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0B
26
+ AQUFAAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOz
27
+ yj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE
28
+ 38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymP
29
+ AbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad
30
+ DKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME
31
+ HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A==
32
+ -----END CERTIFICATE-----
33
+ - |
34
+ -----BEGIN CERTIFICATE-----
35
+ MIIEKDCCAxCgAwIBAgILBAAAAAABL07hNVwwDQYJKoZIhvcNAQEFBQAwVzELMAkG
36
+ A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
37
+ b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xMTA0MTMxMDAw
38
+ MDBaFw0xOTA0MTMxMDAwMDBaMFExCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i
39
+ YWxTaWduIG52LXNhMScwJQYDVQQDEx5HbG9iYWxTaWduIENvZGVTaWduaW5nIENB
40
+ IC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyTxTnEL7XJnKr
41
+ NpfvU79ChF5Y0Yoo/ENGb34oRFALdV0A1zwKRJ4gaqT3RUo3YKNuPxL6bfq2RsNq
42
+ o7gMJygCVyjRUPdhOVW4w+ElhlI8vwUd17Oa+JokMUnVoqni05GrPjxz7/Yp8cg1
43
+ 0DB7f06SpQaPh+LO9cFjZqwYaSrBXrta6G6V/zuAYp2Zx8cvZtX9YhqCVVrG+kB3
44
+ jskwPBvw8jW4bFmc/enWyrRAHvcEytFnqXTjpQhU2YM1O46MIwx1tt6GSp4aPgpQ
45
+ STic0qiQv5j6yIwrJxF+KvvO3qmuOJMi+qbs+1xhdsNE1swMfi9tBoCidEC7tx/0
46
+ O9dzVB/zAgMBAAGjgfowgfcwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB
47
+ Af8CAQAwHQYDVR0OBBYEFAhu2Lacir/tPtfDdF3MgB+oL1B6MEcGA1UdIARAMD4w
48
+ PAYEVR0gADA0MDIGCCsGAQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNv
49
+ bS9yZXBvc2l0b3J5LzAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY3JsLmdsb2Jh
50
+ bHNpZ24ubmV0L3Jvb3QuY3JsMBMGA1UdJQQMMAoGCCsGAQUFBwMDMB8GA1UdIwQY
51
+ MBaAFGB7ZhpFDZfKiVAvfQTNNKj//P1LMA0GCSqGSIb3DQEBBQUAA4IBAQAiXMXd
52
+ PfQLcNjj9efFjgkBu7GWNlxaB63HqERJUSV6rg2kGTuSnM+5Qia7O2yX58fOEW1o
53
+ kdqNbfFTTVQ4jGHzyIJ2ab6BMgsxw2zJniAKWC/wSP5+SAeq10NYlHNUBDGpeA07
54
+ jLBwwT1+170vKsPi9Y8MkNxrpci+aF5dbfh40r5JlR4VeAiR+zTIvoStvODG3Rjb
55
+ 88rwe8IUPBi4A7qVPiEeP2Bpen9qA56NSvnwKCwwhF7sJnJCsW3LZMMSjNaES2dB
56
+ fLEDF3gJ462otpYtpH6AA0+I98FrWkYVzSwZi9hwnOUtSYhgcqikGVJwQ17a1kYD
57
+ sGgOJO9K9gslJO8k
58
+ -----END CERTIFICATE-----
59
+ - |
60
+ -----BEGIN CERTIFICATE-----
61
+ MIIEyjCCA7KgAwIBAgISESEyE8rNriS4+1dc8jOHEUL8MA0GCSqGSIb3DQEBBQUA
62
+ MFExCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMScwJQYD
63
+ VQQDEx5HbG9iYWxTaWduIENvZGVTaWduaW5nIENBIC0gRzIwHhcNMTMxMDExMTUx
64
+ NTM4WhcNMTYxMDExMTUxNTM4WjBgMQswCQYDVQQGEwJVUzEWMBQGA1UECBMNTWFz
65
+ c2FjaHVzZXR0czEPMA0GA1UEBxMGQm9zdG9uMRMwEQYDVQQKEwpSYXBpZDcgTExD
66
+ MRMwEQYDVQQDEwpSYXBpZDcgTExDMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
67
+ CgKCAQEAhD//7+739c69hssg0mD6CXgf2JkuWTcU81dgD7aKcoEPqU8e1FseBvDW
68
+ /Q5fNK2H2NgHV/Msn18zXuK0PkaJXqj/vDsuKB3Hq0BiR2AwyDdEw8K5MK5bgQc2
69
+ tmcVtEAejRoy1Uv5UyfaAYAxG6zsma3buV1fjnEAC3VouRg4+EX/f65H/a6srntK
70
+ 5Etp3D71k2f0oUl8dOqOmSsRJQQ5zSs4ktDvpjAmsvzoA+1svceLYU95mvQsIw2T
71
+ edpmibGMwGw/HmgV+YWBgF5UGvax6zbC2i6DF2YHnDfkNb8/1MEIaxOTAbJTazTK
72
+ 8laCQOyay6L1BNPQKjZBgOge8LZq1wIDAQABo4IBizCCAYcwDgYDVR0PAQH/BAQD
73
+ AgeAMEwGA1UdIARFMEMwQQYJKwYBBAGgMgEyMDQwMgYIKwYBBQUHAgEWJmh0dHBz
74
+ Oi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMAkGA1UdEwQCMAAwEwYD
75
+ VR0lBAwwCgYIKwYBBQUHAwMwPgYDVR0fBDcwNTAzoDGgL4YtaHR0cDovL2NybC5n
76
+ bG9iYWxzaWduLmNvbS9ncy9nc2NvZGVzaWduZzIuY3JsMIGGBggrBgEFBQcBAQR6
77
+ MHgwQAYIKwYBBQUHMAKGNGh0dHA6Ly9zZWN1cmUuZ2xvYmFsc2lnbi5jb20vY2Fj
78
+ ZXJ0L2dzY29kZXNpZ25nMi5jcnQwNAYIKwYBBQUHMAGGKGh0dHA6Ly9vY3NwMi5n
79
+ bG9iYWxzaWduLmNvbS9nc2NvZGVzaWduZzIwHQYDVR0OBBYEFE536JwFx9SpaEi3
80
+ w8pcq2GRFA5BMB8GA1UdIwQYMBaAFAhu2Lacir/tPtfDdF3MgB+oL1B6MA0GCSqG
81
+ SIb3DQEBBQUAA4IBAQAGpGXHtFLjTTivV+xQPwtZhfPuJ7f+VGTMSAAYWmfzyHXM
82
+ YMFYUWJzSFcuVR2YfxtbS45P7U5Qopd7jBQ0Ygk5h2a+B5nE4+UlhHj665d0zpYM
83
+ 1eWndMaO6WBOYnqtNyi8Dqqc1foKZDNHEDggYhGso7OIBunup+N4sPL9PwQ3eYe6
84
+ mUu8z0E4GXYViaMPOFkqaYnoYgf2L+7L5zKYT4h/NE/P7kj7EbduHgy/v/aAIrNl
85
+ 2SpuQH+SWteq3NXkAmFEEqvLJQ4sbptZt8OP8ghL3pVAvZNFmww/YVszSkShSzcg
86
+ QdihYCSEL2drS2cFd50jBeq71sxUtxbv82DUa2b+
87
+ -----END CERTIFICATE-----
88
+ date: 2016-08-15 00:00:00.000000000 Z
89
+ dependencies:
90
+ - !ruby/object:Gem::Dependency
91
+ name: bundler
92
+ requirement: !ruby/object:Gem::Requirement
93
+ requirements:
94
+ - - "~>"
95
+ - !ruby/object:Gem::Version
96
+ version: '1.12'
97
+ type: :development
98
+ prerelease: false
99
+ version_requirements: !ruby/object:Gem::Requirement
100
+ requirements:
101
+ - - "~>"
102
+ - !ruby/object:Gem::Version
103
+ version: '1.12'
104
+ - !ruby/object:Gem::Dependency
105
+ name: rake
106
+ requirement: !ruby/object:Gem::Requirement
107
+ requirements:
108
+ - - "~>"
109
+ - !ruby/object:Gem::Version
110
+ version: '10.0'
111
+ type: :development
112
+ prerelease: false
113
+ version_requirements: !ruby/object:Gem::Requirement
114
+ requirements:
115
+ - - "~>"
116
+ - !ruby/object:Gem::Version
117
+ version: '10.0'
118
+ - !ruby/object:Gem::Dependency
119
+ name: rspec
120
+ requirement: !ruby/object:Gem::Requirement
121
+ requirements:
122
+ - - "~>"
123
+ - !ruby/object:Gem::Version
124
+ version: '3.0'
125
+ type: :development
126
+ prerelease: false
127
+ version_requirements: !ruby/object:Gem::Requirement
128
+ requirements:
129
+ - - "~>"
130
+ - !ruby/object:Gem::Version
131
+ version: '3.0'
132
+ - !ruby/object:Gem::Dependency
133
+ name: metasm
134
+ requirement: !ruby/object:Gem::Requirement
135
+ requirements:
136
+ - - ">="
137
+ - !ruby/object:Gem::Version
138
+ version: '0'
139
+ type: :runtime
140
+ prerelease: false
141
+ version_requirements: !ruby/object:Gem::Requirement
142
+ requirements:
143
+ - - ">="
144
+ - !ruby/object:Gem::Version
145
+ version: '0'
146
+ - !ruby/object:Gem::Dependency
147
+ name: rex-arch
148
+ requirement: !ruby/object:Gem::Requirement
149
+ requirements:
150
+ - - ">="
151
+ - !ruby/object:Gem::Version
152
+ version: '0'
153
+ type: :runtime
154
+ prerelease: false
155
+ version_requirements: !ruby/object:Gem::Requirement
156
+ requirements:
157
+ - - ">="
158
+ - !ruby/object:Gem::Version
159
+ version: '0'
160
+ - !ruby/object:Gem::Dependency
161
+ name: rex-struct2
162
+ requirement: !ruby/object:Gem::Requirement
163
+ requirements:
164
+ - - ">="
165
+ - !ruby/object:Gem::Version
166
+ version: '0'
167
+ type: :runtime
168
+ prerelease: false
169
+ version_requirements: !ruby/object:Gem::Requirement
170
+ requirements:
171
+ - - ">="
172
+ - !ruby/object:Gem::Version
173
+ version: '0'
174
+ - !ruby/object:Gem::Dependency
175
+ name: rex-text
176
+ requirement: !ruby/object:Gem::Requirement
177
+ requirements:
178
+ - - ">="
179
+ - !ruby/object:Gem::Version
180
+ version: '0'
181
+ type: :runtime
182
+ prerelease: false
183
+ version_requirements: !ruby/object:Gem::Requirement
184
+ requirements:
185
+ - - ">="
186
+ - !ruby/object:Gem::Version
187
+ version: '0'
188
+ - !ruby/object:Gem::Dependency
189
+ name: rex-core
190
+ requirement: !ruby/object:Gem::Requirement
191
+ requirements:
192
+ - - ">="
193
+ - !ruby/object:Gem::Version
194
+ version: '0'
195
+ type: :runtime
196
+ prerelease: false
197
+ version_requirements: !ruby/object:Gem::Requirement
198
+ requirements:
199
+ - - ">="
200
+ - !ruby/object:Gem::Version
201
+ version: '0'
202
+ description: A suite of tools for analyzing Elf,Mach, and PE format executables to
203
+ find specific chunks of code.
204
+ email:
205
+ - DMaloney@rapid7.com
206
+ executables:
207
+ - msfbinscan
208
+ - msfelfscan
209
+ - msfmachscan
210
+ - msfpescan
211
+ extensions: []
212
+ extra_rdoc_files: []
213
+ files:
214
+ - ".gitignore"
215
+ - ".rspec"
216
+ - ".travis.yml"
217
+ - CODE_OF_CONDUCT.md
218
+ - Gemfile
219
+ - LICENSE
220
+ - README.md
221
+ - Rakefile
222
+ - bin/console
223
+ - bin/msfbinscan
224
+ - bin/msfelfscan
225
+ - bin/msfmachscan
226
+ - bin/msfpescan
227
+ - bin/setup
228
+ - data/identify.txt
229
+ - lib/rex/assembly/nasm.rb
230
+ - lib/rex/bin_tools.rb
231
+ - lib/rex/bin_tools/version.rb
232
+ - lib/rex/elfparsey.rb
233
+ - lib/rex/elfparsey/elf.rb
234
+ - lib/rex/elfparsey/elfbase.rb
235
+ - lib/rex/elfparsey/exceptions.rb
236
+ - lib/rex/elfscan.rb
237
+ - lib/rex/elfscan/scanner.rb
238
+ - lib/rex/elfscan/search.rb
239
+ - lib/rex/image_source.rb
240
+ - lib/rex/image_source/disk.rb
241
+ - lib/rex/image_source/image_source.rb
242
+ - lib/rex/image_source/memory.rb
243
+ - lib/rex/machparsey.rb
244
+ - lib/rex/machparsey/exceptions.rb
245
+ - lib/rex/machparsey/mach.rb
246
+ - lib/rex/machparsey/machbase.rb
247
+ - lib/rex/machscan.rb
248
+ - lib/rex/machscan/scanner.rb
249
+ - lib/rex/peparsey.rb
250
+ - lib/rex/peparsey/exceptions.rb
251
+ - lib/rex/peparsey/pe.rb
252
+ - lib/rex/peparsey/pe_memdump.rb
253
+ - lib/rex/peparsey/pebase.rb
254
+ - lib/rex/peparsey/section.rb
255
+ - lib/rex/pescan.rb
256
+ - lib/rex/pescan/analyze.rb
257
+ - lib/rex/pescan/scanner.rb
258
+ - lib/rex/pescan/search.rb
259
+ - rex-bin_tools.gemspec
260
+ homepage: https://github.com/rapid7/rex-bin_tools
261
+ licenses: []
262
+ metadata: {}
263
+ post_install_message:
264
+ rdoc_options: []
265
+ require_paths:
266
+ - lib
267
+ required_ruby_version: !ruby/object:Gem::Requirement
268
+ requirements:
269
+ - - ">="
270
+ - !ruby/object:Gem::Version
271
+ version: '0'
272
+ required_rubygems_version: !ruby/object:Gem::Requirement
273
+ requirements:
274
+ - - ">="
275
+ - !ruby/object:Gem::Version
276
+ version: '0'
277
+ requirements: []
278
+ rubyforge_project:
279
+ rubygems_version: 2.4.8
280
+ signing_key:
281
+ specification_version: 4
282
+ summary: Ruby Exploitation(rex) Library containing a suite of binary reading and manipulation
283
+ tools
284
+ test_files: []