rex-bin_tools 0.1.0

data/lib/rex/pescan/scanner.rb

@@ -0,0 +1,230 @@
+# -*- coding: binary -*-
+require 'metasm'
+
+module Rex
+module PeScan
+module Scanner
+
+  class Generic
+
+    attr_accessor :pe, :regex
+
+    def initialize(pe)
+      self.pe = pe
+    end
+
+    def config(param)
+    end
+
+    def scan(param)
+      config(param)
+
+      $stdout.puts "[#{param['file']}]"
+      pe.all_sections.each do |section|
+        hits = scan_section(section, param)
+        hits.each do |hit|
+          vma  = pe.rva_to_vma(hit[0])
+
+          next if (param['filteraddr'] and [vma].pack("V").reverse !~ /#{param['filteraddr']}/)
+
+          msg  = hit[1].is_a?(Array) ? hit[1].join(" ") : hit[1]
+          $stdout.puts pe.ptr_s(vma) + " " + msg
+          if(param['disasm'])
+            #puts [msg].pack('H*').inspect
+            insns = []
+
+            msg.gsub!("; ", "\n")
+            if msg.include?("retn")
+              msg.gsub!("retn", "ret")
+            end
+            #puts msg
+            begin
+              d2 = Metasm::Shellcode.assemble(Metasm::Ia32.new, msg).disassemble
+            rescue Metasm::ParseError
+              d2 = Metasm::Shellcode.disassemble(Metasm::Ia32.new, [msg].pack('H*'))
+            end
+            addr = 0
+            while ((di = d2.disassemble_instruction(addr)))
+              insns << di.instruction
+              disasm = "0x%08x\t" % (vma + addr)
+              disasm << di.instruction.to_s
+              $stdout.puts disasm
+              addr = di.next_addr
+            end
+#						::Rex::Assembly::Nasm.disassemble([msg].pack("H*")).split("\n").each do |line|
+#							$stdout.puts "\tnasm: #{line.strip}"
+            #end
+          end
+        end
+      end
+    end
+
+    def scan_section(section, param={})
+      []
+    end
+  end
+
+  class JmpRegScanner < Generic
+
+    def config(param)
+      regnums = param['args']
+
+      # build a list of the call bytes
+      calls  = _build_byte_list(0xd0, regnums - [4]) # note call esp's don't work..
+      jmps   = _build_byte_list(0xe0, regnums)
+      pushs1 = _build_byte_list(0x50, regnums)
+      pushs2 = _build_byte_list(0xf0, regnums)
+
+      regexstr = '('
+      if !calls.empty?
+        regexstr += "\xff[#{calls}]|"
+      end
+
+      regexstr += "\xff[#{jmps}]|([#{pushs1}]|\xff[#{pushs2}])(\xc3|\xc2..))"
+
+      self.regex = Regexp.new(regexstr, nil, 'n')
+    end
+
+    # build a list for regex of the possible bytes, based on a base
+    # byte and a list of register numbers..
+    def _build_byte_list(base, regnums)
+      regnums.collect { |regnum| Regexp.escape((base | regnum).chr) }.join('')
+    end
+
+    def _ret_size(section, index)
+      d = section.read(index, 1)
+      case d
+        when "\xc3"
+          return 1
+        when "\xc2"
+          return 3
+      end
+
+      raise RuntimeError, "invalid return opcode"
+    end
+
+    def _parse_ret(data)
+      if data.length == 1
+        return "ret"
+      else
+        return "retn 0x%04x" % data[1, 2].unpack('v')[0]
+      end
+    end
+
+
+    def scan_section(section, param={})
+      index = 0
+
+      hits  = [ ]
+
+      while (index = section.index(regex, index)) != nil
+        rva     = section.offset_to_rva(index)
+        message = ''
+
+        parse_ret = false
+
+        byte1 = section.read(index, 1).unpack("C*")[0]
+
+        if byte1 == 0xff
+          byte2   = section.read(index+1, 1).unpack("C*")[0]
+          regname = Rex::Arch::X86.reg_name32(byte2 & 0x7)
+
+          case byte2 & 0xf8
+          when 0xd0
+            message = "call #{regname}"
+            index += 2
+          when 0xe0
+            message = "jmp #{regname}"
+            index += 2
+          when 0xf0
+            retsize = _ret_size(section, index+2)
+            message = "push #{regname}; " + _parse_ret(section.read(index+2, retsize))
+            index += 2 + retsize
+          else
+            raise "wtf"
+          end
+        else
+          regname = Rex::Arch::X86.reg_name32(byte1 & 0x7)
+          retsize = _ret_size(section, index+1)
+          message = "push #{regname}; " + _parse_ret(section.read(index+1, retsize))
+          index += 1 + retsize
+        end
+
+        hits << [ rva, message ]
+      end
+
+      return hits
+    end
+  end
+
+  class PopPopRetScanner < JmpRegScanner
+
+    def config(param)
+      pops = _build_byte_list(0x58, (0 .. 7).to_a - [4]) # we don't want pop esp's...
+      self.regex = Regexp.new("[#{pops}][#{pops}](\xc3|\xc2..)", nil, 'n')
+    end
+
+    def scan_section(section, param={})
+
+      index = 0
+
+      hits  = [ ]
+
+      while index < section.size && (index = section.index(regex, index)) != nil
+        rva     = section.offset_to_rva(index)
+        message = ''
+
+        pops = section.read(index, 2)
+        reg1 = Rex::Arch::X86.reg_name32(pops[0,1].unpack("C*")[0] & 0x7)
+        reg2 = Rex::Arch::X86.reg_name32(pops[1,1].unpack("C*")[0] & 0x7)
+
+        message = "pop #{reg1}; pop #{reg2}; "
+
+        retsize = _ret_size(section, index+2)
+        message += _parse_ret(section.read(index+2, retsize))
+
+        index += 2 + retsize
+
+        hits << [ rva, message ]
+      end
+
+      return hits
+    end
+  end
+
+  class RegexScanner < Generic
+
+    def config(param)
+      self.regex = Regexp.new(param['args'], nil, 'n')
+    end
+
+    def scan_section(section, param={})
+      index = 0
+
+      hits  = [ ]
+
+      while index < section.size && (index = section.index(regex, index)) != nil
+
+        idx = index
+        buf = ''
+        mat = nil
+
+        while (! (mat = buf.match(regex)))
+          buf << section.read(idx, 1)
+          idx += 1
+        end
+
+        rva = section.offset_to_rva(index)
+
+        hits << [ rva, buf.unpack("H*") ]
+        index += buf.length
+      end
+
+      return hits
+    end
+  end
+
+end
+end
+end
+

data/lib/rex/pescan/search.rb

@@ -0,0 +1,68 @@
+# -*- coding: binary -*-
+module Rex
+module PeScan
+module Search
+
+  require "rex/assembly/nasm"
+
+  class DumpRVA
+    attr_accessor :pe
+
+    def initialize(pe)
+      self.pe = pe
+    end
+
+    def config(param)
+      @address = pe.vma_to_rva(param['args'])
+    end
+
+    def scan(param)
+      config(param)
+
+      $stdout.puts "[#{param['file']}]"
+
+      # Adjust based on -A and -B flags
+      pre = param['before'] || 0
+      suf = param['after']  || 16
+
+      @address -= pre
+      @address = 0 if (@address < 0 || ! @address)
+
+      begin
+        buf = pe.read_rva(@address, suf)
+      rescue ::Rex::PeParsey::PeParseyError
+        return
+      end
+
+      $stdout.puts pe.ptr_s(pe.rva_to_vma(@address)) + " " + buf.unpack("H*")[0]
+      if(param['disasm'])
+        insns = []
+        buf.gsub!("; ", "\n")
+        if buf.include?("retn")
+          buf.gsub!("retn", "ret")
+        end
+        d2 = Metasm::Shellcode.disassemble(Metasm::Ia32.new, buf)
+        addr = 0
+        while ((di = d2.disassemble_instruction(addr)))
+          insns << di.instruction
+          disasm = "0x%08x\t" % (pe.rva_to_vma(@address) + addr)
+          disasm << di.instruction.to_s
+          $stdout.puts disasm
+          addr = di.next_addr
+        end
+      end
+
+    end
+  end
+
+  class DumpOffset < DumpRVA
+    def config(param)
+      begin
+        @address = pe.file_offset_to_rva(param['args'])
+      rescue Rex::PeParsey::BoundsError
+      end
+    end
+  end
+end
+end
+end

data/rex-bin_tools.gemspec

@@ -0,0 +1,32 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'rex/bin_tools/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "rex-bin_tools"
+  spec.version       = Rex::BinTools::VERSION
+  spec.authors       = ["David Maloney"]
+  spec.email         = ["DMaloney@rapid7.com"]
+
+  spec.summary       = "Ruby Exploitation(rex) Library containing a suite of binary reading and manipulation tools"
+  spec.description   = "A suite of tools for analyzing Elf,Mach, and PE format executables to find specific chunks of code."
+  spec.homepage      = "https://github.com/rapid7/rex-bin_tools"
+
+
+
+  spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  spec.bindir        = "bin"
+  spec.executables   = ["msfbinscan", "msfelfscan", "msfmachscan", "msfpescan"]
+  spec.require_paths = ["lib"]
+
+  spec.add_development_dependency "bundler", "~> 1.12"
+  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "rspec", "~> 3.0"
+
+  spec.add_runtime_dependency 'metasm'
+  spec.add_runtime_dependency 'rex-arch'
+  spec.add_runtime_dependency 'rex-struct2'
+  spec.add_runtime_dependency 'rex-text'
+  spec.add_runtime_dependency 'rex-core'
+end

metadata

@@ -0,0 +1,284 @@
+--- !ruby/object:Gem::Specification
+name: rex-bin_tools
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- David Maloney
+autorequire: 
+bindir: bin
+cert_chain:
+- |
+  -----BEGIN CERTIFICATE-----
+  MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG
+  A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
+  b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw
+  MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i
+  YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT
+  aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ
+  jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp
+  xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp
+  1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG
+  snUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ
+  U26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8
+  9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E
+  BTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0B
+  AQUFAAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOz
+  yj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE
+  38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymP
+  AbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad
+  DKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME
+  HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A==
+  -----END CERTIFICATE-----
+- |
+  -----BEGIN CERTIFICATE-----
+  MIIEKDCCAxCgAwIBAgILBAAAAAABL07hNVwwDQYJKoZIhvcNAQEFBQAwVzELMAkG
+  A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
+  b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xMTA0MTMxMDAw
+  MDBaFw0xOTA0MTMxMDAwMDBaMFExCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i
+  YWxTaWduIG52LXNhMScwJQYDVQQDEx5HbG9iYWxTaWduIENvZGVTaWduaW5nIENB
+  IC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyTxTnEL7XJnKr
+  NpfvU79ChF5Y0Yoo/ENGb34oRFALdV0A1zwKRJ4gaqT3RUo3YKNuPxL6bfq2RsNq
+  o7gMJygCVyjRUPdhOVW4w+ElhlI8vwUd17Oa+JokMUnVoqni05GrPjxz7/Yp8cg1
+  0DB7f06SpQaPh+LO9cFjZqwYaSrBXrta6G6V/zuAYp2Zx8cvZtX9YhqCVVrG+kB3
+  jskwPBvw8jW4bFmc/enWyrRAHvcEytFnqXTjpQhU2YM1O46MIwx1tt6GSp4aPgpQ
+  STic0qiQv5j6yIwrJxF+KvvO3qmuOJMi+qbs+1xhdsNE1swMfi9tBoCidEC7tx/0
+  O9dzVB/zAgMBAAGjgfowgfcwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB
+  Af8CAQAwHQYDVR0OBBYEFAhu2Lacir/tPtfDdF3MgB+oL1B6MEcGA1UdIARAMD4w
+  PAYEVR0gADA0MDIGCCsGAQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNv
+  bS9yZXBvc2l0b3J5LzAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY3JsLmdsb2Jh
+  bHNpZ24ubmV0L3Jvb3QuY3JsMBMGA1UdJQQMMAoGCCsGAQUFBwMDMB8GA1UdIwQY
+  MBaAFGB7ZhpFDZfKiVAvfQTNNKj//P1LMA0GCSqGSIb3DQEBBQUAA4IBAQAiXMXd
+  PfQLcNjj9efFjgkBu7GWNlxaB63HqERJUSV6rg2kGTuSnM+5Qia7O2yX58fOEW1o
+  kdqNbfFTTVQ4jGHzyIJ2ab6BMgsxw2zJniAKWC/wSP5+SAeq10NYlHNUBDGpeA07
+  jLBwwT1+170vKsPi9Y8MkNxrpci+aF5dbfh40r5JlR4VeAiR+zTIvoStvODG3Rjb
+  88rwe8IUPBi4A7qVPiEeP2Bpen9qA56NSvnwKCwwhF7sJnJCsW3LZMMSjNaES2dB
+  fLEDF3gJ462otpYtpH6AA0+I98FrWkYVzSwZi9hwnOUtSYhgcqikGVJwQ17a1kYD
+  sGgOJO9K9gslJO8k
+  -----END CERTIFICATE-----
+- |
+  -----BEGIN CERTIFICATE-----
+  MIIEyjCCA7KgAwIBAgISESEyE8rNriS4+1dc8jOHEUL8MA0GCSqGSIb3DQEBBQUA
+  MFExCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMScwJQYD
+  VQQDEx5HbG9iYWxTaWduIENvZGVTaWduaW5nIENBIC0gRzIwHhcNMTMxMDExMTUx
+  NTM4WhcNMTYxMDExMTUxNTM4WjBgMQswCQYDVQQGEwJVUzEWMBQGA1UECBMNTWFz
+  c2FjaHVzZXR0czEPMA0GA1UEBxMGQm9zdG9uMRMwEQYDVQQKEwpSYXBpZDcgTExD
+  MRMwEQYDVQQDEwpSYXBpZDcgTExDMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+  CgKCAQEAhD//7+739c69hssg0mD6CXgf2JkuWTcU81dgD7aKcoEPqU8e1FseBvDW
+  /Q5fNK2H2NgHV/Msn18zXuK0PkaJXqj/vDsuKB3Hq0BiR2AwyDdEw8K5MK5bgQc2
+  tmcVtEAejRoy1Uv5UyfaAYAxG6zsma3buV1fjnEAC3VouRg4+EX/f65H/a6srntK
+  5Etp3D71k2f0oUl8dOqOmSsRJQQ5zSs4ktDvpjAmsvzoA+1svceLYU95mvQsIw2T
+  edpmibGMwGw/HmgV+YWBgF5UGvax6zbC2i6DF2YHnDfkNb8/1MEIaxOTAbJTazTK
+  8laCQOyay6L1BNPQKjZBgOge8LZq1wIDAQABo4IBizCCAYcwDgYDVR0PAQH/BAQD
+  AgeAMEwGA1UdIARFMEMwQQYJKwYBBAGgMgEyMDQwMgYIKwYBBQUHAgEWJmh0dHBz
+  Oi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMAkGA1UdEwQCMAAwEwYD
+  VR0lBAwwCgYIKwYBBQUHAwMwPgYDVR0fBDcwNTAzoDGgL4YtaHR0cDovL2NybC5n
+  bG9iYWxzaWduLmNvbS9ncy9nc2NvZGVzaWduZzIuY3JsMIGGBggrBgEFBQcBAQR6
+  MHgwQAYIKwYBBQUHMAKGNGh0dHA6Ly9zZWN1cmUuZ2xvYmFsc2lnbi5jb20vY2Fj
+  ZXJ0L2dzY29kZXNpZ25nMi5jcnQwNAYIKwYBBQUHMAGGKGh0dHA6Ly9vY3NwMi5n
+  bG9iYWxzaWduLmNvbS9nc2NvZGVzaWduZzIwHQYDVR0OBBYEFE536JwFx9SpaEi3
+  w8pcq2GRFA5BMB8GA1UdIwQYMBaAFAhu2Lacir/tPtfDdF3MgB+oL1B6MA0GCSqG
+  SIb3DQEBBQUAA4IBAQAGpGXHtFLjTTivV+xQPwtZhfPuJ7f+VGTMSAAYWmfzyHXM
+  YMFYUWJzSFcuVR2YfxtbS45P7U5Qopd7jBQ0Ygk5h2a+B5nE4+UlhHj665d0zpYM
+  1eWndMaO6WBOYnqtNyi8Dqqc1foKZDNHEDggYhGso7OIBunup+N4sPL9PwQ3eYe6
+  mUu8z0E4GXYViaMPOFkqaYnoYgf2L+7L5zKYT4h/NE/P7kj7EbduHgy/v/aAIrNl
+  2SpuQH+SWteq3NXkAmFEEqvLJQ4sbptZt8OP8ghL3pVAvZNFmww/YVszSkShSzcg
+  QdihYCSEL2drS2cFd50jBeq71sxUtxbv82DUa2b+
+  -----END CERTIFICATE-----
+date: 2016-08-15 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.12'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.12'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: metasm
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rex-arch
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rex-struct2
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rex-text
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rex-core
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: A suite of tools for analyzing Elf,Mach, and PE format executables to
+  find specific chunks of code.
+email:
+- DMaloney@rapid7.com
+executables:
+- msfbinscan
+- msfelfscan
+- msfmachscan
+- msfpescan
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".rspec"
+- ".travis.yml"
+- CODE_OF_CONDUCT.md
+- Gemfile
+- LICENSE
+- README.md
+- Rakefile
+- bin/console
+- bin/msfbinscan
+- bin/msfelfscan
+- bin/msfmachscan
+- bin/msfpescan
+- bin/setup
+- data/identify.txt
+- lib/rex/assembly/nasm.rb
+- lib/rex/bin_tools.rb
+- lib/rex/bin_tools/version.rb
+- lib/rex/elfparsey.rb
+- lib/rex/elfparsey/elf.rb
+- lib/rex/elfparsey/elfbase.rb
+- lib/rex/elfparsey/exceptions.rb
+- lib/rex/elfscan.rb
+- lib/rex/elfscan/scanner.rb
+- lib/rex/elfscan/search.rb
+- lib/rex/image_source.rb
+- lib/rex/image_source/disk.rb
+- lib/rex/image_source/image_source.rb
+- lib/rex/image_source/memory.rb
+- lib/rex/machparsey.rb
+- lib/rex/machparsey/exceptions.rb
+- lib/rex/machparsey/mach.rb
+- lib/rex/machparsey/machbase.rb
+- lib/rex/machscan.rb
+- lib/rex/machscan/scanner.rb
+- lib/rex/peparsey.rb
+- lib/rex/peparsey/exceptions.rb
+- lib/rex/peparsey/pe.rb
+- lib/rex/peparsey/pe_memdump.rb
+- lib/rex/peparsey/pebase.rb
+- lib/rex/peparsey/section.rb
+- lib/rex/pescan.rb
+- lib/rex/pescan/analyze.rb
+- lib/rex/pescan/scanner.rb
+- lib/rex/pescan/search.rb
+- rex-bin_tools.gemspec
+homepage: https://github.com/rapid7/rex-bin_tools
+licenses: []
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.8
+signing_key: 
+specification_version: 4
+summary: Ruby Exploitation(rex) Library containing a suite of binary reading and manipulation
+  tools
+test_files: []