search

david942j / one_gadget

The best tool for finding one gadget RCE in libc.so.6
MIT License
2.07k stars 139 forks source link

Output in JSON format #224

Closed david942j closed 1 month ago

david942j commented 1 month ago

ref: https://github.com/Gallopsled/pwntools/issues/932#issuecomment-2386306955

Output in a more parsable format sounds a good idea to make one_gadget be more usable across different tools.

david942j commented 1 month ago

Example output (detailed field names might be changed during implementation, will update this comment once I have a PR):

$ one_gadget /lib/x86_64-linux-gnu/libc.so.6 -o json

{
"gadgets": [
    {
      "value": 932606,
      "effect": "execve('/bin/sh', r15, r12)",
      "constraints": ["[r15] == NULL || r15 == NULL || r15 is a valid argv", "[r12] == NULL || r12 == NULL || r12 is a valid envp"]
    },
    {
      ...
    }
  ]
}

For the case of --near provided, output would become an array on the top level: $ one_gadget /lib/x86_64-linux-gnu/libc.so.6 --near exit,mkdir -o json

[
  {
    "near": "exit",
    "near_offset": <offset of exit in libc>,
    "gadgets": [
       { ... }
    ]
  },
  {
    "near": "mkdir",
    "near_offset": <offset of mkdir in libc>,
    "gadgets": [
       { ... }
    ]
  }
]