polyverse / EnVisen

ROP gadget finder and analysis in pure Javascript
https://analyze.polyverse.io
Apache License 2.0
29 stars 8 forks source link
arm arm64 aslr-bypass binary-analysis control-flow cybersecurity disassembly elf elf-loader elf-parser linux macho macho-parser macos portable-executable rop-chain rop-exploitation rop-gadgets windows x86

DEPRECATION NOTICE

Please note that this repository has been deprecated and is no longer actively maintained by Polyverse Corporation. It may be removed in the future, but for now remains public for the benefit of any users.

Importantly, as the repository has not been maintained, it may contain unpatched security issues and other critical issues. Use at your own risk.

While it is not maintained, we would graciously consider any pull requests in accordance with our Individual Contributor License Agreement. https://github.com/polyverse/contributor-license-agreement

For any other issues, please feel free to contact info@polyverse.com


⚠️ This tool may only be used for educational, teaching, learning, understanding and research purposes only.

Binary Entropy Visualizer

Completely self-contained binary ROP/JOP gadget analyzer for comparing two binaries side-by-side and understanding their structures, in 100% pure Javascript, and a self-contained client-side browser application. Focussed on extreme simplicity of usage and portability across platforms.

Get Started:

Visit the hosted version here: https://analyze.polyverse.com/

Self hosting

Or clone this repo, and open index.html in your web-browser locally.

[Note] Occasionally your browser might not like loading scripts from the filesystem due to CORS, in which case host this directory behind a static webserver. Hacker-y folks might be used to:

python -m SimpleHTTPServer

Code Walkthrough, API, and Programmatic use

See detailed code walkthrough page.

Understanding the licenses

All code contributed directly to this project, any surrounding glue-logic, and original code is licensed under the Apache 2.0 license. It is a fairly permissive license.

However, there is a LOT of code that is either borrowed or adapted from third party open source projects, and those modules, any changes to those modules, or copies/forks of those modules, continue to stay under their original licenses.

For example,

And so on and so forth...

If GPL code is incorporated in modules, then those modules may be considered under the respective GPL license.

We want to emphasize that the practical and functional intent of this tool is to take the best of what is out there and provide a useful combination that solves a real problem, encourages study, modification, changes and distribution of the tool. If you have concerns around your particular license or code, or if we have failed to attribute your contributions, simply file an issue, and we will fix it right away.

Intended for extreme isolation, security, and simplicity

Resources: