Xori is an automation-ready disassembly and static analysis library for PE32, 32+ and shellcode

Related tags

Security tools xori
Overview

alt text

Xori - Custom disassembly framework

License: AGPL v3

Xori is an automation-ready disassembly and static analysis library that consumes shellcode or PE binaries and provides triage analysis data.

Acknowledgements:

Xori wouldn't exist without inspiration and ideas from the open source community. We are indebted to the work of the Capstone engine and the LLVM Project.

Architectures:

  • i386
  • x86-64

File Formats

  • PE, PE+
  • Plain shellcode

Current Features

  • Outputs json of the 1) Disassembly, 2) Functions, and 3) Imports.
  • Manages Image and Stack memory.
  • 2 modes:
    • Light Emulation - meant to enumerate all paths (Registers, Stack, Some Instructions).
    • Full Emulation - only follows the code’s path (Slow performance).
  • Simulated TEB & PEB structures.
  • Evaluates functions based on DLL exports.
  • Displays strings based on referenced memory locations.
  • Uses FLIRT style signatures (Fast Library Identification and Recognition Technology).
  • Allows you to use your own exports for simulating the PEB.
  • Will detect padding after a non-returning call.
  • Will try to identify function references from offsets.

What it doesn't do yet:

  • The engine is interactive.
  • Does not dump strings.
  • Does not process non-executable sections.
  • TEB and PEB are not enabled for non-pe files.
  • Only some x86 instructions are emulated, not all.
  • Patching and assembling.
  • No plugins or scripting.

Documentation

Requirements

rustc 1.27.0

Install rust for OSX & Linux Distros

curl https://sh.rustup.rs -sSf | sh

Install rust for Windows

First get the rustup.exe (the rust toolchain installer) from here. Screenshoot about rustup installation

This tool will install the rust compiler rustc, the rust package manager cargo and other usefull tools for development in rust.

  • run the rustup.exe

Install rust prerequisites

in case you see this output, your Windows environment is missing the Build Tools for Visual Studio so keep reading, otherwise go here Screenshoot about missing prerequisites

  • follow the link from the output, or click here

  • cancel the rustup-init.exe

  • back in browser, scroll down, expand the tab Tools for Visual Studio 2017 & download the Build Tools for Visual Studio 2017

Screenshoot about build tools installation

  • run the executable

choose the Visual C++ build tools & click "install", close the "Visual Studio Installer" after the installation Screenshoot about build tools installation

Install rust toolchain

run the rustup.exe & you will see the following output Screenshoot about rustup installation

after the successful installation you can see that the rust compiler rustc, rust package manager cargo and other tools were installed (under C:\Users\%username%\.cargo & C:\Users\%username%\.rustup) Screenshoot about rustup installation

  • open a new "Command Prompt" & follow the xori build steps here

Installation

1. Build Xori

This command will also create other binaries such as pesymbols ans peinfo.

git clone https://github.com/endgameinc/xori.git
cd xori
cargo build --release

2. Create xori.json config file

cp xori.json.example xori.json
[edit if desired]

3. (Optional) Build the symbols files

If you want to create your own symbol files you need to set the dll folders to where you stored your windows dlls.

"function_symbol32": "./src/analysis/symbols/generated_user_syswow64.json",
"function_symbol64": "./src/analysis/symbols/generated_user_system32.json",
"symbol_server": {
	"dll_folder32": "./dlls/32bit",
	"dll_folder64": "./dlls/64bit"

Run pesymbols to overwrite the function_symbol json

 ./target/release/pesymbols

Run

./target/release/xori -f test.exe

Run all tests

cargo test

Browser GUI

Chrome Firefox Safari IE Opera
Latest Latest Latest x Latest

Requirements

nodejs

yarn (optional for UI dev)

  • On Ubuntu 18.04 you may need to apt install the following: curl git libssl-dev pkg-config build-essential npm

Build

cd gui
npm install

Run

In one terminal

cd gui
node src/server.js

In another terminal

cd gui
npm start

It will open your default browser to http://localhost:3000/. The backend API is listening on localhost:5000.

Comments
  • Xori install error on Windows 10

    Xori install error on Windows 10

    I've attempted to install Xori on two versions of Windows 10; both the latest and greatest v 1803 as well as the previous version (1709 I believe). Per the requirements: -Installed Rust from https://static.rust-lang.org/dist/rust-1.28.0-x86_64-pc-windows-gnu.msi -Downloaded the zip from https://github.com/endgameinc/xori -Tried installing in CMD window, both with and without Admin privileges using "cargo build --release". -Also tried installing with the same command in a PowerShell window.

    In all cases, I got the attached error message.

    Can you help me troubleshoot this? install-error

    opened by SeattleForensics 7
  • fix endianness of macho magic number check

    fix endianness of macho magic number check

    Before

    $ target/debug/xori -f /bin/cp -o /dev/null
    error: config file does not exist, using default configurations.
     [DEBUG] analyze()
     [DEBUG] binary data header not parsed
     [DEBUG] Identified binary data
     [DEBUG] disassemble()
    IMAGE START:       1000
    CODE START:       1000
    ENTRYPOINT:       1000
    ARCH: ArchX86
    MODE: Mode32
     [DEBUG] stack overflow2
     [DEBUG] is return
    0x1000           CF                   iretd  ; FUNC 0x1000 END
    

    Testing

    $ hexdump /bin/cp | head -c 56
    0000000 cf fa ed fe 07 00 00 01 03 00 00 80 02 00 00 00
    

    analyize.rs:: 147 if test_macho.eq(b"\xFE\xED\xFA\xCE") Change to analyize.rs:: 147 if test_macho.eq(b"\xCF\xFA\xED\xFE")

    After

    $ target/debug/xori -f /bin/cp -o /dev/null
    error: config file does not exist, using default configurations.
     [DEBUG] analyze()
    "MACHO is not supported yet"
    

    My linter removed trailing whitespace. If this is not ideal I can ammend the commit.

    opened by LucienBrule 5
  • slice exception for small sample

    slice exception for small sample

    Using the small 7-byte sample with hex dump 00000000: eb 01 0f 31 c0 40 c3 ...1.@.

    Running the command line analysis xori -f [file]

    results in following exception:

    error: folder does not exist, using current_dir error: config file does not exist, using default configurations. IMAGE START: 1000 CODE START: 1000 ENTRYPOINT: 1000 ARCH: ArchX86 MODE: Mode32 thread 'main' panicked at 'index 11 out of range for slice of length 7', libcore/slice/mod.rs:1965:5 stack backtrace: 0: std::sys::unix::backtrace::tracing::imp::unwind_backtrace at libstd/sys/unix/backtrace/tracing/gcc_s.rs:49 1: std::sys_common::backtrace::print at libstd/sys_common/backtrace.rs:71 at libstd/sys_common/backtrace.rs:59 2: std::panicking::default_hook::{{closure}} at libstd/panicking.rs:211 3: std::panicking::default_hook at libstd/panicking.rs:227 4: std::panicking::rust_panic_with_hook at libstd/panicking.rs:511 5: std::panicking::continue_panic_fmt at libstd/panicking.rs:426 6: rust_begin_unwind at libstd/panicking.rs:337 7: core::panicking::panic_fmt at libcore/panicking.rs:92 8: core::slice::slice_index_len_fail at libcore/slice/mod.rs:1965 9: xori::analysis::data_analyzer::check_if_padding at /checkout/src/libcore/slice/mod.rs:2130 at /checkout/src/libcore/slice/mod.rs:1947 at src/analysis/data_analyzer.rs:33 10: xori::arch::x86::analyzex86::analyze_instructionx86 at src/arch/x86/analyzex86.rs:1247 11: xori::arch::x86::analyzex86::recurse_disasmx86 at src/arch/x86/analyzex86.rs:1387 12: xori::analysis::analyze::disassemble_init at src/analysis/analyze.rs:421 13: xori::analysis::analyze::analyze at src/analysis/analyze.rs:523 14: xori::main at src/main.rs:131 15: std::rt::lang_start::{{closure}} at /checkout/src/libstd/rt.rs:74 16: std::panicking::try::do_call at libstd/rt.rs:59 at libstd/panicking.rs:310 17: __rust_maybe_catch_panic at libpanic_unwind/lib.rs:105 18: std::rt::lang_start_internal at libstd/panicking.rs:289 at libstd/panic.rs:392 at libstd/rt.rs:58 19: main 20: __libc_start_main 21: _start


    Note: ubuntu 16.04 rustc 1.28.0 cargo 1.28.0

    opened by drstrng 4
  • Update api-consumer.jsx

    Update api-consumer.jsx

    While the webUI is accessible via the network hardcoding 'localhost' returns errors when uploading from another machine. Substituting "localhost' with 'window.location.hostname' dynamically changes the POST URL path to adjust and remain functional from other machines on the Network. In my case Xori can now be used on a centralized server that is shared between team members.

    opened by foxns1 4
  • Fix remaining warnings in xori build

    Fix remaining warnings in xori build

    https://github.com/endgameinc/xori/pull/39 fixes the majority of the build warnings in xori. There are a couple outstanding warnings that need further investigation. I see these warnings when building on macos 10.15.3, ubuntu 19.10, and windows server 2019.

       Compiling xori v0.0.1 (/Users/hulk/src/endgameinc/xori)
    warning: use of deprecated item 'std::mem::uninitialized': use `mem::MaybeUninit` instead
       --> src/analysis/formats/pe.rs:523:3
        |
    523 | /   do_parse!(input,
    524 | |         major_linker_version: le_u8 >>
    525 | |         minor_linker_version: le_u8 >>
    526 | |         size_of_code: le_u32 >>
    ...   |
    584 | |         }))
    585 | |   )
        | |___^
        |
        = note: `#[warn(deprecated)]` on by default
        = note: this warning originates in a macro outside of the current crate (in Nightly builds, run with -Z external-macro-backtrace for more info)
    
    warning: use of deprecated item 'std::mem::uninitialized': use `mem::MaybeUninit` instead
       --> src/analysis/formats/pe.rs:589:3
        |
    589 | /   do_parse!(input,
    590 | |         major_linker_version: le_u8 >>
    591 | |         minor_linker_version: le_u8 >>
    592 | |         size_of_code: le_u32 >>
    ...   |
    653 | |             )
    654 | |   )
        | |___^
        |
        = note: this warning originates in a macro outside of the current crate (in Nightly builds, run with -Z external-macro-backtrace for more info)
    
    opened by mikemadden42 3
  • precompute regex for all loaded signatures

    precompute regex for all loaded signatures

    dunno if rebuilding the signature regex each match_bytes was intentional but creating and compiling the regex is a huge amount of runtime, at least using a crosscompiled-to-windows xori.exe as my test file. Since signatures afaict is immutable everywhere other than init and load_flirts, I believe this is a functionally equivalent change, but I don't have any custom pattern files or many other binaries to test on at the moment.

    After this change, diff before after shows no differences in output, but completes in ~2.4 seconds under perf, where it was closer to 10 seconds under perf before.

    Tripped across this while looking into something else that ended up not being an improvement, whoops.

    opened by iximeow 3
  • Bump urijs from 1.19.1 to 1.19.10 in /gui

    Bump urijs from 1.19.1 to 1.19.10 in /gui

    Bumps urijs from 1.19.1 to 1.19.10.

    Release notes

    Sourced from urijs's releases.

    1.19.10 (March 5th 2022)

    1.19.9 (March 3rd 2022)

    1.19.8 (February 15th 2022)

    1.19.7 (July 14th 2021)

    • SECURITY fixing URI.parseQuery() to prevent overwriting __proto__ in parseQuery() - disclosed privately by @​NewEraCracker
    • SECURITY fixing URI.parse() to handle variable amounts of \ and / in scheme delimiter as Node and Browsers do - disclosed privately by ready-research via https://huntr.dev/
    • removed obsolete build tools
    • updated jQuery versions (verifying compatibility with 1.12.4, 2.2.4, 3.6.0)

    1.19.6 (February 13th 2021)

    • SECURITY fixing URI.parse() to rewrite \ in scheme delimiter to / as Node and Browsers do - disclosed privately by Yaniv Nizry from the CxSCA AppSec team at Checkmarx

    1.19.5 (December 30th 2020)

    1.19.4 (December 23rd 2020)

    1.19.3 (December 20th 2020)

    1.19.2 (October 20th 2019)

    Changelog

    Sourced from urijs's changelog.

    Commits
    • 926b2aa chore(build): bumping to version 1.19.10
    • a8166fe fix(parse): handle excessive colons in scheme delimiter
    • 01920b5 chore(build): bumping to version 1.19.9
    • 86d1052 fix(parse): remove leading whitespace
    • efae1e5 chore(build): bumping to version 1.19.8
    • 6ea641c fix(parse): case insensitive scheme - #412
    • 19e54c7 chore(build): bumping to version 1.19.7
    • 547d4b6 build: update jquery
    • aab4a43 build: remove obsolete build tools
    • ac43ca8 fix(parse): more backslash galore #410
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 2
  • Bump urijs from 1.19.1 to 1.19.9 in /gui

    Bump urijs from 1.19.1 to 1.19.9 in /gui

    Bumps urijs from 1.19.1 to 1.19.9.

    Release notes

    Sourced from urijs's releases.

    1.19.9 (March 3rd 2022)

    1.19.8 (February 15th 2022)

    1.19.7 (July 14th 2021)

    • SECURITY fixing URI.parseQuery() to prevent overwriting __proto__ in parseQuery() - disclosed privately by @​NewEraCracker
    • SECURITY fixing URI.parse() to handle variable amounts of \ and / in scheme delimiter as Node and Browsers do - disclosed privately by ready-research via https://huntr.dev/
    • removed obsolete build tools
    • updated jQuery versions (verifying compatibility with 1.12.4, 2.2.4, 3.6.0)

    1.19.6 (February 13th 2021)

    • SECURITY fixing URI.parse() to rewrite \ in scheme delimiter to / as Node and Browsers do - disclosed privately by Yaniv Nizry from the CxSCA AppSec team at Checkmarx

    1.19.5 (December 30th 2020)

    1.19.4 (December 23rd 2020)

    1.19.3 (December 20th 2020)

    1.19.2 (October 20th 2019)

    Changelog

    Sourced from urijs's changelog.

    1.19.9 (March 3rd 2022)

    1.19.8 (February 15th 2022)

    1.19.7 (July 14th 2021)

    • SECURITY fixing URI.parseQuery() to prevent overwriting __proto__ in parseQuery() - disclosed privately by @​NewEraCracker
    • SECURITY fixing URI.parse() to handle variable amounts of \ and / in scheme delimiter as Node and Browsers do - disclosed privately by ready-research via https://huntr.dev/
    • removed obsolete build tools
    • updated jQuery versions (verifying compatibility with 1.12.4, 2.2.4, 3.6.0)

    1.19.6 (February 13th 2021)

    • SECURITY fixing URI.parse() to rewrite \ in scheme delimiter to / as Node and Browsers do - disclosed privately by Yaniv Nizry from the CxSCA AppSec team at Checkmarx

    1.19.5 (December 30th 2020)

    1.19.4 (December 23rd 2020)

    1.19.3 (December 20th 2020)

    1.19.2 (October 20th 2019)

    Commits
    • 01920b5 chore(build): bumping to version 1.19.9
    • 86d1052 fix(parse): remove leading whitespace
    • efae1e5 chore(build): bumping to version 1.19.8
    • 6ea641c fix(parse): case insensitive scheme - #412
    • 19e54c7 chore(build): bumping to version 1.19.7
    • 547d4b6 build: update jquery
    • aab4a43 build: remove obsolete build tools
    • ac43ca8 fix(parse): more backslash galore #410
    • 622db6d docs: add security policy
    • 8e51b00 fix(parse): prevent overwriting proto in parseQuery()
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 2
  • Bump urijs from 1.19.1 to 1.19.8 in /gui

    Bump urijs from 1.19.1 to 1.19.8 in /gui

    Bumps urijs from 1.19.1 to 1.19.8.

    Release notes

    Sourced from urijs's releases.

    1.19.8 (February 15th 2022)

    1.19.7 (July 14th 2021)

    • SECURITY fixing URI.parseQuery() to prevent overwriting __proto__ in parseQuery() - disclosed privately by @​NewEraCracker
    • SECURITY fixing URI.parse() to handle variable amounts of \ and / in scheme delimiter as Node and Browsers do - disclosed privately by ready-research via https://huntr.dev/
    • removed obsolete build tools
    • updated jQuery versions (verifying compatibility with 1.12.4, 2.2.4, 3.6.0)

    1.19.6 (February 13th 2021)

    • SECURITY fixing URI.parse() to rewrite \ in scheme delimiter to / as Node and Browsers do - disclosed privately by Yaniv Nizry from the CxSCA AppSec team at Checkmarx

    1.19.5 (December 30th 2020)

    1.19.4 (December 23rd 2020)

    1.19.3 (December 20th 2020)

    1.19.2 (October 20th 2019)

    Changelog

    Sourced from urijs's changelog.

    1.19.8 (February 15th 2022)

    1.19.7 (July 14th 2021)

    • SECURITY fixing URI.parseQuery() to prevent overwriting __proto__ in parseQuery() - disclosed privately by @​NewEraCracker
    • SECURITY fixing URI.parse() to handle variable amounts of \ and / in scheme delimiter as Node and Browsers do - disclosed privately by ready-research via https://huntr.dev/
    • removed obsolete build tools
    • updated jQuery versions (verifying compatibility with 1.12.4, 2.2.4, 3.6.0)

    1.19.6 (February 13th 2021)

    • SECURITY fixing URI.parse() to rewrite \ in scheme delimiter to / as Node and Browsers do - disclosed privately by Yaniv Nizry from the CxSCA AppSec team at Checkmarx

    1.19.5 (December 30th 2020)

    1.19.4 (December 23rd 2020)

    1.19.3 (December 20th 2020)

    1.19.2 (October 20th 2019)

    Commits
    • efae1e5 chore(build): bumping to version 1.19.8
    • 6ea641c fix(parse): case insensitive scheme - #412
    • 19e54c7 chore(build): bumping to version 1.19.7
    • 547d4b6 build: update jquery
    • aab4a43 build: remove obsolete build tools
    • ac43ca8 fix(parse): more backslash galore #410
    • 622db6d docs: add security policy
    • 8e51b00 fix(parse): prevent overwriting proto in parseQuery()
    • 46c8ac0 chore(build): bumping to version 1.19.6
    • a1ad8bc fix(parse): treat backslash as forwardslash in scheme delimiter
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 2
  • Bump follow-redirects from 1.4.1 to 1.14.7 in /gui

    Bump follow-redirects from 1.4.1 to 1.14.7 in /gui

    Bumps follow-redirects from 1.4.1 to 1.14.7.

    Commits
    • 2ede36d Release version 1.14.7 of the npm package.
    • 8b347cb Drop Cookie header across domains.
    • 6f5029a Release version 1.14.6 of the npm package.
    • af706be Ignore null headers.
    • d01ab7a Release version 1.14.5 of the npm package.
    • 40052ea Make compatible with Node 17.
    • 86f7572 Fix: clear internal timer on request abort to avoid leakage
    • 2e1eaf0 Keep Authorization header on subdomain redirects.
    • 2ad9e82 Carry over Host header on relative redirects (#172)
    • 77e2a58 Release version 1.14.4 of the npm package.
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 2
  • Bump tar from 4.4.1 to 4.4.15 in /gui

    Bump tar from 4.4.1 to 4.4.15 in /gui

    Bumps tar from 4.4.1 to 4.4.15.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 2
  • Bump express from 4.16.3 to 4.17.3 in /gui

    Bump express from 4.16.3 to 4.17.3 in /gui

    Bumps express from 4.16.3 to 4.17.3.

    Release notes

    Sourced from express's releases.

    4.17.3

    4.17.2

    4.17.1

    • Revert "Improve error message for null/undefined to res.status"

    4.17.0

    • Add express.raw to parse bodies into Buffer
    • Add express.text to parse bodies into string

    ... (truncated)

    Changelog

    Sourced from express's changelog.

    4.17.3 / 2022-02-16

    4.17.2 / 2021-12-16

    4.17.1 / 2019-05-25

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 1
  • Bump decode-uri-component from 0.2.0 to 0.2.2 in /gui

    Bump decode-uri-component from 0.2.0 to 0.2.2 in /gui

    Bumps decode-uri-component from 0.2.0 to 0.2.2.

    Release notes

    Sourced from decode-uri-component's releases.

    v0.2.2

    • Prevent overwriting previously decoded tokens 980e0bf

    https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.1...v0.2.2

    v0.2.1

    • Switch to GitHub workflows 76abc93
    • Fix issue where decode throws - fixes #6 746ca5d
    • Update license (#1) 486d7e2
    • Tidelift tasks a650457
    • Meta tweaks 66e1c28

    https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.0...v0.2.1

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 1
  • Bump css-what from 2.1.0 to 2.1.3 in /gui

    Bump css-what from 2.1.0 to 2.1.3 in /gui

    Bumps css-what from 2.1.0 to 2.1.3.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 1
  • Bump urijs from 1.19.1 to 1.19.11 in /gui

    Bump urijs from 1.19.1 to 1.19.11 in /gui

    Bumps urijs from 1.19.1 to 1.19.11.

    Release notes

    Sourced from urijs's releases.

    1.19.11 (April 3rd 2022)

    1.19.10 (March 5th 2022)

    1.19.9 (March 3rd 2022)

    1.19.8 (February 15th 2022)

    1.19.7 (July 14th 2021)

    • SECURITY fixing URI.parseQuery() to prevent overwriting __proto__ in parseQuery() - disclosed privately by @​NewEraCracker
    • SECURITY fixing URI.parse() to handle variable amounts of \ and / in scheme delimiter as Node and Browsers do - disclosed privately by ready-research via https://huntr.dev/
    • removed obsolete build tools
    • updated jQuery versions (verifying compatibility with 1.12.4, 2.2.4, 3.6.0)

    1.19.6 (February 13th 2021)

    • SECURITY fixing URI.parse() to rewrite \ in scheme delimiter to / as Node and Browsers do - disclosed privately by Yaniv Nizry from the CxSCA AppSec team at Checkmarx

    1.19.5 (December 30th 2020)

    1.19.4 (December 23rd 2020)

    1.19.3 (December 20th 2020)

    1.19.2 (October 20th 2019)

    Changelog

    Sourced from urijs's changelog.

    Commits
    • b655c1b chore(build): bumping to version 1.19.11
    • b0c9796 fix(parse): handle CR,LF,TAB
    • 88805fd fix(parse): handle excessive slashes in scheme-relative URLs
    • 926b2aa chore(build): bumping to version 1.19.10
    • a8166fe fix(parse): handle excessive colons in scheme delimiter
    • 01920b5 chore(build): bumping to version 1.19.9
    • 86d1052 fix(parse): remove leading whitespace
    • efae1e5 chore(build): bumping to version 1.19.8
    • 6ea641c fix(parse): case insensitive scheme - #412
    • 19e54c7 chore(build): bumping to version 1.19.7
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 1
  • Bump follow-redirects from 1.4.1 to 1.14.8 in /gui

    Bump follow-redirects from 1.4.1 to 1.14.8 in /gui

    Bumps follow-redirects from 1.4.1 to 1.14.8.

    Commits
    • 3d81dc3 Release version 1.14.8 of the npm package.
    • 62e546a Drop confidential headers across schemes.
    • 2ede36d Release version 1.14.7 of the npm package.
    • 8b347cb Drop Cookie header across domains.
    • 6f5029a Release version 1.14.6 of the npm package.
    • af706be Ignore null headers.
    • d01ab7a Release version 1.14.5 of the npm package.
    • 40052ea Make compatible with Node 17.
    • 86f7572 Fix: clear internal timer on request abort to avoid leakage
    • 2e1eaf0 Keep Authorization header on subdomain redirects.
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 1
  • Bump chownr from 1.0.1 to 1.1.4 in /gui

    Bump chownr from 1.0.1 to 1.1.4 in /gui

    Bumps chownr from 1.0.1 to 1.1.4.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
Owner
ENDGAME
ENDGAME
A new shellcode injection technique. Given as C++ header, standalone Rust program or library.

FunctionStomping Description This is a brand-new technique for shellcode injection to evade AVs and EDRs. This technique is inspired by Module Stompin

Ido Veltzman 608 Jan 4, 2023
Linux anti-debugging and anti-analysis rust library

DebugOff Library Linux anti-analysis Rust library The goal of this library is to make both static and dynamic (debugging) analysis more difficult. The

null 65 Jan 7, 2023
Binary Analysis Framework in Rust

Welcome to Falcon Falcon is a formal binary analysis framework in Rust. Expression-based IL with strong influences from RREIL and Binary Ninja's LLIL.

Falcon Binary Analysis Framework 489 Dec 18, 2022
Finds imports that could be exploited, still requires manual analysis.

drv-vuln-scanner Vulnerable driver scanning tool for win64, put drivers to scan in drv/. Finds imports that could be exploited, still requires manual

selene 24 Dec 10, 2022
Rust-verification-tools - RVT is a collection of tools/libraries to support both static and dynamic verification of Rust programs.

Rust verification tools This is a collection of tools/libraries to support both static and dynamic verification of Rust programs. We see static verifi

null 253 Dec 31, 2022
irulescan is a static security analyzer for iRules

irulescan is a tool to scan iRules for unexpected/unsafe expressions that may have undesirable effects like double substitution.

Simon Kowallik 2 Dec 18, 2022
Rust library for building and running BPF/eBPF modules

RedBPF A Rust eBPF toolchain. Overview The redbpf project is a collection of tools and libraries to build eBPF programs using Rust. It includes: redbp

foniod 1.5k Jan 1, 2023
unfuck is a utility and library for deobfuscating obfuscated Python 2.7 bytecode

unfuck is a utility and library for deobfuscating obfuscated Python 2.7 bytecode. It is essentially a reimplementation of the Python VM with taint tracking.

Lander Brandt 171 Dec 14, 2022
Advanced Fuzzing Library - Slot your Fuzzer together in Rust! Scales across cores and machines. For Windows, Android, MacOS, Linux, no_std, ...

LibAFL, the fuzzer library. Advanced Fuzzing Library - Slot your own fuzzers together and extend their features using Rust. LibAFL is written and main

Advanced Fuzzing League ++ 1.2k Jan 6, 2023
Mundane is a Rust cryptography library backed by BoringSSL that is difficult to misuse, ergonomic, and performant (in that order).

Mundane Mundane is a Rust cryptography library backed by BoringSSL that is difficult to misuse, ergonomic, and performant (in that order). Issues and

Google 1.1k Jan 3, 2023
A rust library for sharing and updating arbitrary slices between threads, optimized for wait-free reads

atomicslice A Rust library for thread-safe shared slices that are just about as fast as possible to read while also being writable. Overview Use Atomi

Tim Straubinger 5 Dec 6, 2023
CVEs for the Rust standard library

Rust CVE Preface This is a list of CVEs for unsound APIs in the Rust standard library. These bugs break Rust's memory safety guarantee and lead to sec

Yechan Bae 26 Dec 4, 2022
Rust library for developing safe canisters.

IC Kit This library provides an alternative to ic-cdk that can help developers write canisters and unit test them in their Rust code. Install Add this

Psychedelic 26 Nov 28, 2022
QuickCheck bug hunting in Rust standard library data structures

BugHunt, Rust This project is aiming to provide "stateful" QuickCheck models for Rust's standard library. That is, we build up a random list of operat

Brian L. Troutwine 161 Dec 15, 2022
Cross-platform async library for system information fetching 🦀

heim Cross-platform library for system information fetching heim is an ongoing attempt to create the best tool for system information fetching (ex., C

null 782 Jan 2, 2023
A simple rust library for working with ZIP archives

rust-zip A simple rust library to read and write Zip archives, which is also my pet project for learning Rust. At the moment you can list the files in

Jorge Gorbe Moya 11 Aug 6, 2022
Memory hacking library for windows.

Memory hacking library for windows.

sy1ntexx 40 Jan 3, 2023
An attempt to rewrite lite-client for TON Blockchain in Rust using ton-labs-adnl library.

An attempt to rewrite lite-client for TON Blockchain in Rust using ton-labs-adnl library.

TonStack 4 Nov 9, 2022
Extended precision integer Rust library. Provides signed/unsigned integer 256 to 2048.

Extended precision integer Rust library. Provides signed/unsigned integer 256 to 2048.

Mohanson 4 Jul 28, 2022