gopwn

Golang CTF framework and exploit development module

This module is strictly for educational purposes only. Usage of the methods and tools for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable laws. Developers assume no liability and are not responsible for any misuse or damage caused by this module.

⚠️ This is experimental and subject to breaking changes.

Usage

package main

import (
  "bytes"
  "fmt"

  "github.com/hupe1980/gopwn"
)

func main() {
  p, _ := gopwn.NewProcess([]string{"./ctfbinary"})
  p.SendLine(append(bytes.Repeat([]byte("A"), 200), gopwn.P32L(0xdeadbeef)...))
  out, _ := p.RecvLine()
  fmt.Println(string(out))
}

Packing Integers

//32Bit LittelEndian
b := gopwn.P32L(0xdeadbeef)
assert.Equal(t, []byte("\xef\xbe\xad\xde"), b) // true
i := gopwn.U32L([]byte("\xef\xbe\xad\xde"))
assert.Equal(t, uint32(0xdeadbeef), i) // true

Assembly and Disassembly

insn, _ := gopwn.AssembleI386("mov eax, 0")
fmt.Println(gopwn.HexString(insn))

Outputs:

b800000000

assembly, _ := gopwn.DisamI386([]byte("\xb8\x5d\x00\x00\x00"), 0)
fmt.Println(assembly)

Outputs:

0x0           b8 5d 00 00 00                mov eax, 0x5d

Misc Tools

Generate unique sequences to find offsets in your buffer causing a crash:

assert.Equal(t, []byte("aaaabaaacaaadaaa"), gopwn.Cyclic(16)) // true
assert.Equal(t, 4, gopwn.CyclicFind([]byte("baaa")) // true

Binary Analysis and Manipulation

elf, _ := gopwn.NewELF("./ctfbinary")

pe, _ := gopwn.NewPE("./ctfbinary.exe")

macho, _ := gopwn.NewMACHO("./ctfbinary")

Documentation

See godoc.

Examples

See more complete examples.

CLI

gopwn command-line interface

Usage:
  gopwn [command]

Available Commands:
  cave        Search for code caves
  checksec    Check binary security settings
  completion  Prints shell autocompletion scripts for gopwn
  cyclic      Generation of unique sequences
  help        Help about any command

Flags:
  -h, --help      help for gopwn
  -v, --version   version for gopwn

Use "gopwn [command] --help" for more information about a command.

Installing

You can install the pre-compiled binary in several different ways

deb/rpm/apk:

Download the .deb, .rpm or .apk from the releases page and install them with the appropriate tools.

manually:

Download the pre-compiled binaries from the releases page and copy to the desired location.

License

MIT

Name		Name	Last commit message	Last commit date
Latest commit History 50 Commits
.github/workflows		.github/workflows
_examples/strings		_examples/strings
cmd		cmd
scripts		scripts
shellcode		shellcode
testdata		testdata
tube		tube
.gitignore		.gitignore
.goreleaser.yml		.goreleaser.yml
LICENSE		LICENSE
Makefile		Makefile
README.md		README.md
Vagrantfile		Vagrantfile
asm.go		asm.go
asm_test.go		asm_test.go
binary.go		binary.go
cyclic.go		cyclic.go
cyclic_test.go		cyclic_test.go
elf.go		elf.go
elf_test.go		elf_test.go
env.go		env.go
go.mod		go.mod
go.sum		go.sum
gopwn.go		gopwn.go
macho.go		macho.go
macho_test.go		macho_test.go
misc.go		misc.go
misc_test.go		misc_test.go
packing.go		packing.go
packing_test.go		packing_test.go
pe.go		pe.go
rop.go		rop.go
web.go		web.go
web_test.go		web_test.go

License

hupe1980/gopwn

Folders and files

Latest commit

History

Repository files navigation

gopwn

Usage

Packing Integers

Assembly and Disassembly

Misc Tools

Binary Analysis and Manipulation

Documentation

Examples

CLI

Installing

deb/rpm/apk:

manually:

License

About

Topics

Resources

License

Stars

Watchers

Forks

Languages