ROPGadget is a tool for security research and vulnerability exploitation. It lets you search binaries for
sequences of useful machine code instructions followed by a return statement ("gadgets"). If an exploit
can manipulate the callstack to point to a sequence of gadgets, the return statements will redirect the
program flow to execute the sequence ("return oriented programming"). By reusing existing code out of
context, an attacker can potentially circumvent security measures which prevent the execution of injected
code. ROPgadget supports ELF/PE/Mach-O format on x86, x64, ARM, PowerPC, SPARC and MIPS architectures.
The following options are available:
--binaryFILE
specify the executable to be analyzed
--opcodeOPCODES
Search for particular opcodes in executable sections
--stringSTRING
Search for a particular string in readable sections
--memstrSTRING
Search for each byte in readable sections
--depthDEPTH
Limit search depth for internal engine (default: 10)
--onlyKEY
Only show specific instructions
--filterKEY
Suppress specific instructions
--rangeSTART-END
Limit search to address range between START and END.
--badbytesBYTES
Reject specific bytes in the address of a gadget
--rawArchARCH
Specify architecture for raw binaries
--rawModeMODE
Specify mode for raw binaries
--reEXPR
Search for gadgets using the regular expression EXPR.
--offsetOFFSET
Add an offset to all gadget addresses
--ropchain
Enable ROP chain generation
--thumb
Use thumb mode for ARM architecture binaries
--console
Enable the interactive console for the search engine
--norop
Disable ROP search engine
--nojop
Disable JOP search engine
--nosys
Disable SYS search engine
--multibr
Enable multiple branch gadgets
--all Show all gadgets, even duplicates
--dump Output the gadget bytes
Install Now
