Skip to content
/ rhabdomancer Public
forked from 0xdea/rhabdomancer

Vulnerability research assistant that locates all calls to potentially insecure API functions in a binary file.

hex-rays.com/ida-pro

License

MIT license
1 star 4 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

fdgnneig/rhabdomancer

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

104 Commits
.cargo
.cargo
 
 
.github/workflows
.github/workflows
 
 
conf
conf
 
 
docs
docs
 
 
src
src
 
 
tests
tests
 
 
.gitignore
.gitignore
 
 
CHANGELOG.md
CHANGELOG.md
 
 
Cargo.lock
Cargo.lock
 
 
Cargo.toml
Cargo.toml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
build.rs
build.rs
 
 

Repository files navigation

rhabdomancer

"The road to exploitable bugs is paved with unexploitable bugs."

-- Mark Dowd

Rhabdomancer is a blazing fast IDA Pro headless plugin that locates all calls to potentially insecure API functions in a binary file. Auditors can backtrace from these candidate points to find pathways allowing access from untrusted input.

Features

  • Blazing fast, headless user experience courtesy of IDA Pro and Binarly's idalib Rust bindings.
  • Support for C/C++ binary targets compiled for any architecture implemented by IDA Pro.
  • Bad API function call locations are printed to stdout and marked in the IDB.
  • Known bad API functions are grouped in tiers of badness to help prioritize the audit work.

Blog post

See also

Installing

The easiest way to get the latest release is via crates.io:

  1. Download, install, and configure IDA Pro (see https://hex-rays.com/ida-pro).
  2. Download and extract the IDA SDK (see https://docs.hex-rays.com/developer-guide).
  3. Install rhabdomancer as follows: 
    $ export IDASDKDIR=/path/to/idasdk90
$ cargo install rhabdomancer

Compiling

Alternatively, you can build the tool from source:

  1. Download, install, and configure IDA Pro (see https://hex-rays.com/ida-pro).
  2. Download and extract the IDA SDK (see https://docs.hex-rays.com/developer-guide).
  3. Compile rhabdomancer as follows: 
    $ git clone https://github.com/0xdea/rhabdomancer
$ cd rhabdomancer
$ export IDASDKDIR=/path/to/idasdk90 # or edit .cargo/config.toml
$ cargo build --release

Usage

  1. Make sure IDA Pro is properly configured with a valid license.
  2. Run rhabdomancer as follows: 
    $ rhabdomancer [binary file]
  3. Open the resulting .i64 IDB file with IDA Pro.
  4. Select View > Open subviews > Bookmarks
  5. Enjoy your results conveniently collected in an IDA Pro window.

Note: rhabdomancer also adds comments at marked call locations.

Tested with

  • IDA Pro 9.0.240925 on macOS arm64.

Changelog

TODO

About

Vulnerability research assistant that locates all calls to potentially insecure API functions in a binary file.

hex-rays.com/ida-pro

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Rust 100.0%