NAME

       ROPgadget - search executables for exploitable ROP gadgets

SYNOPSIS

       ROPgadget [--binary FILE] [options]

DESCRIPTION

       ROPGadget  is  a  tool  for  security research and vulnerability exploitation. It lets you
       search binaries for sequences of useful machine code instructions  followed  by  a  return
       statement  ("gadgets").  If an exploit can manipulate the callstack to point to a sequence
       of gadgets, the return statements will redirect the program flow to execute  the  sequence
       ("return  oriented programming"). By reusing existing code out of context, an attacker can
       potentially circumvent security measures which prevent the  execution  of  injected  code.
       ROPgadget  supports  ELF/PE/Mach-O  format  on  x86,  x64,  ARM,  PowerPC,  SPARC and MIPS
       architectures.

       The following options are available:

       --binary FILE
              specify the executable to be analyzed

       --opcode OPCODES
              Search for particular opcodes in executable sections

       --string STRING
              Search for a particular string in readable sections

       --memstr STRING
              Search for each byte in readable sections

       --depth DEPTH
              Limit search depth for internal engine (default: 10)

       --only KEY
              Only show specific instructions

       --filter KEY
              Suppress specific instructions

       --range START-END
              Limit search to address range between START and END.

       --badbytes BYTES
              Reject specific bytes in the address of a gadget

       --rawArch ARCH
              Specify architecture for raw binaries

       --rawMode MODE
              Specify mode for raw binaries

       --re EXPR
              Search for gadgets using the regular expression EXPR.

       --offsetOFFSET
              Add an offset to all gadget addresses

       --ropchain
              Enable ROP chain generation

       --thumb
              Use thumb mode for ARM architecture binaries

       --console
              Enable the interactive console for the search engine

       --norop
              Disable ROP search engine

       --nojop
              Disable JOP search engine

       --nosys
              Disable SYS search engine

       --multibr
              Enable multiple branch gadgets

       --all  Show all gadgets, even duplicates

       --dump Output the gadget bytes

AUTHOR

       This manual page was  written  for  Debian  by  Timo  Röhling  and  may  be  used  without
       restriction.

                                                                                     ROPGADGET(1)