ant4g0nist/lisa.py ant4g0nist/lisa.py

  • Stars
    star
    671
  • Rank 67,266 (Top 2 %)
  • Language
    Python
  • License
    Apache License 2.0
  • Created almost 10 years ago
  • Updated almost 3 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
ant4g0nist/lisa.py
github

ant4g0nist

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

- An Exploit Dev Swiss Army Knife.

lisa.py

- An Exploit Dev Swiss Army Knife.

Commands

  aslr      - View/modify ASLR setting of target.
  checksec  - Display the security properties of the current executable
  context   - Display context of given thread or selected thread by default. Usage: 'context all' or 'context 1'
  csdis     - Disassemble buffer at a given pointer using Capstone
  exploitable -- Check if the current exception context is exploitable
  man       - Full Instruction Reference Plugin (idaref)
  pbt       - Pretty print backtrace
  pmem      - Visualize memory at a given address and size
  pstack    - Visualize stack for a given frame or selected frame by default
  rmem      - Hexdump memory at a given address and size
  rr        - Display registers for a given thread and frame or selected thread and selected frame by default
  rstack    - Hexdump stack for a given frame or selected frame by default
  show_header -- Dump Mach-O headers
  show_lc   - Dump Load Commands from Mach-O

Commands in Detail

aslr

  • View/modify ASLR setting of target.
(lisa:>) help aslr 
View/modify ASLR setting of target.  Expects 'raw' input (see 'help raw-input'.)

Syntax: aslr
View/modify ASLR setting of target.

Arguments:
  <on/off>; Enable/Disable ASLR. Usage: aslr on

Syntax: aslr <on/off>

This command is implemented as ASLRCommand

aslr.png

checksec

  • Display the security properties of the current executable
(lisa:>) help checksec 
Display the security properties of the current executable  Expects 'raw' input (see 'help raw-input'.)

Syntax: checksec
Display the security properties of the current executable

Arguments:
  <macho>; Type: str; Path to mach-o binary. Usage: checksec /usr/bin/qlmanage

Syntax: checksec <macho>

This command is implemented as ChecksecCommand

checksec.png

context

  • Display context of given thread or selected thread by default. Usage: 'context all' or 'context 1'
(lisa:>) help context 
Display context of given thread or selected thread by default. Usage: 'context all' or 'context 1'  Expects 'raw' input (see 'help raw-input'.)

Syntax: context
Display context of given thread or selected thread by default. Usage: 'context all' or 'context 1'

Arguments:
  <thread>; Type: int; thread id or all.

Syntax: context <thread>

This command is implemented as ContextCommand

context.png

csdis

  • Disassemble buffer at a given pointer using Capstone
(lisa:>) help csdis 
Disassemble buffer at a given pointer using Capstone  Expects 'raw' input (see 'help raw-input'.)

Syntax: csdis
Disassemble buffer at a given pointer using Capstone

Arguments:
  <pointer>; Type: int; Pointer to buffer to disassemble
  <length>; Type: int; length of buffer to disassemble

Syntax: csdis <pointer> <length>

This command is implemented as CapstoneDisassembleCommand

csdis.png

exploitable

  • Check if the current exception context is exploitable
(lisa:>) help exploitable 
Check if the current exception context is exploitable  Expects 'raw' input (see 'help raw-input'.)

Syntax: exploitable
Check if the current exception context is exploitable

Arguments:
  <thread_id>; Type: int; ID of the exception thread. Uses selected thread by default

Syntax: exploitable <thread_id>

This command is implemented as ExploitableCommand

exploitable.png

man

  • Full Instruction Reference Plugin
(lisa:>) help man
Full Instruction Reference Plugin  Expects 'raw' input (see 'help raw-input'.)

Syntax: man
Full Instruction Reference Plugin

Arguments:
  <instruction>; Type: str; instruction to search
  <arch>; Type: str; Architecture of the instruction. By default, uses Arch of selected target.

Syntax: man <instruction> <arch>

This command is implemented as InstructionManualCommand

man.png

pbt

  • Pretty print backtrace
(lisa:>) help pbt
Pretty print backtrace  Expects 'raw' input (see 'help raw-input'.)

Syntax: pbt
Pretty print backtrace

Syntax: pbt

This command is implemented as PrettyBacktraceCommand

pbt.png

pmem

  • Visualize memory at a given address and size
(lisa:>) help pmem
Visualize memory at a given address and size  Expects 'raw' input (see 'help raw-input'.)

Syntax: pmem
Visualize memory at a given address and size

Arguments:
  <address>; Type: int; start of memory to display
  <size>; Type: int; size of memory to display

Syntax: pmem <address> <size>

This command is implemented as DisplayMemoryCommand

pmem.png

pstack

  • Visualize stack for a given frame or selected frame by default
(lisa:>) help pstack
Visualize stack for a given frame or selected frame by default  Expects 'raw' input (see 'help raw-input'.)

Syntax: pstack
Visualize stack for a given frame or selected frame by default

Arguments:
  <size>; Type: int; stack size to display
  <frame>; Type: int; frame id
  <thread>; Type: int; thread id

Syntax: pstack <size> <frame> <thread>

This command is implemented as DisplayStackCommand

pstack.png

rmem

  • Hexdump memory at a given address and size
(lisa:>) help rmem
Hexdump memory at a given address and size  Expects 'raw' input (see 'help raw-input'.)

Syntax: rmem
Hexdump memory at a given address and size

Arguments:
  <address>; Type: int; start of memory to display
  <size>; Type: int; size of memory to display

Syntax: rmem <address> <size>

This command is implemented as ReadMemoryCommand

rmem.png

rstack

  • Hexdump stack for a given frame or selected frame by default
(lisa:>) help rstack
Hexdump stack for a given frame or selected frame by default  Expects 'raw' input (see 'help raw-input'.)

Syntax: rstack
Hexdump stack for a given frame or selected frame by default

Arguments:
  <size>; Type: int; stack size to display
  <frame>; Type: int; frame id
  <thread>; Type: int; thread id

Syntax: rstack <size> <frame> <thread>

This command is implemented as DumpStackCommand

rstack.png

show_header

  • Dump Mach-O headers
(lisa:>) help show_header
Dump Mach-O headers  Expects 'raw' input (see 'help raw-input'.)

Syntax: show_header
Dump Mach-O headers

Arguments:
  <macho>; Type: str; Path to mach-o binary. Usage: show_header /usr/bin/qlmanage or macho

Syntax: show_header <macho>

This command is implemented as DisplayMachoHeaderCommand

show_header.png

show_lc

  • Dump Load Commands from Mach-O
(lisa:>) help show_lc
Dump Load Commands from Mach-O  Expects 'raw' input (see 'help raw-input'.)

Syntax: show_lc
Dump Load Commands from Mach-O

Arguments:
  <macho>; Type: str; Path to mach-o binary. Usage: show_lc /usr/bin/qlmanage or macho

Syntax: show_lc <macho>

This command is implemented as DisplayMachoLoadCmdCommand

show_lc.png

TODO

  • Update instruction manual
  • Add more ARM64 testcases to test exploitable command

Credits

More Repositories

1

Susanoo

A REST API security testing framework.
Python
324
star
2

Vulnerable-Kext

A WIP "Vulnerable by Design" kext for iOS/macOS to play & learn *OS kernel exploitation
C
230
star
3

vegvisir

A browser based GUI for **LLDB** Debugger.
JavaScript
198
star
4

rudroid

Rudroid - Writing the World's worst Android Emulator in Rust πŸ¦€
Rust
146
star
5

ManuFuzzer

Binary code-coverage fuzzer for macOS, based on libFuzzer and LLVM
Objective-C++
145
star
6

polar

A LLDB plugin which brings LLMs to LLDB
Python
124
star
7

Sloth

Sloth πŸ¦₯ is a coverage guided fuzzing framework for fuzzing Android Native libraries that makes use of libFuzzer and QEMU user-mode emulation
C++
118
star
8

decompiler

RetDec plugin for LLDB. RetDec is a retargetable machine-code decompiler based on LLVM.
C++
63
star
9

crashmon

crashmon - A LLDB Based replacement for CrashWrangler
C++
46
star
10

webgl-fuzzer

WebGL fuzzer
JavaScript
37
star
11

chinstrap

A development environment, testing framework, and origination pipeline focused solely on Tezos
Python
34
star
12

crashwrangler

Apple's crashwrangler with support for Apple Silicon
C
29
star
13

fuzzing-pdfs-like-its-1990s

Python
26
star
14

ManuCombi

Mutates and generates files with all possible combinations of fuzzed bytes in the file.
Python
10
star
15

gLLDB

Very Basic gui for LLDB, serves as example for usage of pyobjc
Python
6
star
16

fuzzing.science

ant4g0nist's blog
JavaScript
5
star
17

tzktpy

Autogenerated Python SDK for TzKT API
Python
5
star
18

chinfuzz

Tezos smart contract fuzzer
Python
4
star
19

chronometry

Chronometry, a transparent and cryptographically verifiable proof-of-hack signature store
Go
3
star
20

hackfi-labs

Solidity
3
star
21

SecureSons

Modules for developing Secure Smart contract for Tezos in SmartPy
Python
2
star
22

vertigo-foundry-sample

Test project to test Foundry support for Vertigo
Solidity
1
star
23

ChinToken

A sample FA1.2 Token setup with Chinstrap to learn how to create, test and deploy Tezos smart contracts
Python
1
star