one_gadget/bin/one_gadget

#!/usr/bun/env ruby
require 'one_gadget'
require 'optionparser'

options = { raw: false }
usage = 'Usage: one_gadget [file] [options]'
parser = OptionParser.new do |opts|
  opts.banner = usage

  opts.on('-b', '--build-id BuildID', 'BuildID[sha1] of libc.') do |b|
    options[:build_id] = b
  end

  opts.on('-f', '--[no-]force-file', 'Force search gadgets in file instead of build id first.') do |b|
    options[:force_file] = b
  end

  opts.on('-r', '--[no-]raw', 'Output gadgets offset only, split with one space.') do |v|
    options[:raw] = v
  end

  opts.on('-s', '--script exploit-script', 'Run exploit script with all possible gadgets.',
          'The script will be run as \'exploit-script $offset\'.') do |script|
    options[:script] = script
  end
end
parser.parse!

def execute(script, offset)
  pid = fork do
    exec([script, offset.to_s].join(' '))
  end
  Process.wait pid
end

if options[:build_id]
  gadgets = OneGadget.gadgets(build_id: options[:build_id], details: true)
elsif ARGV[0]
  gadgets = OneGadget.gadgets(file: ARGV[0], details: true, force_file: options[:force_file])
else
  puts parser.help
  exit(1)
end

extend OneGadget::Helper::ClassMethods
if options[:script]
  gadgets.map(&:offset).each do |offset|
    OneGadget::Logger.info("Trying #{colorize(format('0x%x', offset), sev: :integer)}...\n")
    execute(options[:script], offset)
  end
  exit(0)
end

if options[:raw]
  puts gadgets.map(&:offset).join(' ')
else
  puts gadgets.map(&:inspect).join("\n")
end