Xori is an automation-ready disassembly and static analysis library that consumes shellcode or PE binaries and provides triage analysis data.
Architectures:
What it doesn’t do yet:
Also Read – BoNeSi – The DDoS Botnet Simulator
Install rust for OSX & Linux Distros
curl https://sh.rustup.rs -sSf | sh
Install rust for Windows
First get the rustup.exe (the rust toolchain installer) from here.
This tool will install the rust compiler rustc, the rust package manager cargo and other usefull tools for development in rust.
in case you see this output, your Windows environment is missing the Build Tools for Visual Studio so keep reading, otherwise go here
choose the Visual C++ build tools & click “install”, close the “Visual Studio Installer” after the installation
Install rust toolchain
run the rustup.exe & you will see the following output
fter the successful installation you can see that the rust compiler rustc, rust package manager cargo and other tools were installed (under C:\Users\%username%\.cargo
& C:\Users\%username%\.rustup
)
Installation
Build Xori
This command will also create other binaries such as pesymbols ans peinfo.
git clone https://github.com/endgameinc/xori.git
cd xori
cargo build –release
Create xori.json config file
cp xori.json.example xori.json
[edit if desired]
(Optional) Build the symbols files
If you want to create your own symbol files you need to set the dll folders to where you stored your windows dlls.
“function_symbol32”: “./src/analysis/symbols/generated_user_syswow64.json”,
“function_symbol64”: “./src/analysis/symbols/generated_user_system32.json”,
“symbol_server”: {
“dll_folder32”: “./dlls/32bit”,
“dll_folder64”: “./dlls/64bit”
Run pesymbols to overwrite the function_symbol json
./target/release/pesymbols
Run
./target/release/xori -f test.exe
Run all tests
cargo test
Browser GUI
Chrome | Firefox | Safari | IE | Opera |
---|---|---|---|---|
Latest ✔ | Latest ✔ | Latest ✔ | x | Latest ✔ |
Requirements
nodejs
yarn (optional for UI dev)
Build
cd gui
npm install
Run
In one terminal
cd gui
node src/server.js
In another terminal
cd gui
npm start
It will open your default browser to http://localhost:3000/. The backend API is listening on localhost:5000.
Cybersecurity tools play a critical role in safeguarding digital assets, systems, and networks from malicious…
MODeflattener is a specialized tool designed to reverse OLLVM's control flow flattening obfuscation through static…
"My Awesome List" is a curated collection of tools, libraries, and resources spanning various domains…
CVE-2018-17463, a type confusion vulnerability in Chrome’s V8 JavaScript engine, allowed attackers to execute arbitrary…
The blog post "Chrome Browser Exploitation, Part 1: Introduction to V8 and JavaScript Internals" provides…
The exploitation of CVE-2018-17463, a type confusion vulnerability in Chrome’s V8 JavaScript engine, relies on…