Git Product home page Git Product logo

vulnscan's Introduction

All data is bad, stay safe with vulnscan

vulnscan is a static binary vulnerablity scanner. It could be used to detect if target executable files contain any known vulnerability, that potentially comes from popular 3rd party libraries in use.

This tool is designed to be cross-platformed. It could be compiled and run on both Windows and Linux. Also it could be used to scan Windows executables and Linux executables. The currently supported scan targets include:

Windows executables: exe dll

Linux executables: elf

Download

Download vulnscan version 0.1 from here

How to run this tool

vulnscan [path to target binary file]
vulnscan [path to target folder]

The output would be like:

C:\Users\peter\github\vulnscan\build\Release>vulnscan.exe vulnscan.exe
vulnscan (v0.1) - A static binary vulnerability scanner
Visit http://vulnscan.us/ for more details
Scanning ===> vulnscan.exe
......
No symbols available for the module.
Image name: vulnscan.exe
Loaded image name: C:\Users\peter\github\vulnscan\build\Release\vulnscan.exe
Line numbers: Not available
Global symbols: Not available
Type information: Not available
Source indexing: No
Public symbols: Not available
No more code to scan
Couldn't get next function


==================================================
Scan Summary
--------------------------------------------------
Total to scan:  1
Successfully scanned:   1
Vulnerability found:    1
--------------------------------------------------
Detailed Report
--------------------------------------------------
vulnscan.exe - Found vulnerability:

CVE-2018-1000122 (confidence : median)

==================================================

How does it work

vulnscan is consisted of 2 types of scan engine, the string scanner and disassembly scanner.

String scanner looks through all human readable strings in the target file and match them against predefined signatures of each known vulnerability.

Disassembly scanner uses capstone to disassemble the whole code section of target file. By examining the call sequence pattern of the potential vulnerable functions, it would be able to tell if those functions contains certain known vulnerabilities or not.

For developers, visit its github repo

How to build on Linux

mkdir build
cd build
cmake ..
make

How to build on Windows

mkdir build
cd 
cmake ..

Then open the solution vulnscan.sln and build project vulnscan

vulnscan's People

Contributors

zhutoulala avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.