Zeratool automates exploit generation for Capture The Flag (CTF) challenges, targeting buffer overflows and format string vulnerabilities. It assists security researchers and CTF players by automatically creating exploit payloads for remote code execution and flag capture.

How It Works

Zeratool leverages the angr symbolic execution framework to concolically analyze binaries. It hooks printf calls to identify and weaponize unconstrained program paths for remote code execution using pwntools. Recent versions (v2.2) incorporate remote libc leaking via buffer overflows, using puts or printf to extract GOT entries and query online databases for library offsets. It also supports basic ret2dlresolve chaining for 64-bit binaries and smart ROP chain generation for execve or system calls.

Quick Start & Requirements

• Install via pip: pip install zeratool
• Requires radare2 to be installed first.
• Tested on Ubuntu 16.04 through 20.04.
• Official examples are available in samples.sh.
• Tests can be run using tox ..

Highlighted Details

• Supports buffer overflows targeting win functions, shellcode, or ROP chains.
• ROP chains can leak libc functions and execute /bin/sh.
• Format string exploits can target GOT entries or win functions/shellcode.
• Includes functionality for remote libc leaking and ret2dlresolve.
• Demonstrates automatic solving of CTF problems in samples.sh.

Maintenance & Community

• No specific contributors, sponsorships, or community links (Discord/Slack, roadmap) are mentioned in the README.

Licensing & Compatibility

• The README does not explicitly state a license.

Limitations & Caveats

The project's README humorously notes that "Zeratool is held together by scotch tape and dreams," suggesting potential instability or limitations against certain binary types. Some exploits might require multiple runs.