├── .gitattributes ├── README.md ├── .gitignore └── pattern_tools.py /.gitattributes: -------------------------------------------------------------------------------- 1 | # Auto detect text files and perform LF normalization 2 | * text=auto 3 | 4 | # Custom for Visual Studio 5 | *.cs diff=csharp 6 | 7 | # Standard to msysgit 8 | *.doc diff=astextplain 9 | *.DOC diff=astextplain 10 | *.docx diff=astextplain 11 | *.DOCX diff=astextplain 12 | *.dot diff=astextplain 13 | *.DOT diff=astextplain 14 | *.pdf diff=astextplain 15 | *.PDF diff=astextplain 16 | *.rtf diff=astextplain 17 | *.RTF diff=astextplain 18 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | These are Metasploit's pattern tools (pattern_create and pattern_offset) modified to work as imports for exploit scripts in Python. 2 | 3 | ```Python 4 | import pattern_tools 5 | 6 | print pattern_tools.pattern_create(1000) 7 | """Pattern prints out here""" 8 | 9 | print pattern_tools.pattern_offset('0x69413269') 10 | """prints [*] Exact match at offset 247""" 11 | ``` 12 | Arguments for relevant functions are: 13 | `pattern_create(length, set_a, set_b, set_c)` 14 | 15 | Where length is the length of the pattern, and sets a through c are character sets to use in pattern generation(optional) 16 | The pattern is returned as a string object. 17 | 18 | `pattern_offset(value, length)` 19 | 20 | Where value is the string in hex you want to find, and length is the pattern length to search through (default = 8192) 21 | TODO: Partial matching, reverse endianness 22 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Byte-compiled / optimized / DLL files 2 | __pycache__/ 3 | *.py[cod] 4 | 5 | # C extensions 6 | *.so 7 | 8 | # Distribution / packaging 9 | .Python 10 | env/ 11 | build/ 12 | develop-eggs/ 13 | dist/ 14 | downloads/ 15 | eggs/ 16 | lib/ 17 | lib64/ 18 | parts/ 19 | sdist/ 20 | var/ 21 | *.egg-info/ 22 | .installed.cfg 23 | *.egg 24 | 25 | # PyInstaller 26 | # Usually these files are written by a python script from a template 27 | # before PyInstaller builds the exe, so as to inject date/other infos into it. 28 | *.manifest 29 | *.spec 30 | 31 | # Installer logs 32 | pip-log.txt 33 | pip-delete-this-directory.txt 34 | 35 | # Unit test / coverage reports 36 | htmlcov/ 37 | .tox/ 38 | .coverage 39 | .cache 40 | nosetests.xml 41 | coverage.xml 42 | 43 | # Translations 44 | *.mo 45 | *.pot 46 | 47 | # Django stuff: 48 | *.log 49 | 50 | # Sphinx documentation 51 | docs/_build/ 52 | 53 | # PyBuilder 54 | target/ 55 | 56 | # ========================= 57 | # Operating System Files 58 | # ========================= 59 | 60 | # OSX 61 | # ========================= 62 | 63 | .DS_Store 64 | .AppleDouble 65 | .LSOverride 66 | 67 | # Thumbnails 68 | ._* 69 | 70 | # Files that might appear on external disk 71 | .Spotlight-V100 72 | .Trashes 73 | 74 | # Directories potentially created on remote AFP share 75 | .AppleDB 76 | .AppleDesktop 77 | Network Trash Folder 78 | Temporary Items 79 | .apdisk 80 | 81 | # Windows 82 | # ========================= 83 | 84 | # Windows image file caches 85 | Thumbs.db 86 | ehthumbs.db 87 | 88 | # Folder config file 89 | Desktop.ini 90 | 91 | # Recycle Bin used on file shares 92 | $RECYCLE.BIN/ 93 | 94 | # Windows Installer files 95 | *.cab 96 | *.msi 97 | *.msm 98 | *.msp 99 | 100 | # Windows shortcuts 101 | *.lnk 102 | -------------------------------------------------------------------------------- /pattern_tools.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | ##pattern_create original description################### 4 | # Author: phillips321 5 | # Site: www.phillips321.co.uk 6 | # Version 0.1 7 | # Credits: metasploit project 8 | # About: Replicates msf pattern_create.rb 9 | ######################################################## 10 | # Author: jbertman (nok0) - Modified for use in exploit scripts, patterns are returned as strings 11 | 12 | ##pattern_offset######################################## 13 | # Author: jbertman (nok0) 14 | # Version 0.1 15 | # Credits: Metasploit project 16 | # About: Replicates msf pattern_offset.rb 17 | ######################################################## 18 | 19 | import sys, struct 20 | 21 | def pattern_create(length, set_a=None, set_b=None, set_c=None): 22 | if not isinstance(length, int): 23 | raise Exception('[-] Length must be an integer') 24 | sys.exit(1) 25 | 26 | if not set_a: seta="ABCDEFGHIJKLMNOPQRSTUVWXYZ" 27 | if not set_b: setb="abcdefghijklmnopqrstuvwxyz" 28 | if not set_c: setc="0123456789" 29 | 30 | string="" ; a=0 ; b=0 ; c=0 31 | 32 | while len(string) < length: 33 | if not set_a and not set_b and not set_c: 34 | string += seta[a] + setb[b] + setc[c] 35 | c+=1 36 | if c == len(setc):c=0;b+=1 37 | if b == len(setb):b=0;a+=1 38 | if a == len(seta):a=0 39 | elif set_a and not set_b and not set_c: 40 | raise Exception('[-] Error, cannot work with just one set!') 41 | sys.exit(1) 42 | elif set_a and set_b and not set_c: 43 | string += seta[a] + setb[b] 44 | b+=1 45 | if b == len(setb):b=0;a+=1 46 | if a == len(seta):a=0 47 | elif set_a and set_b and set_c: 48 | string += seta[a] + setb[b] + setc[c] 49 | c+=1 50 | if c == len(setc):c=0;b+=1 51 | if b == len(setb):b=0;a+=1 52 | if a == len(seta):a=0 53 | else: 54 | raise Exception('[-] Input error, please check your parameters') 55 | sys.exit(1) 56 | 57 | return string[:length] 58 | 59 | 60 | def pattern_offset(value, length=8192): 61 | if len(value) >= 8 and int(value, 16) > 0: 62 | value = int(value, 16) 63 | elif len(value) == 4: 64 | value = struct.unpack('L',buf[off:4])[0] 88 | print '[+] Possible match at offset %i (adjusted [ little-endian: %s | big-endian: %s ] ) byte offset %i' % (off, str(mle), str(mbe), idx) 89 | found = True 90 | 91 | if found == True: 92 | sys.exit(0) 93 | 94 | for idx in range(2): 95 | for c in range(65535): 96 | nvb = struct.pack('L',buf[off:4])[0] 103 | print '[+] Possible match at offset %i (adjusted [ little-endian: %s | big-endian: %s ] ) byte offset %i' % (off, str(mle), str(mbe), idx) 104 | found = True 105 | """ 106 | while offset != -1: 107 | return "[*] Exact match at offset %i" % (offset) 108 | offset = buf.find(struct.pack('