Pentest Tools

Published on March 11th, 2016 📆 | 3846 Views ⚑

0

Binmap — System Scanner


iSpeech

 Binmap is a system scanner; it takes a system or system image and walks through all files, looking for programs and libraries and collecting various information such as dependencies, symbols etc. It supports ELF and PE formats.

binmap builds a database of hashes and informations for systems. One of the goal is to provide a kind of warehouse with the database for several systems, and update the databases to track the systems as they evolve. This is very useful when one wants to diff not only a binary but systems as a whole, to see what binaries have changed, which are new or removed. The files produced by binmap could be piped to gpg to ensure some kind of authentication and integrity of the various databases.

[adsense size='1']

System Scanner: Binmap Installation

The following packages are needed:

  • cmake
  • g++
  • libboost-python1.55-dev
  • libboost-system1.55-dev
  • libboost-program-options1.55-dev
  • libboost-filesystem1.55-dev
  • libboost-regex1.55-dev
  • libboost-serialization1.55-dev
  • zlib1g-dev
  • libssl-dev
  • libelfg0-dev

Run:

$ mkdir _build
$ cd _build
$ cmake ..
$ make
$ make install

 

Windows

You need Visual Studio installed & ready. Then:

  1. Install cmake (https://www.cmake.org/cmake/resources/software.html) and make sure it’s in your path.
  2. Get zlib (https://www.zlib.net/)
  3. Get boost (get precompiled binaries https://boost.teeks99.com/)

Then run something like the following:

$ cmake -DBoost_DEBUG=ON -G "Visual Studio 12" -DBoost_USE_STATIC_LIBS=ON -DBOOST_ROOT=D:\Programming\Libraries\boost_1_55_0 -DBOOST_LIBRARYDIR=D:\Programming\Libraries\boost_1_55_0\lib32-msvc-12.0 -DZLIB_LIBRARY=D:\Programming\Libraries\zlib-1.2.8 -DZLIB_INCLUDE_DIR=D:\Programming\Libraries\zlib-1.2.8

[adsense size='1']

Usage

Using binmap is a two step process:

  1. Scan a directory, for instance:
    $ ./binmap scan -v1 /usr/local -o local.dat
    

    or, if you want to scan an extracted file system and only include references to this chroot:

    $ ./binmap scan -v1 --chroot ./extracted_fs -o local.dat
    

    This creates a database containing informations about the binaries that lie in this directory.

  2. Dump the database to the dot format:
    $ ./binmap view -i local.dat -o local.dot
    

    or inspect the database using the Python API described below.

 

Source && Download

https://github.com/quarkslab/binmap



Leave a Reply

Your email address will not be published.