pip3 install frida-tools
Custom library injection
./neomorph.py -p 31337 -m inject -e libcustom.so -x entry_functionFunction interception
./neomorph.py -p 31337 -m intercept -e 0x13371337SSL interception
./neomorph.py -p 31337 -m intercept -e SSL_write
./neomorph.py -p 31337 -m intercept -e SSL_readRemote host SSL interception (package)
./neomorph.py -H 192.168.1.9:2313 -P org.mozilla.firefox -m intercept -e SSL_write -A 1 -s 10240 -O termCompile the program
gcc hello.c -o helloStart the program
./helloSpoof (string)
./neomorph.py -p 1337 -m spoof -e "0x7ffff7270eb0" -x "hack the planet"Spoof (hex)
./neomorph.py -p 1337 -m spoof -e "0x7ffff7270eb0" -x "68 61 63 6b 20 74 68 65 20 70 6c 61 6e 65 74 00"Spoof (mnemonic) - pip3 install capstone keystone
./neomorph.py -p 1337 -m spoof -e "0x7ffff7270eb0" -x "push r12; push r9; push r10; push rax; pop r12; pop rbx; push rax; mov eax, 0" -I asm -O asm./neomorph.py -p 1337 -j file.jsPattern search
./neomorph.py -p 1337 -m pattern -e "hello world"Dump on remote host
./neomorph.py -p 1337 -m dump -H 192.168.2.8:9443 -e "0x7f1ea3dbb683"Dump by pattern
./neomorph.py -p 1337 -m dump -e "hello world" -I patternDump by pattern (hex)
./neomorph.py -p 1337 -m dump -e "68 65 6c 6c 6f 20 77 6f 72 6c 64 21 21 21 21 00"Searching functions and disasm
./neomorph.py -p 1337 -m resolve -e freestyle
./neomorph.py -p 1337 -m dump -e 0x55fe33c87740 -O asmDumping functions
./neomorph.py -p 1337 -m dump -e freestyle -O asmExport enum
./neomorph.py -p 1337 -m export -e libssl.soExport enum with filter
./neomorph.py -p 1337 -m export -e libssl.so -x read