Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

aeondave/ropgadget

Name: ropgadget
Author: aeondave

offensive-tools/rev/ropgadget/SKILL.md

npx skillsauth add aeondave/malskill ropgadget

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

ROPgadget

Fast gadget discovery for exploit development and mitigations-aware binary triage.

When to use ROPgadget

Use ROPgadget when you need to:

enumerate pop, ret, pivot, syscall, or call-oriented gadgets
filter gadgets around bad-byte, depth, or architecture constraints
get a fast first-pass view before building a manual chain
compare gadget availability across the main binary and loaded libraries

Quick Start

# Basic gadget dump
ROPgadget --binary ./chall

# Common x86-64 stack-control gadgets
ROPgadget --binary ./chall --only "pop|ret"

# Try automatic chain generation when the target is simple
ROPgadget --binary ./chall --ropchain

High-Value Workflows

Focus on useful gadget families

ROPgadget --binary ./chall --only "pop|ret"
ROPgadget --binary ./chall --only "syscall|sysenter|int 0x80"
ROPgadget --binary libc.so.6 --only "mov|call|jmp"

Reduce noisy results

ROPgadget --binary ./chall --depth 6
ROPgadget --binary ./chall --badbytes "00|0a|0d"
ROPgadget --binary ./chall --range 0x400000-0x401000

Cross-check a suspected pivot area

ROPgadget --binary ./chall --only "leave|xchg|add rsp|sub rsp|ret"

Practical Notes

Treat --ropchain as a convenience feature, not a proof of exploitability.
Build from ABI requirements first, then search for the minimum gadget set that satisfies them.
Re-verify gadget addresses after PIE/libc-base calculations; static addresses are rarely the final story.
Pair with one-gadget for libc post-leak options and with gdb for runtime validation.

Caveats

Gadget quality still needs human review for side effects, clobbers, and alignment.
Very noisy binaries benefit from tighter --only, --range, or smaller depth settings.
CET, Shadow Stack, CFG, or tight seccomp policies can make a nice gadget list operationally irrelevant.

Resources

No bundled scripts/, references/, or assets/. Use the upstream README for architecture support, output formats, and advanced filters.

aeondave/ropgadget

offensive-tools/rev/ropgadget/SKILL.md

Auth/lab ref: gadget discovery utility for ELF, PE, Mach-O, and raw binaries.

4 stars

tools

Updated Jun 8, 2026

$ install --global

skillsauth

npx skillsauth add aeondave/malskill ropgadget

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: Jun 8, 2026, 4:02 AM106.4s1 file scanned

SKILL.md

name:: ropgadget
description:: Auth/lab ref: gadget discovery utility for ELF, PE, Mach-O, and raw binaries.
compatibility:: Linux, macOS, Windows; Python 3.
author:: AeonDave
version:: 1.0

ROPgadget

Fast gadget discovery for exploit development and mitigations-aware binary triage.

When to use ROPgadget

Use ROPgadget when you need to:

enumerate pop, ret, pivot, syscall, or call-oriented gadgets
filter gadgets around bad-byte, depth, or architecture constraints
get a fast first-pass view before building a manual chain
compare gadget availability across the main binary and loaded libraries

Quick Start

# Basic gadget dump
ROPgadget --binary ./chall

# Common x86-64 stack-control gadgets
ROPgadget --binary ./chall --only "pop|ret"

# Try automatic chain generation when the target is simple
ROPgadget --binary ./chall --ropchain

High-Value Workflows

Focus on useful gadget families

ROPgadget --binary ./chall --only "pop|ret"
ROPgadget --binary ./chall --only "syscall|sysenter|int 0x80"
ROPgadget --binary libc.so.6 --only "mov|call|jmp"

Reduce noisy results

ROPgadget --binary ./chall --depth 6
ROPgadget --binary ./chall --badbytes "00|0a|0d"
ROPgadget --binary ./chall --range 0x400000-0x401000

Cross-check a suspected pivot area

ROPgadget --binary ./chall --only "leave|xchg|add rsp|sub rsp|ret"

Practical Notes

Treat --ropchain as a convenience feature, not a proof of exploitability.
Build from ABI requirements first, then search for the minimum gadget set that satisfies them.
Re-verify gadget addresses after PIE/libc-base calculations; static addresses are rarely the final story.
Pair with one-gadget for libc post-leak options and with gdb for runtime validation.

Caveats

Gadget quality still needs human review for side effects, clobbers, and alignment.
Very noisy binaries benefit from tighter --only, --range, or smaller depth settings.
CET, Shadow Stack, CFG, or tight seccomp policies can make a nice gadget list operationally irrelevant.

Resources

No bundled scripts/, references/, or assets/. Use the upstream README for architecture support, output formats, and advanced filters.

Related Skills

aeondave/vibe-audit-technique

development

VerifiedTrustedCommunity

White-box auditing methodology for AI-generated ('vibe-coded') applications. Focuses on modern stack misconfigurations (Supabase, Next.js, Vercel).

4SKILL.mdUpdated Jun 12, 2026

aeondave/vibe-audit-technique

aeondave/source-review-technique

development

VerifiedTrustedCommunity

Hybrid AI/Deterministic SAST methodology for discovering zero-day vulnerabilities in source code. Orchestrates structural search with AI-driven data flow and sink validation.

4SKILL.mdUpdated Jun 12, 2026

aeondave/source-review-technique

aeondave/hardware-technique

development

VerifiedTrustedCommunity

Auth assessment: hardware/embedded methodology; UART/JTAG/SWD/SPI/I2C, firmware extraction, boot/debug paths, embedded OS evidence.

4SKILL.mdUpdated Jun 12, 2026

aeondave/hardware-technique

aeondave/container-technique

devops

VerifiedTrustedCommunity

Container methodology: Identifying containerization limits, Docker/K8s misconfigurations, and executing escapes to the host node.

4SKILL.mdUpdated Jun 12, 2026

aeondave/container-technique

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/aeondave/malskill.git

# Copy into Claude Code skills folder (global)
cp -r malskill/offensive-tools/rev/ropgadget ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

aeondave/malskill

4 stars

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT