Top 7 Free WordPress Contact Form Plugins

Contact forms are a very important part of a website. So we all must have a contact form on our blog. Most of the WordPress themes now come with a dedicated contact form page. But many plugins still miss this. If you are using WordPress and do not know how to code a contact form […] More
The post Top 7 Free WordPress Contact Form Plugins appeared first on UseThisTip.

Link: http://feedproxy.google.com/~r/blogspot/csAFg/~3/HtLrna0m57A/wordpress-contact-form-plugins.html

Application News – Application Security Weekly #68

    WordPress Plugin WP Statistics Patches XSS Flaw, Three RCEs in Android’s Media framework, Nine Best Practices For Integrating Application Security Testing Into DevOps, 6 Traits That Define DevSecOps, and much more! News Bugs, Breaches, and More! WordPress Plugin WP Statistics Patches XSS Flaw Three RCEs in Android’s Media framework If you build it, […]
The post Application News – Application Security Weekly #68 appeared first on Security Weekly.

Link: http://feedproxy.google.com/~r/securityweekly/Lviv/~3/q6-Kj6tPGVI/

FLASHMINGO – Automatic Analysis Of SWF Files Based On Some Heuristics

Automatic Analysis Of SWF Files Based On Some Heuristics. Extensible Via Plugins.InstallInstall the Python (2.7) packages listed in requirements.txt.You can use the following command: pip install -r requirements.txtIf you want to use the decompilation functionality you need to install Jython. Ubuntu/Debian users can issue apt install jythonClone the project or download the zip file.WhatFLASHMINGO is an analysis framework for SWF files. The tool automatically triages suspicious Flash files and guides the further analysis process, freeing precious resources in your team. You can easily incorporate FLASHMINGO’s analysis modules into your workflow.WhyTo this day forensic investigators and malware analysts must deal with suspicious SWF files. If history repeats itself the security threat may even become bigger beyond Flash’s end of life in 2020. Systems will continue to support a legacy file format that is not going to be updated with security patches anymore. Automation is the best way to deal with this issue and this is where FLASHMINGO can help you. FLASHMINGO is an analysis framework to automatically process SWF files that enables you to flag suspicious Flash samples and analyze them with minimal effort. It integrates into various analysis workflows as a stand-alone application or a powerful library. Users can easily extend the tool’ s functionality via custom Python plugins.HowArchitectureFLASHMINGO is designed with simplicity in mind. It reads a SWF file and creates an object (SWFObject) representing its contents and structure. Afterwards FLASHMINGO runs a series of plugins acting on this SWFObject and returning their values to the main program.Below a mandatory ASCII art flow diagram: +———-+ | | +————+———–>+ PLUGIN 1 +————+ | | | | | | | +———-+ | | | | | | +———-+ | | | | | |+———+ | +———–>+ PLUGIN 2 +——–+ ||SWF FILE +———–>+ FLASHMINGO | | | | |+———+ | | +———-+ | | | | | | | | | | | | | | | | +—–v—v-+ | | | | | | | | +—–+——+————————->+ SWFOBJECT | ^ | | | | | | +—–+—–+ | | | | | | +—————————————+When using FLASHMINGO as a library in your own projects, you only need to take care of two kind of objects:one or many SWFObject(s), representing the sample(s)a Flashmingo object. This acts essentially as a harness connecting plugins and SWFObject(s).Plugins!FLASHMINGO plugins are stored in their own directories under… you guessed it: plugins When a Flashmingo object is instantiated, it goes through this directory and process all plugins’ manifests. Should this indicate that the plugin is active, this is registered for later use. At the code level, this means that a small plugin_info dictionary is added to the plugins list.Plugins are invoked via the run_plugin API with two arguments:the plugin’s namethe SWFObject instanceOptionally, most of the plugins allow you to pass your own user data. This is plugin dependent (read the documentation) and it can be more easily be explained with an example. The default plugin SuspiciousNames will search all constant pools for strings containing suspicious substrings (for example: ‘overflow’, ‘spray’, ‘shell’, etc.) There is a list of common substrings already hard-coded in the plugin so that it can be used as-is. However, you may pass a list of your own defined substrings, in this case via the names parameter.Code example:fm = Flashmingo()print fm.run_plugin(‘DangerousAPIs’, swf=swf)print fm.run_plugin(‘SuspiciousNames’, swf=swf, names=[‘spooky’])Default pluginsFLASHMINGO ships with some useful plugins out of the box:binary_datadangerous_apisdecompilersuspicious_constantssuspicious_loopssuspicious_namestemplate :)Extending FLASHMINGOA template plugin is provided for easy development. Extending FLASHMINGO is rather straightforward. Follow these simple steps:Copy the templateEdit the manifestOverride the run methodAdd your custom codeYou are ready to go :)FLASHMINGO as a libraryAPISee the docs directory for autogenerated documentationSee FireEye’s blog post for an exampleFront-endsConsoleCreate Documentation$ pip install sphinxcontrib-napoleonAfter setting up Sphinx to build your docs, enable napoleon in the Sphinx conf.py file:In conf.py, add napoleon to the extensions listextensions = [‘sphinxcontrib.napoleon’]Use sphinx-apidoc to build your API documentation:$ sphinx-apidoc -f -o docs/source projectdirThis creates .rst files for Sphinx to process$ make htmlThat’s it! :)Download Flashmingo

Link: http://feedproxy.google.com/~r/PentestTools/~3/ACw-482_MOc/flashmingo-automatic-analysis-of-swf.html

Darksplitz – Exploit Framework

This tools is continued from Nefix, DirsPy and Xmasspy project.InstallationWill work fine in the debian shade operating system, like Backbox, Ubuntu or Kali linux.$ git clone https://github.com/koboi137/darksplitz$ cd darksplitz/$ sudo ./install.shFeaturesExtract mikrotik credential (user.dat)Password generatorReverse IP lookupMac address snifferOnline md5 crackerMac address lookupCollecting url from web.archive.orgWeb backdoor (Dark Shell)Winbox exploit (CVE-2018-14847)ChimeyRed exploit for mipsbe (Mikrotik)Exploit web applicationMass apple dos (CVE-2018-4407)Libssh exploit (CVE-2018-10933)Discovering Mikrotik deviceDirectory scannerSubdomain scannerMac address scannerMac address pingerVhost scanner (bypass cloudflare)Mass bruteforce (wordpress)Interactive msfrpc clientExploit web applicationplUpload file uploadjQuery file upload (CVE-2018-9206)Laravel (.env)sftp-config.json (misc)Wordpress register (enable)elfinder file uploadDrupal 7 exploit (CVE-2018-7600)Drupal 8 exploit (CVE-2018-7600)com_fabrik exploit (joomla)gravityform plugin file upload (wordpress)geoplace3 plugin file upload (wordpress)peugeot-music plugin file upload (wordpress)NotesThis tool will work fine under root, because scapy module and other need root user to access more features. But you can run as user too in some features. ;)Download Darksplitz

Link: http://feedproxy.google.com/~r/PentestTools/~3/i5XdO5H76m8/darksplitz-exploit-framework.html

IDArling – Collaborative Reverse Engineering Plugin For IDA Pro & Hex-Rays

IDArling is a collaborative reverse engineering plugin for IDA Pro and Hex-Rays. It allows to synchronize in real-time the changes made to a database by multiple users, by connecting together different instances of IDA Pro.The main features of IDArling are:hooking general user eventsstructure and enumeration supportHex-Rays decompiler syncingreplay engine and auto-savingdatabase loading and savinginteractive status bar widgetuser cursors (instructions, functions, navbar)invite and following an user movesdedicated server using Qt5integrated server within IDALAN servers discoveryfollowing an user moves in real timeIf you have any questions not worthy of a bug report, feel free to ping us at #idarling on freenode and ask away.ReleasesThis project is under active development. Feel free to send a PR if you would like to help! :-)It is not really stable in its current state, please stayed tuned for a first release of the project!InstallationInstall the IDArling client into the IDA plugins folder.Copy idarling_plugin.py and the idarling folder to the IDA plugins folder.On Windows, the folder is at C:\Program Files\IDA 7.x\pluginsOn macOS, the folder is at /Applications/IDA\ Pro\ 7.x/idabin/pluginsOn Linux, the folder may be at ~/ida-7.x/plugins/Alternatively, you can use the “easy install" method by copying the following line into the console:import urllib2; exec(urllib2.urlopen(‘https://raw.githubusercontent.com/IDArlingTeam/IDArling/master/easy_install.py’)).read()Warning: The plugin is only compatible with IDA Pro 7.x on Windows, macOS, and Linux.The dedicated server requires PyQt5, which is integrated into IDA. If you’re using an external Python installation, we recommand using Python 3, which offers a pre-built package that can be installed with a simple pip install PyQt5.UsageOpen the Settings dialog accessible from the right-clicking the widget located in the status bar. Show the servers list by clicking on the Network Settings tabs and add your server to it. Connect to the server by clicking on it after right-clicking the widget again. Finally, you should be able to access the following menus to upload or download a database:- File –> Open from server- File –> Save to serverThanksThis project is inspired by Sol[IDA]rity. It started after contacting its authors and asking if it was ever going to be released to the public. Lighthouse source code was also carefully studied to understand how to write better IDA plugins.Previous plugins, namely CollabREate, IDASynergy, YaCo, were studied during the development process;The icons are edited and combined versions from the sites freeiconshop.com and www.iconsplace.com.Thanks to Quarkslab for allowing this release.AuthorsAlexandre Adamski Joffrey Guilbon <patate@idarling.re>Download IDArling

Link: http://feedproxy.google.com/~r/PentestTools/~3/iENP1YvFAOE/idarling-collaborative-reverse.html

Decker – Declarative Penetration Testing Orchestration Framework

Decker is a penetration testing orchestration framework. It leverages HashiCorp Configuration Language 2 (the same config language as Terraform) to allow declarative penetration testing as code, so your tests can be versioned, shared, reused, and collaborated on with your team or the community.Example of a decker config file:// variables are pulled from environment// ex: DECKER_TARGET_HOST// they will be available throughout the config files as var.*// ex: ${var.target_host}variable “target_host" { type = "string"}// resources refer to plugins// resources need unique names so plugins can be used more than once// they are declared with the form: ‘resource "plugin_name" "unique_name" {}’// their outputs will be available to others using the form unique_name.*// ex: nmap.443resource "nmap" "nmap" { host = "${var.target_host}" plugin_enabled = "true"}resource "sslscan" "sslscan" { host = "${var.target_host}" plugin_enabled = "${nmap.443 == "open"}"}Run a plugin for each item in a list:variable "target_host" { type = "string"}resource "nslookup" "nslookup" { dns_server = "8.8.4.4" host = "${var.target_host}"}resource "metasploit" "metasploit" { for_each = "${nslookup.ip_address}" exploit = "auxiliary/scanner/portscan/tcp" options = { RHOSTS = "${each.key}/32" INTERFACE = "eth0" }}Complex configuration combining for_each with nested values:variable "target_host" { type = "string"}resource "nslookup" "nslookup" { dns_server = "8.8.4.4" host = "${var.target_host}"}resource "nmap" "nmap" { for_each = "${nslookup.ip_address}" host = "${each.key}"}// for each IP, check if nmap found port 25 open.// if yes, run metasploit’s smtp_enum scannerresource "metasploit" "metasploit" { for_each = "${nslookup.ip_address}" exploit = "auxiliary/scanner/smtp/smtp_enum" options = { RHOSTS = "${each.key}" } plugin_enabled = "${nmap["${each.key}"].25 == "open"}"}Output formatsSeveral output formats are available and more than one can be selected at the same time.Setting DECKER_OUTPUTS_JSON or DECKER_OUTPUTS_XML to "true" will output json and xml formatted files respectively.Output .json files in addition to plain text: export DECKER_OUTPUTS_JSON="true"Output .xml files in addition to plain text: export DECKER_OUTPUTS_XML="true"Why the name decker?My friend Courtney came to the rescue when I was struggling to come up with a name and found decker in a SciFi word glossary… and it sounded cool.A future cracker; a software expert skilled at manipulating cyberspace, especially at circumventing security precautions.Running an example config with dockerTwo volumes are mounted:Directory named decker-reports where decker will output a file for each plugin executed. The file’s name will be {unique_resource_name}.report.txt.examples directory containing decker config files. Mounting this volume allows you to write configs locally using your favorite editor and still run them within the container.One environment variable is passed in:DECKER_TARGET_HOSTThis is referenced in the config files as {var.target_host}. Decker will loop through all environment variables named DECKER_*, stripping away the prefix and setting the rest to lowercase.docker run -it –rm \ -v "$(pwd)/decker-reports/":/tmp/reports/ \ -v "$(pwd)/examples/":/decker-config/ \ -e DECKER_TARGET_HOST=example.com \ stevenaldinger/decker:kali decker ./decker-config/example.hclWhen decker finishes running the config, look in ./decker-reports for the outputs.Running an example config without dockerYou’ll likely want to set the directory decker writes reports to with the DECKER_REPORTS_DIR environment variable.Something like this would be appropriate. Just make sure whatever you set it to is an existing directory.export DECKER_REPORTS_DIR="$HOME/decker-reports"You’ll also need to set a target host if you’re running one of the example config files.export DECKER_TARGET_HOST=""Then just run a config file. Change to the root directory of this repo and run:./decker ./examples/example.hclContributingContributions are very welcome and appreciated. See docs/contributions.md for guidelines.DevelopmentUsing docker for development is recommended for a smooth experience. This ensures all dependencies will be installed and ready to go.Refer to Directory Structure below for an overview of the go code.Quick Start(on host machine): make docker_build(on host machine): make docker_run (will start docker container and open an interactive bash session)(inside container): dep ensure -v(inside container): make build_all(inside container): make runInitialize git hooksRun make init to add a pre-commit script that will run linting and tests on each commit.Plugin DevelopmentDecker itself is just a framework that reads config files, determines dependencies in the config files, and runs plugins in an order that ensures plugins with dependencies on other plugins (output of one plugin being an input for another) run after the ones they depend on.The real power of decker comes from plugins. Developing a plugin can be as simple or as complex as you want it to be, as long as the end result is a .so file containing the compiled plugin code and a .hcl file in the same directory declaring the inputs the plugin is expecting a user to configure.The recommended way to get started with decker plugin development is by cloning the decker-plugin repository and following the steps in its documentation. It should only take you a few minutes to get a "Hello World" decker plugin running.Installing pluginsBy default, plugins are expected to be in a directory relative to wherever the decker binary is, at <decker binary>/internal/app/decker/plugins/<plugin name>/<plugin name>.so. Additional paths can be added by setting the DECKER_PLUGIN_DIRS environment variable. The default plugin path will still be used if DECKER_PLUGIN_DIRS is set.Example: export DECKER_PLUGIN_DIRS="/path/to/my/plugins:/additional/path/to/plugins"There should be an HCL file next to the .so file at <decker binary>/internal/app/decker/plugins/<plugin name>/<plugin name>.hcl that defines its inputs and outputs. Currently, only string, list, and map inputs are supported. Each input should have an input block that looks like this:input "my_input" { type = "string" default = "some default value"}Directory Structure.├── build│   ├── ci/│   └── package/├── cmd│   ├── decker│   │   └── main.go│   └── README.md├── deployments/├── docs/├── examples│   └── example.hcl├── githooks│   ├── pre-commit├── Gopkg.toml├── internal│   ├── app│   │   └── decker│   │   └── plugins│   │   ├── a2sv│   │   │   ├── a2sv.hcl│   │   │   ├── main.go│   │   │   └── README.md│   │   └── …│   │   ├── main.go│   │   ├── README.md│   │   └── xxx.hcl│   ├── pkg│   │   ├── dependencies/│   │   ├── gocty/│   │   ├── hcl/│   │   ├── paths/│   │   ├── plugins/│   │   └── reports/│   └── README.md├── LICENSE├── Makefile├── README.md└── scripts ├── build-plugins.sh └── README.mdcmd/decker/main.go is the driver. Its job is to parse a given config file, load the appropriate plugins based on the file’s resource blocks, and run the plugins with the specified inputs.examples has a couple example configurations to get you started with decker. If you use the kali docker image (stevenaldinger/decker:kali), all dependencies should be installed for all config files and things should run smoothly.internal/pkg is where most of the actual code is. It contains all the packages imported by main.go.dependencies is responsible for building the plugin dependency graph and returning a topologically sorted array that ensures plugins are run in a working order.gocty offers helpers for encoding and decoding go-cty values which are used to handle dynamic input types.hcl is responsible for parsing HCL files, including creating evaluation contexts that let blocks properly decode when they depend on other plugin blocks.paths is responsible for returning file paths for the decker binary, config files, plugin config files, and generated reports.plugins is responsible for determining if plugins are enabled and running them.reports is responsible for writing reports to the file system.internal/app/decker/plugins are modular pieces of code written as Golang plugins, implementing a simple interface that allows them to be loaded and called at run-time with inputs and outputs specified in the plugin’s config file (also in HCL). An example can be found at internal/app/decker/plugins/nslookup/nslookup.hcl.decker config files offer a declarative way to write penetration tests. The manifests are written in HashiCorp Configuration Language 2) and describe the set of plugins to be used in the test as well as their inputs.Download Decker

Link: http://feedproxy.google.com/~r/PentestTools/~3/v-JzhQO-i2Q/decker-declarative-penetration-testing.html

Ponce – IDA Plugin For Symbolic Execution Just One-Click Away!

Ponce (pronounced [ ‘poN θe ] pon-they ) is an IDA Pro plugin that provides users the ability to perform taint analysis and symbolic execution over binaries in an easy and intuitive fashion. With Ponce you are one click away from getting all the power from cutting edge symbolic execution. Entirely written in C/C++.Why?Symbolic execution is not a new concept in the security community. It has been around for years but it is not until the last couple of years that open source projects like Triton and Angr have been created to address this need. Despite the availability of these projects, end users are often left to implement specific use cases themselves.We addressed these needs by creating Ponce, an IDA plugin that implements symbolic execution and taint analysis within the most used disassembler/debugger for reverse engineers.InstallationPonce works with both x86 and x64 binaries in IDA 6.8 and IDA 6.9x. Installing the plugin is as simple as copying the appropiate files from the latest builds to the plugins\ folder in your IDA installation directory.IDA 7.0.Ponce has initial support of IDA 7.0 for both x86 and x64 binaries in Windows. The plugin named Ponce64.dll should be copied from the latest_builds to the plugins\ folder in your IDA installation directory. Starting from version 7.0, IDA64 should be used to work with both x86 and x64 binaries.Don’t forget to register Ponce in plugins.cfg located in the same folder by adding the following line:Ponce Ponce Ctrl+Shift+Z 0 WINOS SupportPonce works on Windows, Linux and OSX natively!Use casesExploit development: Ponce can help you create an exploit in a far more efficient manner as the exploit developer may easily see what parts of memory and which registers you control, as well as possible addresses which can be leveraged as ROP gadgets.Malware Analysis: Another use of Ponce is related to malware code. Analyzing the commands a particular family of malware supports is easily determined by symbolizing a simple known command and negating all the conditions where the command is being checked.Protocol Reversing: One of the most interesting Ponce uses is the possibility of recognizing required magic numbers, headers or even entire protocols for controlled user input. For instance, Ponce can help you to list all the accepted arguments for a given command line binary or extract the file format required for a specific file parser.CTF: Ponce speeds up the process of reverse engineer binaries during CTFs. As Ponce is totally integrated into IDA you don’t need to worry about setup timing. It’s ready to be used!The plugin will automatically run, guiding you through the initial configuration the first time it is run. The configuration will be saved to a configuration file so you won’t have to worry about the config window again.Use modesTainting engine: This engine is used to determine at every step of the binary’s execution which parts of memory and registers are controllable by the user input.Symbolic engine: This engine maintains a symbolic state of registers and part of memory at each step in a binary’s execution path.ExamplesUse symbolic execution to solve a crackMeHere we can see the use of the symbolic engine and how we can solve constrains:Passing simple aaaaa as argument.We first select the symbolic engine.We convert to symbolic the memory pointed by argv[1] (aaaaa)Identify the symbolic condition that make us win and solve it.Test the solution. The crackme source code can be found hereNegate and inject a conditionIn the next gif we can see the use of automatic tainting and how we can negate a condition and inject it in memory while debugging:We select the symbolic engine and set the option to symbolize argv.We identify the condition that needs to be satisfied to win the crackMe.We negate an inject the solution everytime a byte of our input is checked against the key.Finally we get the key elite that has been injected in memory and therefore reach the Win code. The crackme source code can be found hereUsing the tainting engine to track user controlled inputIn this example we can see the use of the tainting engine with cmake. We are:Passing a file as argument to cmake to have him parsing it.We select we want to use the tainting engineWe taint the buffer that “`fread()““ reads from the file.We resume the execution under the debugger control to see where the taint input is moved to.Ponce will rename the tainted functions. These are the functions that somehow the user has influence on, not the simply executed functions.Use Negate, Inject & RestoreIn the next example we are using the snapshot engine:Passing a file as argument.We select we want to use the symbolic engine.We taint the buffer that “`fread()““ reads from the file.We create a snapshot in the function that parses the buffer read from the file.When a condition is evaluated we negate it, inject the solution in memory and restore the snapshot with it.The solution will be “valid" so we will satisfy the existent conditions. The example source code can be found hereUsageIn this section we will list the different Ponce options as well as keyboard shortcuts:Access the configuration and taint/symbolic windows: Edit > Ponce > Show Config (Ctl+Shift+P and Ctl+Alt+T)Enable/Disable Ponce tracing (Ctl+Shift+E)Symbolize/taint a register (Ctl+Shift+R)Symbolize/taint memory. Can be done from the IDA View or the Hex View (Ctl+Shift+M)Solve formula (Ctl+Shift+S)Negate & Inject (Ctl+Shift+N)Negate, Inject & Restore Snaphot (Ctl+Shift+I)Create Execution Snapshot (Ctl+Shift+C)Restore Execution Snapshot (Ctl+Shift+S)Delete Execution Snapshot (Ctl+Shift+D)Execute Native (Ctl+Shift+F9)##Triton Ponce relies on the Triton framework to provide semantics, taint analysis and symbolic execution. Triton is an awesome Open Source project sponsored by Quarkslab and maintained mainly by Jonathan Salwan with a rich library. We would like to thank and endorse Jonathan’s work with Triton. You rock! :)BuildingWe provide compiled binaries for Ponce, but if you want to build your own plugin you can do so using Visual Studio 2013. We tried to make the building process as easy as possible:Clone the project with submodules: git clone –recursive https://github.com/illera88/PonceProject.gitOpen Build\PonceBuild\Ponce.sln: The project configuration is ready to use the includes and libraries shipped with the project that reside in external-libs\.The VS project has a Post-Build Event that will move the created binary plugin to the IDA plugin folder for you. copy /Y $(TargetPath) "C:\Program Files (x86)\IDA 6.9\plugins". NOTE: use your IDA installation path.The project has 4 build configurations:x86ReleaseStatic: will create the 32 bits version statically linking every third party library into a whole large plugin file.x86ReleaseZ3dyn: will create the 32 bits version statically linking every third party library but z3.lib.x64ReleaseStatic: will create the 64 bits version statically linking every third party library into a whole large plugin file.x64ReleaseZ3dyn: will create the 64 bits version statically linking every third party library but z3.lib.The static version of z3.lib is ~ 1.1Gb and the linking time is considerable. That’s the main reason why we have a building version that uses z3 dynamically (as a dll). If you are using z3 dynamically don’t forget to copy the libz3.dll file into the IDA’s directory.If you want to build Triton for linux or MacOsX check this file: https://github.com/illera88/Ponce/tree/master/builds/PonceBuild/nix/README.mdFAQWhy the name of Ponce?Juan Ponce de León (1474 – July 1521) was a Spanish explorer and conquistador. He discovered Florida in the United States. The IDA plugin will help you discover, explore and hopefully conquer the different paths in a binary.Can Ponce be used to analyze Windows, OS X and Linux binaries?Yes, you can natively use Ponce in IDA for Windows or remotely attach to a Linux or OS X box and use it. In the next Ponce version we will natively support Ponce for Linux and OS X IDA versions.How many instructions per second can handle Ponce?In our tests we reach to process 3000 instructions per second. We plan to use the PIN tracer IDA offers to increase the speed.Something is not working!Open an issue, we will solve it ASAP ;)I love your project! Can I collaborate?Sure! Please do pull requests and work in the opened issues. We will pay you in beers for help ;)LimitationsConcolic execution and Ponce have some problems:Symbolic memory load/write: When the index used to read a memory value is symbolic like in x = aray[symbolic_index] some problems arise that could lead on the loose of track of the tainted/symbolized user controled input.Triton doesn’t work very well with floating point instructions.AuthorsAlberto Garcia Illera (@algillera) alberto.garcia@salesforce.comFrancisco Oca (@francisco_oca) foca@salesforce.comDownload Ponce

Link: http://feedproxy.google.com/~r/PentestTools/~3/rD4UX2khHlQ/ponce-ida-plugin-for-symbolic-execution.html