Tweet
When vulnerabilities are disclosed, security teams face the task of developing exploits to identify compromised assets. Public exploits aren't always available, which is why teams scroll through hundreds of patches to identify the relevant one. Traditional methods like grepping might fasten the process, but mostly come out ineffective against modern codebases where context-aware analysis is required. We present PatchLeaks tool that transforms the messy patch analysis process into efficient vulnerability discovery. Unlike regex-based static analysis tools, it locates relevant patches with vulnerable code based on CVE id only, doesn't require any rules, has ability to identify logical vulnerabilities, and analyzes even corrupt files.
Demo website: pwn.az
Github repo: https://github.com/hatlesswizard/patchleaks
Demo website: pwn.az
Github repo: https://github.com/hatlesswizard/patchleaks