In the new edition of Phrack, number 64, is an article on how to find exploits faster. It is only to bad that the article on the Full-Disclosure website doesn't have the source code, but it is out on the internet somewhere.
Quote from the article:
Direct link to article: http://lists.grok.org.uk/pipermail/f...ay/063595.htmlIn this article, we will discuss the design of an engine for automated vulnerability analysis of binary programs. The source code of the Chevarista static analyzer is given at the end of this document.
The purpose of this paper is not to disclose 0day vulnerability, but to understand how it is possible to find them without (or with restricted) human intervention. However, we will not friendly print the result of our automated auditing on predefined binaries : instead we will always take generic examples of the most common difficulties encountered when auditing such programs.
Our goal is to enlight the underground community about writing your own static analyzer and not to be profitful for security companies or any profit oriented organization.
Instead of going straight to the results of the proposed implementation, we may introduce the domain of program analysis, without going deeply in the theory (which can go very formal), but taking the perspective of a who is tired of focusing on a specific exploit problem and want to investigate until which automatic extend it is possible to find vulnerabilities and generate an exploit code for it without human intervention.
Chevarista hasnt reached its goal of being this completely automated tool, however it shows the path to implement incrementally such tool with a genericity that makes it capable of finding any definable kind of vulnerability.
Direct link to Phrack website: http://phrack.org/issues.html?issue=64&id=8#article
/re-edit done to add Phrack website