A comprehensive toolkit for analyzing and automating heap grooming strategies for modern browser allocators like Chrome's PartitionAlloc.
- Infer slot sizes, alignment, freelist structure, and bucket boundaries
- Detect reuse patterns from allocations and deallocations
- Fingerprint PartitionAlloc's behavior across Chrome versions
- Generate optimized JS code for heap spraying
- Create defragmentation sequences
- Prime freelists with specific object shapes
- Analyze potential target objects after simulated bugs
- Classify allocations into "spray candidates," "harmless," or "dangerous"
- Build allocation → overwrite → hijackable field graphs
- Auto-generate allocation patterns
- Create deallocation sequences
- Define trigger conditions
- Visualize allocator state evolution
- Track per-bucket freelist changes
- Log snapshots with diff view
- Define simulated bugs (overflow, UAF, etc.)
- Recommend candidate objects
- Generate grooming sequences
- Suggest fake object layouts
- Clone the repository:
git clone https://github.com/yourusername/heap_groomer.git
cd heap_groomer- Create a virtual environment:
python -m venv venv
source venv/bin/activate # On Windows: venv\Scripts\activate- Install dependencies:
pip install -r requirements.txtThe toolkit provides several command-line options:
python src/main.py [options]
Options:
--analyze Analyze allocator behavior
--spray Generate heap spray
--freelist Analyze freelist
--strategy Generate grooming strategy
--visualize Visualize heap state
--bug Analyze bug scenario- Analyze allocator behavior:
python src/main.py --analyze- Generate heap spray:
python src/main.py --spray
# Enter size, count, and object type when prompted- Analyze freelist:
python src/main.py --freelist
# Enter target size when prompted- Generate grooming strategy:
python src/main.py --strategy
# Enter target size and type when prompted- Visualize heap state:
python src/main.py --visualize- Analyze bug scenario:
python src/main.py --bug
# Enter bug type, size, and offset when promptedheap_groomer/
├── src/
│ ├── allocator/
│ │ └── analyzer.py
│ ├── js/
│ │ └── heap_manipulator.py
│ ├── analysis/
│ │ └── freelist_analyzer.py
│ ├── strategy/
│ │ └── generator.py
│ ├── visualization/
│ │ └── heap_viewer.py
│ ├── bug_mode/
│ │ └── analyzer.py
│ └── main.py
├── tests/
├── requirements.txt
└── README.md
- Python 3.10+
- matplotlib
- numpy
- playwright
- textual
- pydantic
- rich
- networkx
- pytest
- black
- mypy
- pytest-cov
- Fork the repository
- Create a feature branch
- Commit your changes
- Push to the branch
- Create a Pull Request
This project is licensed under the MIT License - see the LICENSE file for details.
This toolkit is for educational and research purposes only. Do not use it for malicious purposes or against systems you don't own or have permission to test.