diff --git a/bin/original/passbook b/bin/original/passbook
new file mode 100755
index 0000000000000000000000000000000000000000..10282cc2a6119fd2f6c06df724778eab4ae05ab7
Binary files /dev/null and b/bin/original/passbook differ
diff --git a/bin/original/passbook-cov b/bin/original/passbook-cov
new file mode 100755
index 0000000000000000000000000000000000000000..6a86ca5d8a729fae7c8eb02afd0a959bde3e683e
Binary files /dev/null and b/bin/original/passbook-cov differ
diff --git a/bin/original/passbook-fuzz b/bin/original/passbook-fuzz
new file mode 100755
index 0000000000000000000000000000000000000000..d91ce7cd1261b850298496c99bf9c2bc24daeb8d
Binary files /dev/null and b/bin/original/passbook-fuzz differ
diff --git a/bin/original/passbook-san b/bin/original/passbook-san
new file mode 100755
index 0000000000000000000000000000000000000000..8af41c61fe5f0a099fcbf3389b5f0fd4cd610668
Binary files /dev/null and b/bin/original/passbook-san differ
diff --git a/bin/vuln-1/passbook b/bin/vuln-1/passbook
new file mode 100755
index 0000000000000000000000000000000000000000..a4130f7ec318412609cedf658802ae6a3ea78283
Binary files /dev/null and b/bin/vuln-1/passbook differ
diff --git a/bin/vuln-1/passbook-cov b/bin/vuln-1/passbook-cov
new file mode 100755
index 0000000000000000000000000000000000000000..32dfa19699b5f89ca88420c3a5fd03c7c09082e1
Binary files /dev/null and b/bin/vuln-1/passbook-cov differ
diff --git a/bin/vuln-1/passbook-fuzz b/bin/vuln-1/passbook-fuzz
new file mode 100755
index 0000000000000000000000000000000000000000..dd4076548f1b9ade9ede682e9b7e9ee8515a01e8
Binary files /dev/null and b/bin/vuln-1/passbook-fuzz differ
diff --git a/bin/vuln-1/passbook-san b/bin/vuln-1/passbook-san
new file mode 100755
index 0000000000000000000000000000000000000000..d836fd639fb0793f75eebc071413010e27946d5f
Binary files /dev/null and b/bin/vuln-1/passbook-san differ
diff --git a/bin/vuln-2/passbook b/bin/vuln-2/passbook
new file mode 100755
index 0000000000000000000000000000000000000000..c65f44138fd3a28f8584228dbb78c68286961f04
Binary files /dev/null and b/bin/vuln-2/passbook differ
diff --git a/bin/vuln-2/passbook-cov b/bin/vuln-2/passbook-cov
new file mode 100755
index 0000000000000000000000000000000000000000..96a6cd22188e8d87ad38299ca4033a5fa04ab23f
Binary files /dev/null and b/bin/vuln-2/passbook-cov differ
diff --git a/bin/vuln-2/passbook-fuzz b/bin/vuln-2/passbook-fuzz
new file mode 100755
index 0000000000000000000000000000000000000000..0832637697c03e2cfc2644bdfe4e4b9ae47780c3
Binary files /dev/null and b/bin/vuln-2/passbook-fuzz differ
diff --git a/bin/vuln-2/passbook-san b/bin/vuln-2/passbook-san
new file mode 100755
index 0000000000000000000000000000000000000000..a1994d570085eb0f1eee0e5b6defff8e3faf517e
Binary files /dev/null and b/bin/vuln-2/passbook-san differ
diff --git a/bin/vuln-3/passbook b/bin/vuln-3/passbook
new file mode 100755
index 0000000000000000000000000000000000000000..2ae6c0e09b01187be57628cdbc4c4baa194904d8
Binary files /dev/null and b/bin/vuln-3/passbook differ
diff --git a/bin/vuln-3/passbook-cov b/bin/vuln-3/passbook-cov
new file mode 100755
index 0000000000000000000000000000000000000000..43c61bfce653a73f92da88a773291d6511949e84
Binary files /dev/null and b/bin/vuln-3/passbook-cov differ
diff --git a/bin/vuln-3/passbook-fuzz b/bin/vuln-3/passbook-fuzz
new file mode 100755
index 0000000000000000000000000000000000000000..092317eba79d2645082aea92092e4a277e16de9e
Binary files /dev/null and b/bin/vuln-3/passbook-fuzz differ
diff --git a/bin/vuln-3/passbook-san b/bin/vuln-3/passbook-san
new file mode 100755
index 0000000000000000000000000000000000000000..53665c7b0b5317063be201f4f20aa04b85708c93
Binary files /dev/null and b/bin/vuln-3/passbook-san differ
diff --git a/bin/vuln-4/passbook b/bin/vuln-4/passbook
new file mode 100755
index 0000000000000000000000000000000000000000..fc68d715cefb5b8c14e72934de500357e18f521e
Binary files /dev/null and b/bin/vuln-4/passbook differ
diff --git a/bin/vuln-4/passbook-cov b/bin/vuln-4/passbook-cov
new file mode 100755
index 0000000000000000000000000000000000000000..af5497c1a13bc93234f42a61865c78a6915c0912
Binary files /dev/null and b/bin/vuln-4/passbook-cov differ
diff --git a/bin/vuln-4/passbook-fuzz b/bin/vuln-4/passbook-fuzz
new file mode 100755
index 0000000000000000000000000000000000000000..0e23f9159d38e92ebe7cfdb7d9f6ca9c262cf8cf
Binary files /dev/null and b/bin/vuln-4/passbook-fuzz differ
diff --git a/bin/vuln-4/passbook-san b/bin/vuln-4/passbook-san
new file mode 100755
index 0000000000000000000000000000000000000000..cbdc6db37ab41e4f557475a9d17281b84a61c062
Binary files /dev/null and b/bin/vuln-4/passbook-san differ
diff --git a/bin/vuln-5/passbook b/bin/vuln-5/passbook
new file mode 100755
index 0000000000000000000000000000000000000000..35d72055f828fb21c0315325c51ff2993c12cb33
Binary files /dev/null and b/bin/vuln-5/passbook differ
diff --git a/bin/vuln-5/passbook-cov b/bin/vuln-5/passbook-cov
new file mode 100755
index 0000000000000000000000000000000000000000..b567d40a5bbd5f735fd2b83ea090a54fc13b3f05
Binary files /dev/null and b/bin/vuln-5/passbook-cov differ
diff --git a/bin/vuln-5/passbook-fuzz b/bin/vuln-5/passbook-fuzz
new file mode 100755
index 0000000000000000000000000000000000000000..696bf756e35a56b80a713d069cc0c3e4aff4038f
Binary files /dev/null and b/bin/vuln-5/passbook-fuzz differ
diff --git a/bin/vuln-5/passbook-san b/bin/vuln-5/passbook-san
new file mode 100755
index 0000000000000000000000000000000000000000..d453e75ecb0272f12301b981a2dc9b6cde75d84d
Binary files /dev/null and b/bin/vuln-5/passbook-san differ
diff --git a/rmate b/rmate
new file mode 100644
index 0000000000000000000000000000000000000000..908e2f63c457e7f1563a11f288ca2acd03696849
--- /dev/null
+++ b/rmate
@@ -0,0 +1,432 @@
+te
+# Copyright (C) 2011-2019 by Harald Lapp <harald@octris.org>
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+#
+# This script can be found at:
+# https://github.com/aurora/rmate
+#
+
+#
+# This script is a pure bash compatible shell script implementing remote
+# textmate functionality
+#
+
+#
+# Thanks very much to all users and contributors! All bug-reports,
+# feature-requests, patches, etc. are greatly appreciated! :-)
+#
+
+# init
+#
+version="1.0.2"
+version_date="2019-04-08"
+version_string="rmate-sh $version ($version_date)"
+
+# determine hostname
+function hostname_command(){
+    if command -v hostname >/dev/null 2>&1; then
+        echo "hostname"
+    else {
+        HOSTNAME_DESCRIPTOR="/proc/sys/kernel/hostname"
+        if test -r "$HOSTNAME_DESCRIPTOR"; then
+            echo "cat $HOSTNAME_DESCRIPTOR"
+        else
+            echo "hostname"
+        fi
+        }
+    fi
+}
+
+hostname=$($(hostname_command))
+
+# default configuration
+host=localhost
+port=52698
+eval home=$(builtin printf "~%q" "${SUDO_USER:-$LOGNAME}")
+
+function load_config {
+    local rc_file=$1
+    local row
+
+    local host_pattern="^host(:[[:space:]]+|=)([^ ]+)"
+    local port_pattern="^port(:[[:space:]]+|=)([0-9]+)"
+
+    if [ -f "$rc_file" ]; then
+        while read -r row; do
+            if [[ "$row" =~ $host_pattern ]]; then
+                host=${BASH_REMATCH[2]}
+            elif [[ "$row" =~ $port_pattern ]]; then
+                port=${BASH_REMATCH[2]}
+            fi
+        done < "$rc_file"
+    fi
+}
+
+for i in "/etc/${0##*/}" $home/."${0##*/}/${0##*/}.rc" $home/."${0##*/}.rc"; do
+    load_config $i
+done
+
+host="${RMATE_HOST:-$host}"
+port="${RMATE_PORT:-$port}"
+
+
+# misc initialization
+filepaths=()
+displaynames=()
+selections=()
+filetypes=()
+verbose=false
+nowait=true
+force=false
+
+# process command-line parameters
+#
+function showusage {
+    echo "usage: $(basename $0) [arguments] [--] file-path  edit specified file
+   or: $(basename $0) [arguments] -          read text from stdin
+
+-H, --host HOST  Connect to HOST. Use 'auto' to detect the host from
+                 SSH. Defaults to $host.
+-p, --port PORT  Port number to use for connection. Defaults to $port.
+-w, --[no-]wait  Wait for file to be closed by TextMate.
+-l, --line LINE  Place caret on line number after loading file.
++N               Alias for --line, if N is a number (eg.: +5).
+-m, --name NAME  The display name shown in TextMate.
+-t, --type TYPE  Treat file as having specified type.
+-n, --new        Open in a new window (Sublime Text).
+-f, --force      Open even if file is not writable.
+-v, --verbose    Verbose logging messages.
+-h, --help       Display this usage information.
+    --version    Show version and exit.
+"
+}
+
+function log {
+    if [[ $verbose = true ]]; then
+        echo "$@" 1>&2
+    fi
+}
+
+function dirpath {
+    (cd "$(dirname "$1")" >/dev/null 2>/dev/null || { echo "unable to cd to $1 directory" 1>&2; exit; } ; pwd -P)
+}
+
+function resolvepath {
+    local filepath="$1"
+    local directory
+
+    while [ -L "$filepath" ]; do
+        directory="$(cd -P "$(dirname "$filepath")" && pwd)"
+        filepath="$(readlink "$filepath")"
+
+        if [[ "${filepath:0:1}" != "/" ]]; then
+            filepath="$directory/$filepath"
+        fi
+    done
+
+    echo "$filepath"
+}
+
+function canonicalize {
+    local filepath="$1"
+    local relativepath
+    local result
+
+    if [[ "${filepath:0:1}" = "-" ]]; then
+        filepath="./$filepath"
+    fi
+
+    local dir=$(dirpath "$filepath")
+
+    if [ -L "$filepath" ]; then
+        relativepath=$(cd "$dir" || { echo "unable to cd to $dir" 1>&2; exit; } ; resolvepath "$(basename "$filepath")")
+        result=$(dirpath "$relativepath")/$(basename "$relativepath")
+    else
+        result=$(basename "$filepath")
+        if [ "$dir" = '/' ]; then
+            result="$dir$result"
+        else
+            result="$dir/$result"
+        fi
+    fi
+
+    echo "$result"
+}
+
+while [[ "$1" != "" ]]; do
+    case $1 in
+        -)
+            filepaths+=("-")
+            ;;
+        --)
+            shift
+            break
+            ;;
+        -H|--host)
+            host=$2
+            shift
+            ;;
+        -p|--port)
+            port=$2
+            shift
+            ;;
+        -w|--wait)
+            nowait=false
+            ;;
+        --no-wait)
+            nowait=true
+            ;;
+        -l|--line)
+            selections+=($2)
+            shift
+            ;;
+        -m|--name)
+            displaynames+=($2)
+            shift
+            ;;
+        -t|--type)
+            filetypes+=($2)
+            shift
+            ;;
+        -n|--new)
+            new=true
+            ;;
+        -f|--force)
+            force=true
+            ;;
+        -v|--verbose)
+            verbose=true
+            ;;
+        --version)
+            echo "$version_string"
+            exit 0
+            ;;
+        -h|-\?|--help)
+            showusage
+            exit 0
+            ;;
+        +[0-9][0-9]*)
+            selections+=(${1:1})
+            ;;
+        *)
+            if [[ "${1:0:1}" = "-" ]]; then
+                showusage
+                exit 1
+            else
+                filepaths+=("$1")
+            fi
+            ;;
+    esac
+
+    shift
+done
+
+if [[ "$host" = "auto" && "$SSH_CONNECTION" != "" ]]; then
+    host=${SSH_CONNECTION%% *}
+fi
+
+filepaths=("${filepaths[@]}" "$@")
+
+if [ "${filepaths[*]}" = "" ]; then
+    if [[ $nowait = false ]]; then
+        filepaths=('-')
+    else
+        case "$-" in
+            *i*)
+                showusage
+                exit 1
+                ;;
+            *)
+                filepaths=('-')
+                ;;
+        esac
+    fi
+fi
+
+
+#------------------------------------------------------------
+# main
+#------------------------------------------------------------
+
+function open_file {
+    local index="$1"
+    local filepath="${filepaths[$index]}"
+    local selection="${selections[$index]}"
+    local filetype="${filetypes[$index]}"
+    local displayname="${displaynames[$index]}"
+    local realpath
+    local data
+
+    if [ "$filepath" != "-" ]; then
+        realpath=$(canonicalize "$filepath")
+        log "$realpath"
+
+        if [ -d "$filepath" ]; then
+            echo "$filepath is a directory and rmate is unable to handle directories."
+            exit 1
+        fi
+
+        if [ -f "$realpath" ] && [ ! -w "$realpath" ]; then
+            if [[ $force = false ]]; then
+                echo "File $filepath is not writable! Use -f to open anyway."
+                exit 1
+            elif [[ $verbose = true ]]; then
+                log "File $filepath is not writable! Opening anyway."
+            fi
+        fi
+
+        if [ "$displayname" = "" ]; then
+            displayname="$hostname:$filepath"
+        fi
+    else
+        displayname="$hostname:untitled"
+    fi
+
+    echo "open" 1>&3
+    echo "display-name: $displayname" 1>&3
+    echo "real-path: $realpath" 1>&3
+    echo "data-on-save: yes" 1>&3
+    echo "re-activate: yes" 1>&3
+    echo "token: $filepath" 1>&3
+
+    if [[ $new = true ]]; then
+        echo "new: yes"  1>&3
+    fi
+
+    if [ "$selection" != "" ]; then
+        echo "selection: $selection" 1>&3
+    fi
+
+    if [ "$filetype" != "" ]; then
+        echo "file-type: $filetype" 1>&3
+    fi
+
+    if [ "$filepath" != "-" ] && [ -f "$filepath" ]; then
+        filesize=$(($(wc -c <"$realpath")))
+        echo "data: $filesize" 1>&3
+        cat "$realpath" 1>&3
+    elif [ "$filepath" = "-" ]; then
+        if [ -t 0 ]; then
+            echo "Reading from stdin, press ^D to stop"
+        else
+            log "Reading from stdin"
+        fi
+
+        # preserve trailing newlines
+        data=$(cat; echo x)
+        data=${data%x}
+        filesize=$(($(echo -ne "$data" | wc -c)))
+        echo "data: $filesize" 1>&3
+        echo -n "$data" 1>&3
+    else
+        echo "data: 0" 1>&3
+    fi
+
+    echo 1>&3
+}
+
+function handle_connection {
+    local cmd
+    local name
+    local value
+    local token
+    local tmp
+    local content
+
+    while read -r 0<&3; do
+        REPLY="${REPLY#"${REPLY%%[![:space:]]*}"}"
+        REPLY="${REPLY%"${REPLY##*[![:space:]]}"}"
+
+        cmd=$REPLY
+
+        token=""
+        tmp=""
+
+        while read -r 0<&3; do
+            REPLY="${REPLY#"${REPLY%%[![:space:]]*}"}"
+            REPLY="${REPLY%"${REPLY##*[![:space:]]}"}"
+
+            if [ "$REPLY" = "" ]; then
+                break
+            fi
+
+            name="${REPLY%%:*}"
+            value="${REPLY##*:}"
+            value="${value#"${value%%[![:space:]]*}"}"      # fix textmate syntax highlighting: "
+
+            case $name in
+                "token")
+                    token=$value
+                    ;;
+                "data")
+                    if [ "$tmp" = "" ]; then
+                        tmp="/tmp/rmate.$RANDOM.$$"
+                        touch "$tmp"
+                    fi
+
+                    dd bs=1 count=$value <&3 >>"$tmp" 2>/dev/null
+                    ;;
+                *)
+                    ;;
+            esac
+        done
+
+        if [[ "$cmd" = "close" ]]; then
+            log "Closing $token"
+            if [[ "$token" == "-" ]]; then
+                echo -n "$content"
+            fi
+        elif [[ "$cmd" = "save" ]]; then
+            log "Saving $token"
+            if [ "$token" != "-" ]; then
+                cat "$tmp" > "$token"
+            else
+                content=$(cat "$tmp")
+            fi
+            rm "$tmp"
+        fi
+    done
+
+    log "Done"
+}
+
+# connect to textmate and send command
+#
+exec 3<> "/dev/tcp/$host/$port"
+
+if [ $? -gt 0 ]; then
+    echo "Unable to connect to TextMate on $host:$port"
+    exit 1
+fi
+
+read -r server_info 0<&3
+
+log $server_info
+
+for i in "${!filepaths[@]}"; do
+    open_file "$i"
+done
+
+echo "." 1>&3
+
+if [[ $nowait = true ]]; then
+    exec </dev/null >/dev/null 2>/dev/null
+    ( (handle_connection &) &)
+else
+    handle_connection
+fi
+
+