{"id":19963683,"url":"https://github.com/cyberark/rpcmon","last_synced_at":"2025-04-05T13:10:00.315Z","repository":{"id":57875091,"uuid":"470571816","full_name":"cyberark/RPCMon","owner":"cyberark","description":"RPC Monitor tool based on Event Tracing for Windows","archived":false,"fork":false,"pushed_at":"2024-08-19T09:48:25.000Z","size":40567,"stargazers_count":341,"open_issues_count":0,"forks_count":35,"subscribers_count":12,"default_branch":"main","last_synced_at":"2025-03-29T12:09:48.172Z","etag":null,"topics":["blueteam","cybersecurity","eventtracing","monitoring-tool","redteam","redteam-tools","research-tool","rpc","rpc-client","rpc-server","security-tools","windows"],"latest_commit_sha":null,"homepage":"","language":"C#","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cyberark.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-03-16T12:24:04.000Z","updated_at":"2025-03-14T23:35:00.000Z","dependencies_parsed_at":"2024-12-23T01:15:11.754Z","dependency_job_id":null,"html_url":"https://github.com/cyberark/RPCMon","commit_stats":null,"previous_names":[],"tags_count":4,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyberark%2FRPCMon","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyberark%2FRPCMon/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyberark%2FRPCMon/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyberark%2FRPCMon/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cyberark","download_url":"https://codeload.github.com/cyberark/RPCMon/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247339158,"owners_count":20923014,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["blueteam","cybersecurity","eventtracing","monitoring-tool","redteam","redteam-tools","research-tool","rpc","rpc-client","rpc-server","security-tools","windows"],"created_at":"2024-11-13T02:16:48.655Z","updated_at":"2025-04-05T13:10:00.299Z","avatar_url":"https://github.com/cyberark.png","language":"C#","readme":"[![GitHub release][release-img]][release]\n[![License][license-img]][license]\n![Downloads][download]\n\n \u003cimg src=\"https://github.com/cyberark/RPCMon/blob/assets/RPCMonLogo.png\" width=\"260\"\u003e   \nA GUI tool for scanning RPC communication through Event Tracing for Windows (ETW).  \nThe tool was published as part of a research on RPC communication between the host and a Windows container.  \n\n## Overview\nRPCMon can help researchers to get a high level view over an RPC communication between processes. It was built like Procmon for easy usage, and uses James Forshaw .NET library for RPC. RPCMon can show you the RPC functions being called, the process who called them, and other relevant information.  \nRPCMon uses a hardcoded RPC dictionary for fast RPC information processing which contains information about RPC modules. It also has an option to build an RPC database so it will be updated from your computer in case some details are missing in the hardcoded RPC dictionary. \n\n\n## Usage\n\nDouble click the EXE binary with **Admin privileges** (\"Run As Administrator\") and you will get the GUI Windows.  \nRPCMon needs a DB to be able to get the details on the RPC functions, without a DB you will have missing information.   \nTo load the DB, press on `DB -\u003e Load DB...` and choose your DB. You can a DB we added to this project: `/DB/RPC_UUID_Map_Windows10_1909_18363.1977.rpcdb.json`.  \n\n## Build\nWhen downloading it from GitHub you might get error of block files, you can use PowerShell to unblock them:  \n```pwoershell\nGet-ChildItem -Path 'D:\\tmp\\PipeViewer-main' -Recurse | Unblock-File\n```\n## Features\n* A detailed overview of RPC functions activity.\n* Build an RPC database to parse RPC modules or use hardcoded database.\n* Filter\\highlight rows based on cells.\n* Bold specific rows.\n\n## Demo  \n\nhttps://user-images.githubusercontent.com/11998736/165285471-e143eebd-bfbf-49a2-8e70-107f083c60fc.mp4\n\n## Credit\nWe want to thank James Forshaw ([@tyranid](https://github.com/tyranid)) for creating the open source [NtApiDotNet](https://github.com/googleprojectzero/sandbox-attacksurface-analysis-tools/tree/main/NtApiDotNet) which allowed us to get the RPC functions.  \n\n## License\nCopyright (c) 2022 CyberArk Software Ltd. All rights reserved  \nThis repository is licensed under  Apache-2.0 License - see [`LICENSE`](LICENSE) for more details.\n\n\n## References:\nFor more comments, suggestions or questions, you can contact Eviatar Gerzi ([@g3rzi](https://twitter.com/g3rzi)) and CyberArk Labs.\n\n[release-img]: https://img.shields.io/github/release/cyberark/RPCMon.svg\n[release]: https://github.com/cyberark/RPCMon/releases\n\n[license-img]: https://img.shields.io/github/license/cyberark/RPCMon.svg\n[license]: https://github.com/cyberark/RPCMon/blob/master/LICENSE\n\n[download]: https://img.shields.io/github/downloads/cyberark/RPCMon/total?logo=github\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcyberark%2Frpcmon","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcyberark%2Frpcmon","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcyberark%2Frpcmon/lists"}