{"id":13685860,"url":"https://github.com/elfmaster/saruman","last_synced_at":"2025-05-01T04:32:30.220Z","repository":{"id":22647954,"uuid":"25990962","full_name":"elfmaster/saruman","owner":"elfmaster","description":"ELF anti-forensics exec, for injecting full dynamic executables into process image (With thread injection)","archived":false,"fork":false,"pushed_at":"2018-03-14T22:44:38.000Z","size":16,"stargazers_count":127,"open_issues_count":1,"forks_count":43,"subscribers_count":11,"default_branch":"master","last_synced_at":"2024-11-12T07:38:44.106Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/elfmaster.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2014-10-30T21:43:32.000Z","updated_at":"2024-09-21T11:03:25.000Z","dependencies_parsed_at":"2022-07-27T16:33:29.169Z","dependency_job_id":null,"html_url":"https://github.com/elfmaster/saruman","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/elfmaster%2Fsaruman","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/elfmaster%2Fsaruman/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/elfmaster%2Fsaruman/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/elfmaster%2Fsaruman/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/elfmaster","download_url":"https://codeload.github.com/elfmaster/saruman/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":251824684,"owners_count":21649911,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-02T14:00:58.136Z","updated_at":"2025-05-01T04:32:29.933Z","avatar_url":"https://github.com/elfmaster.png","language":"C","funding_links":[],"categories":["Awesome Repositories","Tools","\u003ca id=\"bd015dd7245b420dca75a267133ddce3\"\u003e\u003c/a\u003e反取证"],"sub_categories":["ELF VX technology","Hiding process"],"readme":"Saruman v0.1 (Ryan O'Neill) elfmaster@zoho.com\n\nType make to compile launcher (It will also try to compile a parasite.c file which\nis for you too supply). Make sure your parasite executable is compiled -fpic -pie\n\n./launcher \u003cpid\u003e \u003cparasite_executable\u003e \u003cparasite_args, [arg1, arg2, argN]\u003e \n\nNOTE: In this version Saruman doesn't yet support injecting a program that requires command line args\nbecause it is early POC. So \u003cparasite_args\u003e will not actually accept args yet.\n\n./launcher --no-dlopen \u003cpid\u003e \u003cparasite_executable\u003e\n\nWhen using --no-dlopen it uses a more stealth technique of loading the executable\nso that it doesn't show up as /path/to/parasite.exe in the /proc maps file.\nCurrently this has some bugs and won't work with more complex parasites (To be fixed)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Felfmaster%2Fsaruman","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Felfmaster%2Fsaruman","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Felfmaster%2Fsaruman/lists"}