{"id":13841366,"url":"https://github.com/hugsy/CFB","last_synced_at":"2025-07-11T12:31:37.720Z","repository":{"id":39535776,"uuid":"142962198","full_name":"hugsy/CFB","owner":"hugsy","description":"Canadian Furious Beaver is a ProcMon-style tool designed only for capturing IRPs sent to any Windows driver. ","archived":false,"fork":false,"pushed_at":"2024-03-26T02:01:27.000Z","size":7601,"stargazers_count":308,"open_issues_count":2,"forks_count":66,"subscribers_count":16,"default_branch":"main","last_synced_at":"2024-11-09T19:41:31.675Z","etag":null,"topics":["fuzzing","hooking","irp","irp-monitor","kernel","vulnerability-research","windows","windows-driver"],"latest_commit_sha":null,"homepage":"https://hugsy.github.io/CFB/","language":"C++","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/hugsy.png","metadata":{"files":{"readme":"Docs/README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":["hugsy"]}},"created_at":"2018-07-31T04:27:32.000Z","updated_at":"2024-11-01T13:43:03.000Z","dependencies_parsed_at":"2023-12-15T21:48:44.392Z","dependency_job_id":"30a94f34-5965-4ede-8872-21fd16aa5ff1","html_url":"https://github.com/hugsy/CFB","commit_stats":null,"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hugsy%2FCFB","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hugsy%2FCFB/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hugsy%2FCFB/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hugsy%2FCFB/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/hugsy","download_url":"https://codeload.github.com/hugsy/CFB/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225720402,"owners_count":17513597,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["fuzzing","hooking","irp","irp-monitor","kernel","vulnerability-research","windows","windows-driver"],"created_at":"2024-08-04T17:01:09.405Z","updated_at":"2024-11-21T11:30:44.512Z","avatar_url":"https://github.com/hugsy.png","language":"C++","funding_links":["https://github.com/sponsors/hugsy"],"categories":["C++"],"sub_categories":[],"readme":"\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"https://user-images.githubusercontent.com/590234/185767386-46d86e9e-be54-480e-9d18-308b6e028fce.png\" width=\"300px\" alt=\"logo\" /\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://github.com/hugsy/CFB/actions/workflows/build.yml\"\u003e\u003cimg alt=\"Build main\" src=\"https://github.com/hugsy/CFB/actions/workflows/build.yml/badge.svg?branch=main\"/\u003e\u003c/a\u003e\n  \u003ca href=\"https://github.com/hugsy/CFB/actions/workflows/build.yml\"\u003e\u003cimg alt=\"Build dev\" src=\"https://github.com/hugsy/CFB/actions/workflows/build.yml/badge.svg?branch=dev\"/\u003e\u003c/a\u003e\n  \u003ca href=\"https://discord.gg/ey49tNQg\"\u003e\u003cimg alt=\"Discord\" src=\"https://img.shields.io/badge/Discord-CFB-purple\"\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n\n## Idea\n\n**Canadian Furious Beaver** is a distributed tool for capturing IRPs sent to any Windows driver. It operates in 2 parts:\n\n1. the \"Broker\" combines both a user-land agent and a self-extractable driver (`IrpMonitor.sys`) that will install itself on the targeted system. After installing the driver, the broker will expose a TCP port listening (by default, on TCP/1337) and start collecting IRP from hooked drivers. The communication protocol was made to be simple by design (i.e. not secure) allowing any [3rd party tool](https://github.com/hugsy/cfb-cli) to dump the driver IRPs from the same Broker easily (via simple JSON messages).\n\n2. the clients can connect to the broker, and will receive IRPs as a JSON message making it easy to view, or convert to another format.\n\n## Why the name?\n\nBecause I had no idea for the name of this tool, so it was graciously generated by [a script of mine](https://github.com/hugsy/stuff/tree/master/random-word).\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhugsy%2FCFB","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhugsy%2FCFB","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhugsy%2FCFB/lists"}