{"id":13537942,"url":"https://github.com/justicerage/ffm","last_synced_at":"2025-04-05T20:06:14.015Z","repository":{"id":78113046,"uuid":"136843352","full_name":"JusticeRage/FFM","owner":"JusticeRage","description":"Freedom Fighting Mode: open source hacking harness","archived":false,"fork":false,"pushed_at":"2024-03-21T03:23:25.000Z","size":267,"stargazers_count":337,"open_issues_count":0,"forks_count":49,"subscribers_count":13,"default_branch":"master","last_synced_at":"2025-03-29T18:08:43.875Z","etag":null,"topics":["hacking-harness","information-security","offensive-security"],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/JusticeRage.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2018-06-10T20:41:20.000Z","updated_at":"2025-03-12T07:01:50.000Z","dependencies_parsed_at":null,"dependency_job_id":"cd13006d-9c54-415e-9a5d-443f2720e963","html_url":"https://github.com/JusticeRage/FFM","commit_stats":{"total_commits":114,"total_committers":7,"mean_commits":"16.285714285714285","dds":0.5175438596491229,"last_synced_commit":"a3691438ba969c57dde4963136620ea485a14bf8"},"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JusticeRage%2FFFM","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JusticeRage%2FFFM/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JusticeRage%2FFFM/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JusticeRage%2FFFM/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/JusticeRage","download_url":"https://codeload.github.com/JusticeRage/FFM/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247393569,"owners_count":20931812,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["hacking-harness","information-security","offensive-security"],"created_at":"2024-08-01T09:01:05.095Z","updated_at":"2025-04-05T20:06:13.989Z","avatar_url":"https://github.com/JusticeRage.png","language":"Python","funding_links":[],"categories":["\u003ca id=\"9eee96404f868f372a6cbc6769ccb7f8\"\u003e\u003c/a\u003e新添加的","\u003ca id=\"9eee96404f868f372a6cbc6769ccb7f8\"\u003e\u003c/a\u003e工具"],"sub_categories":["\u003ca id=\"31185b925d5152c7469b963809ceb22d\"\u003e\u003c/a\u003e新添加的"],"readme":"# Freedom Fighting Mode (FFM)\n\nFFM is a hacking harness that you can use during the post-exploitation phase of a red-teaming\nengagement. The idea of the tool was derived from a \n[2007 conference](https://conference.hitb.org/hitbsecconf2007kl/materials/D1T1%20-%20The%20Grugq%20-%20Meta%20Antiforensics%20-%20The%20HASH%20Hacking%20Harness.pdf) \nfrom @thegrugq.\n\nIt was presented at [SSTIC 2018](https://www.sstic.org/2018/) ([video](https://www.sstic.org/2018/presentation/hacking_harness_ffm/)) and the accompanying slide deck is \navailable at [this url](http://manalyzer.org/static/talks/SSTIC2018.pptx). If you're not familiar\nwith this class of tools, it is strongly advised to have a look at them to understand what a\nhacking harness' purpose is. All the comments are included in the slides.\n\nThis project is distributed under the terms of the \n[GPL v3 License](https://www.gnu.org/licenses/gpl.html).\n\n## Full Documentation\nCheck out the full documentation for the tool in this repo:\n- https://ice-wzl.gitbook.io/hacknetics/c2-frameworks/ffm-documentation \n\n## Installation\n### Docker Install\n - With the diversity of modern terminal prompts, we highly recommend using `docker` with this tool.\n - Utilizing the `Dockerfile` in this repository will drastically cut down on potential errors encountered.\n - Utilizing a container to interact with remote hosts is also more secure. If you were to get exploited while interacting with a remote host, they would be sitting in your container vice your actual host.  Lets still hope that does not happen.\n - Ensure you have `Docker` installed on your local system\n ````\n git clone https://github.com/JusticeRage/FFM.git\n cd /FFM\n\n docker build Docker_Install/ -t ffm:ffm\n \n docker image list \n REPOSITORY                TAG         IMAGE ID      CREATED        SIZE\n localhost/ffm             ffm         fb6dd17e3b91  9 minutes ago  614 MB\n docker.io/library/ubuntu  22.04       3b418d7b466a  2 weeks ago    80.3 MB\n \n #run your new container and drop into a /bin/bash prompt as root\n docker run -it --entrypoint /bin/bash -u 0 fb6dd17e3b91\n ````\n - Once in your container set the `passwd` for `root` and `neo`\n - `su neo` and now you are all set \n### Non Docker Install\n- Not recommended\n````\n git clone https://github.com/JusticeRage/FFM.git\n cd /FFM\n pip install -r requirements.txt\n````\n\n## Usage\n\nThe goal of a hacking harness is to act as a helper that automates common tasks during the \npost-exploitation phase, but also safeguards the user against mistakes they may make.\n\nIt is an instrumentation of the shell. Run `./ffm.py` to activate it and you can start working\nimmediately. There are two commands you need to know about:\n\n- Type `!list` to display all the commands provided by the harness.\n- Type `!list tags` to see the differnt tags that commands can be binned under\n````\n!list tags\nList of commands available:\n\t enumeration\n\t execution\n\t help\n\t stealth\n\t transfer\n````\n- You can now type `!list enumeration` (or one of the other tags) to see commands that fall into that category.\n````\n!list enumeration\nList of commands available:\n\t!backup-hunter: Hunts for backup files\n\t!info: Returns CPU(s), Architecture, Memory, and Kernel Verison for the current machine.\n\t!log: Toggles logging the harness' input and output to a file.\n\t!mtime: Returns files modified in the last X minutes\n\t!os: Prints the distribution of the current machine.\n\t!db-hunter: Hunts for .sqlite, .sqlite3, and .db files\n\t!sshkeys: Hunts for Private and Public SSH keys on the current machine.\n\t!suid: Finds SUID, SGID binaries on the current machine.\n\t--snip--\n\n````\n- Type `SHIFT+TAB` to perform tab completion on the local machine. This may be useful if you're\nssh'd into a remote computer but need to reference a file that's located on your box.\n\n## List of features\n\nThis hacking harness provides a few features that are described below. As they are described, \nthe design philosophy behind the tool will also be introduced. It is not expected that all\nthe commands implemented in FFM will suit you. Everyone has their own way of doing things, and\ntuning the harness to your specific need is likely to require you to modify some of the code\nand/or write a few plugins. A lot of effort went into making sure this is a painless task.\n\n## Commands\n\n### Enumeration Commands\n* `!os` is an extremely simple command that just runs `cat /etc/*release*` to show what OS\nthe current machine is running. It is probably most valuable as a demonstration that in the\ncontext of a hacking harness, you can define aliases that work across machine boundaries.\nSSH into any computer, type `!os` and the command will be run. This plugin is located in \n`commands/replacement_commands.py` and is a good place to start when you want to learn about\nwriting plugins.\n* `!backup-hunter` Hunts for backup files\n* `!info` Returns CPU(s), Architecture, Memory, and Kernel Verison for the current machine.\n* `!log` Toggles logging the harness' input and output to a file.\n* `!mtime` Returns files modified in the last X minutes. For example `!mtime 5` will get all files on the local machine (that you have rights to see) that have been modified in the last 5 minutes\n* `!db-hunter` Hunts for .sqlite, .sqlite3, and .db files and other database files\n* `!sshkeys` Hunts for Private and Public SSH keys on the current machine.\n* `!suid` Finds SUID, SGID binaries on the current machine.\n* `!strange-dirs` Checks device starting at user specified path for strange directories on a host\n* `!sudo-version` Checks for a vulnerable sudo version\n* `!vm` Checks if device is a Virtual Machine\n\n### Transfer Commands\n- Commands that help you pull and push files, pretty straight forward.\n* `!download [remote file] [local path]` gets a file from the remote machine and copies it\nlocally through the terminal. This command is a little more complex because more stringent\nerror checking is required but it's another plugin you can easily read to get started.\nYou can find it in `commands/download_file.py`. Note that it requires `xxd` or `od` on the remote\nmachine to function properly.\n* `!upload [local file] [remote path]` works exactly the same as the previous command, \nexcept that a local file is put on the remote machine.\n\n\n### Execution Commands \n\n* `!sh [local script]` Runs a shell script from the local machine in memory.\n* `!py [local script]` executes a local Python script on the remote machine, and does so\n*entirely in memory*. Check out my \n[other repository](https://github.com/JusticeRage/freedomfighting) for scripts you might\nwant to use. This commands uses a multiline syntax with `\u003c\u003c`, which means that pseudo-shells\nthat don't support it (Weevely is a good example of that) will break this command quite badly.\n* `!py3 [local script]` does the exact same thing except for system with python3 \n* `!elf3 [local script]` Runs an executable from the local machine in memory, requires python3 on the remote machine.\n* `!elf [local script]` Runs an executable from the local machine in memory, requires python2.7 on remote machine.\n\n### Stealth Commands \n- I am fully aware these two modules are the opposite of \"stealthy\" but it is where they are currently placed until an alternative location can be worked out.  This stealth category will more than likely contain commands that help you blend in better in addition to those commands that might make you stick out.\n* `!pty` spawns a TTY, which is something you don't want in most cases because it tends to \nleave forensics evidence. However, some commands (`sudo`) or exploits require a TTY to run\nin so this is provided as a convenience. `UNSET HISTFILE HISTFILESIZE HISTSIZE PROMPT_COMMAND` is passed to it as soon as it\nspawns, along with `export TERM=xterm`\n* `!sudo` Invoke sudo without a TTY.\n\n\nPlugins can be further configured by editing `ffm.conf`.\n\n### Processors\n\nConceptually, commands (as described above) are used to generate some bash which is forwarded\nto the shell. They can perform more complex operations by capturing the shell's output and \ngenerating additional instructions based on what is returned.\nProcessors are a little different as they are rather used to rewrite data circulating between\nthe user and the underlying bash process. While it is true that any processor could be rewritten\nas a command, it seemed a little cleaner to separate the two. Input processors work on whatever\nis typed by the user once they press the `ENTER` key, and output processors can modify anything\nreturned by the shell.\n\n* A good processor example can be found in `processors/ssh_command_line.py`. All it does is add\nthe `-T` option to any SSH command it sees if it is missing. Be sure to check out its simple \ncode if you are interested in writing a processor.\n* Another input processor present in the framework, `processors/assert_torify.py`, contains a\nblacklist of networking commands (`ssh`, `nc`) and blocks them if they don't seem to be proxied\nthrough a tool such as `torify`. The harness does its best to only bother the user if it seems\nlike the command is being run on the local machine. Obviously this should not be your only\nsafeguard against leaking your home IP address.\n* Finally, `processors/sample_output_processor.py` is a very simple output processor that \nhighlights in red any occurrence of the word \"password\". As it's quite useless, it's not enabled\nin the framework but you can still use it as a starting point if you want to do something more \nsophisticated.\n\n## Known issues\n\n`CTRL+R` is not implemented yet and we all miss it dearly.\n\nMore problematic is the fact that the framework hangs from time to time. In 99% of the cases,\nthis happens when it fails to detect that a command it launched has finished running. Usually,\nthis means that the command prompt of the machine you're logged into could not be recognized\nas such. In that case, you can try improving the regular expression located at the very\nbeginning of the file `ffm.py`, or log into that same machine with `ssh -T` as there won't be\nany problematic prompt anymore. \nBy default, FFM will give up on trying to read the output of a command after 5 minutes (some\nplugins may implement different timeouts); so if the framework hangs, you'll need to wait\nuntil you see an error message (though if the underlying process is still running, you may\nstill not be able to type in commands).\n\n## Closing statement\n\nI think I've covered everything about this tool. Again, it's a little different from what I\nusually release as most people will probably need to modify it before it can be valuable to\nthem.\n\nMany plugins have yet to be written, so be sure to share back any improvements you make to\nFFM. Feel free to open issues not only for bugs, but also if you're trying to do something\nand can't figure out how; this way I'll be able to improve the documentation for everyone.\n\n### To Do\n- Directory download module\n- Single file encryption module\n\n### Contact\n[![](https://manalyzer.org/static/mail.png)](justicerage@manalyzer[.]org)\n[![](https://manalyzer.org/static/twitter.png)](https://twitter.com/JusticeRage)\n[![](https://manalyzer.org/static/gpg.png)](https://pgp.mit.edu/pks/lookup?op=vindex\u0026search=0x40E9F0A8F5EA8754)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjusticerage%2Fffm","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjusticerage%2Fffm","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjusticerage%2Fffm/lists"}