{"id":39491464,"url":"https://github.com/smallkirby/lysithea","last_synced_at":"2026-01-18T05:36:15.067Z","repository":{"id":45543466,"uuid":"427287908","full_name":"smallkirby/lysithea","owner":"smallkirby","description":"small cute utils for kernel challenges","archived":false,"fork":false,"pushed_at":"2024-04-23T03:21:23.000Z","size":111,"stargazers_count":39,"open_issues_count":6,"forks_count":3,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-11-05T18:30:40.183Z","etag":null,"topics":["ctf-tool","kernel"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/smallkirby.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2021-11-12T08:38:20.000Z","updated_at":"2025-08-26T22:57:32.000Z","dependencies_parsed_at":"2024-04-23T05:12:34.884Z","dependency_job_id":"dcedbd66-0188-4dd1-9bfe-af26521f83dd","html_url":"https://github.com/smallkirby/lysithea","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/smallkirby/lysithea","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/smallkirby%2Flysithea","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/smallkirby%2Flysithea/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/smallkirby%2Flysithea/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/smallkirby%2Flysithea/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/smallkirby","download_url":"https://codeload.github.com/smallkirby/lysithea/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/smallkirby%2Flysithea/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28530955,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-18T00:39:45.795Z","status":"online","status_checked_at":"2026-01-18T02:00:07.578Z","response_time":98,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ctf-tool","kernel"],"created_at":"2026-01-18T05:36:15.003Z","updated_at":"2026-01-18T05:36:15.059Z","avatar_url":"https://github.com/smallkirby.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# lysithea\n\n**which is smaller witch?**\n\n- [lysithea](#lysithea)\n- [It is...](#it-is)\n- [Installation](#installation)\n- [Features](#features)\n  - [Auto logging of exploit history](#auto-logging-of-exploit-history)\n  - [Drothea: small kernel exploitable configuration checker](#drothea-small-kernel-exploitable-configuration-checker)\n  - [Easy misc operations on kernel challenge](#easy-misc-operations-on-kernel-challenge)\n- [Usage](#usage)\n- [Tutorial](#tutorial)\n- [Assumed environment](#assumed-environment)\n\n\n# It is...\n\nSmall cute utils for CTF kernel pwn challenges.  \n\n# Installation\n\nJust exec `install.sh`, which installs required dependencies. All the deps are listed in `build/pkglist.required`.\n\n```install.sh\ngit clone https://github.com/smallkirby/lysithea.git\ncd ./lysithea\n./install.sh\nbash # to enable bash completion\n```\n\n# Features\n\n## Auto logging of exploit history\n\npwning is a repeat of rewriting exploit \u0026 testing it on local. lysithea logs all pwn tries and helps you search QEMU output and associated exploit.\n\n```logging.sh\n$ lysithea local\n[+] starting exploit localy...\nSeaBIOS (version 1.13.0-1ubuntu1.1)\nBooting from ROM..\n.\n/ $ exit\nreboot: System halted\nqemu-system-x86_64: terminating on signal 2\n[+] saving exploit log...\n[master cc01254] [lysithea]\n 1 file changed, 2 insertions(+), 7 deletions(-)\n\n$ lysithea logs\n0       :    Sat Nov 13 23:24:47 2021 +0900\n1       :    Sat Nov 13 22:43:53 2021 +0900\n2       :    Sat Nov 13 22:41:57 2021 +0900\n\n$ lysithea log 0\n[+] starting exploit localy...\nSeaBIOS (version 1.13.0-1ubuntu1.1)\nBooting from ROM..\n.\n/ $ exit\nreboot: System halted\n\n$ lysithea fetch 2 --no-pager  | head\n/****************\n *\n * Full exploit of hogehoge.\n *\n****************/\n\n#define _GNU_SOURCE\n#include \u003cstring.h\u003e\n#include \u003cstdio.h\u003e\n#include \u003cfcntl.h\u003e\n```\n\n\n## Drothea: small kernel exploitable configuration checker\n\n`lysithea` runs `drothea` on target host to check kernel exploitable configuration.  \n\n`drothea` can be executed by POSIX shell such as `ash` (default shell in `busybox`). `drothea` uses its survent `ingrid`, to check some configurations from point of C-view.  \n\n`lysithea` automates execution of `drothea` using QEMU server and named pipes, so you can check configurations just by `lysithea drothea` command in **host** machine.  \n\nTests are now under construction 🚧.\n\n```drothea.sh\n$ lysithea drothea --verbose\n[.] creating temporary QEMU script...\n[.] editing QEMU script...\n[.] creating pipes for Drothea\n[+] starting QEMU...\n[.] waiting boot finishes...\n[+] Boot confirmed.\n[.] clearing pipe...\n[.] success clearing pipe\n===============================\nDrothea v1.0.0\n[!] mmap_min_addr is not 0x10000: 4096\n[!] SMEP is disabled.\n[!] SMAP is disabled.\n[!] unprivileged ebpf installation is enabled.\nIngrid v1.0.0\n[.] userfaultfd is not disabled.\n===============================\n[.] END of drothea\n[.] cleaning Drothea...\n```\n\n\n## Easy misc operations on kernel challenge\n\n`lysithea` helps you extract filesystem, re-compress it, prepare template files on a directory, build exploit for remote execution, and test exploit on local by simple commands.\n\n\n# Usage\n\nFor all up-to-date commands, do `lysithea help` on your host.\n\n\n```help.txt\n$ lysithea help\n[-] config file not found.\nLysithea v1.0.0\n\nUsage:\n  local                         : run QEMU script locally\n  remote                        : run exploit on remote host\n  help                          : show this help\n  version                       : show version info\n  init                          : init the pwn workspace\n  extract                       : extract filesystem\n  build                         : compile exploit for local usage\n  compress                      : compress filesystem\n  error                         : show error description\n  exploit                       : synonym of local\n  logs                          : show list of logs\n  log                           : show QEMU log of given time\n  fetch                         : fetch given time of exploit\n  drothea                       : run kernel configuration checker in QEMU\n  config                        : configure default options interactively\n  memo                          : leave memo for latest exploit log\n  clean                         : clean current directory\n```\n\n# Tutorial\n\nCheck [`TUTORIAL.md`](./docs/TUTORIAL.md) for actual usage example.\n\n# Assumed environment\n\ntested only on Ubuntu.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsmallkirby%2Flysithea","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsmallkirby%2Flysithea","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsmallkirby%2Flysithea/lists"}