Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/elfmaster/saruman
ELF anti-forensics exec, for injecting full dynamic executables into process image (With thread injection)
https://github.com/elfmaster/saruman
Last synced: 2 months ago
JSON representation
ELF anti-forensics exec, for injecting full dynamic executables into process image (With thread injection)
- Host: GitHub
- URL: https://github.com/elfmaster/saruman
- Owner: elfmaster
- Created: 2014-10-30T21:43:32.000Z (about 10 years ago)
- Default Branch: master
- Last Pushed: 2018-03-14T22:44:38.000Z (almost 7 years ago)
- Last Synced: 2024-08-03T14:09:58.633Z (6 months ago)
- Language: C
- Size: 15.6 KB
- Stars: 128
- Watchers: 11
- Forks: 43
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-anti-forensic - Saruman - forensics exec, for injecting full dynamic executables into process image (With thread injection). (Tools / Hiding process)
README
Saruman v0.1 (Ryan O'Neill) [email protected]
Type make to compile launcher (It will also try to compile a parasite.c file which
is for you too supply). Make sure your parasite executable is compiled -fpic -pie
./launcher
NOTE: In this version Saruman doesn't yet support injecting a program that requires command line args
because it is early POC. So will not actually accept args yet.
./launcher --no-dlopen
When using --no-dlopen it uses a more stealth technique of loading the executable
so that it doesn't show up as /path/to/parasite.exe in the /proc maps file.
Currently this has some bugs and won't work with more complex parasites (To be fixed)